# Need help removing Incredibar



## JPSeabury (Mar 8, 2012)

My computer has become infected by Incredibar, which as best as I can tell, redirects all searches made through Google search. Whenever I load Google to search, the search pulls up the Incredibar search helper.

I'm not sure exactly when the computer picked it up, but the computer is shared with teenagers -- who aren't as careful about sites they visit (or apps they download) as I might be. I only noticed it last night after updating Java.

I'm having a problem with random blue screen / system crashes for the past several weeks. At first, it only happened while playing Star Wars: The Old Repbulic. I chalked it up to a newly released game bugs. But last night it happened while running a full scan with MalwareBytes, so it's not just the game.

*Here is my SysInfo:*
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+, x64 Family 15 Model 67 Stepping 3
Processor Count: 2
RAM: 2047 Mb
Graphics Card: LogMeIn Mirror Driver, 3 Mb
Hard Drives: C: Total - 238472 MB, Free - 16963 MB;
Motherboard: alienware, alienware
Antivirus: Norton Security Suite, Updated and Enabled

*HiJack This! Output:*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:40 AM, on 3/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Dad\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\IDrive\IDriveETray.exe
C:\IDrive\IDriveEBackground.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dad\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Users\Dad\AppData\Local\Temp\E_SCD7B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2667325299-3958078736-2706873873-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2667325299-3958078736-2706873873-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\IDrive\IDriveE Service.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 9989 bytes

*DDS by sUBs Output:*

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7601.17514
Run by Dad at 7:12:38 on 2012-03-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2048.393 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\IDrive\IDrivePlugin.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Dad\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\IDrive\IDriveETray.exe
C:\IDrive\IDriveEBackground.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Dad\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\users\dad\appdata\local\temp\E_SCD7B.tmp" /EF "HKCU"
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [Google Update] "c:\users\dad\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\dad\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idrive\IDriveEReg2ini.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3BE8621B-96BC-4B6F-80A2-EF1A4379D2BD} : DhcpNameServer = 75.75.75.75 75.75.76.76
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120302.001\BHDrvx86.sys [2012-3-2 820856]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-7-16 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120307.002\IDSvix86.sys [2012-3-7 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502000.00d\symnets.sys [2012-2-7 299640]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2011-9-7 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2011-9-7 121856]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-2-12 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-7 652360]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-15 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-3 428640]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-3-3 20448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-7 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-7-15 139368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2011-7-15 157128]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-7 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-18 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-17 1343400]
.
=============== Created Last 30 ================
.
2012-03-08 03:44:04	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-08 03:30:00	--------	d-----w-	c:\users\dad\appdata\roaming\Malwarebytes
2012-03-08 03:29:43	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-08 03:29:42	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-08 03:29:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-03 19:36:39	--------	d-----w-	c:\users\dad\appdata\local\Logitech
2012-02-27 01:42:46	--------	d-----w-	c:\users\dad\appdata\roaming\.techniclauncher
2012-02-23 21:23:38	4448256	----a-w-	c:\windows\system32\GPhotos.scr
2012-02-14 18:27:12	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-14 18:27:09	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-14 18:27:06	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-14 18:26:59	981504	----a-w-	c:\windows\system32\wininet.dll
2012-02-14 18:26:59	860672	----a-w-	c:\program files\internet explorer\iedvtool.dll
2012-02-14 18:26:58	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-14 18:26:58	163328	----a-w-	c:\program files\internet explorer\ieproxy.dll
2012-02-14 18:26:56	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-12 18:32:08	--------	d-----w-	c:\users\dad\appdata\local\LogMeIn
2012-02-12 18:31:58	52096	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-12 18:31:58	30592	----a-w-	c:\windows\system32\LMIport.dll
2012-02-12 18:31:57	83360	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-02-12 18:31:57	47640	----a-w-	c:\windows\system32\drivers\LMIRfsDriver.sys
2012-02-12 18:31:53	87424	----a-w-	c:\windows\system32\LMIinit.dll
2012-02-12 18:31:49	--------	d-----w-	c:\programdata\LogMeIn
2012-02-12 18:31:33	--------	d-----w-	c:\program files\LogMeIn
2012-02-08 00:04:39	744568	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-02-08 00:04:39	516216	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-02-08 00:04:39	50168	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-02-08 00:04:39	340088	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-02-08 00:04:39	299640	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-02-08 00:04:39	136312	----a-r-	c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-02-08 00:04:27	--------	d-----w-	c:\windows\system32\drivers\n360\0502000.00D
.
==================== Find3M ====================
.
2012-03-08 02:51:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-15 03:03:11	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 7:14:23.46 ===============

*ARK.TXT INFO*
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-08 19:08:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000067 ST325041 rev.3.AA
Running: GMER.exe.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kwlorpow.sys

---- System - GMER 1.0.15 ----

SSDT 877C89E8 ZwAlertResumeThread
SSDT 871D3A10  ZwAlertThread
SSDT 871D0AA0 ZwAllocateVirtualMemory
SSDT 86A3DD70 ZwAlpcConnectPort
SSDT 873113B8 ZwAssignProcessToJobObject
SSDT 87813650 ZwCreateMutant
SSDT 873110D8 ZwCreateSymbolicLinkObject
SSDT 8719B110 ZwCreateThread
SSDT 873111C8 ZwCreateThreadEx
SSDT 87311478 ZwDebugActiveProcess
SSDT 876E1128 ZwDuplicateObject
SSDT 871C88F0 ZwFreeVirtualMemory
SSDT 8780C448 ZwImpersonateAnonymousToken
SSDT 871D7200 ZwImpersonateThread
SSDT 86A1B110 ZwLoadDriver
SSDT 871A2110 ZwMapViewOfSection
SSDT 87813590 ZwOpenEvent
SSDT 876AF128 ZwOpenProcess
SSDT 871D59F0 ZwOpenProcessToken
SSDT 87813410 ZwOpenSection
SSDT 876C8128 ZwOpenThread
SSDT 873112C8 ZwProtectVirtualMemory
SSDT 8777FA58 ZwResumeThread
SSDT 871C8E58 ZwSetContextThread
SSDT 866EC790 ZwSetInformationProcess
SSDT 878133D8 ZwSetSystemInformation
SSDT 878134D0 ZwSuspendProcess
SSDT 871DA080 ZwSuspendThread
SSDT 86AEA9F8 ZwTerminateProcess
SSDT 871D1990 ZwTerminateThread
SSDT 86682EA8 ZwUnmapViewOfSection
SSDT 871D0278 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83045369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 83085D90 8 Bytes CALL 938FDA1E \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation)
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83085DA8 4 Bytes [A0, 0A, 1D, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83085DB4 4 Bytes [70, DD, A3, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83085E08 4 Bytes [B8, 13, 31, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83085E84 4 Bytes [50, 36, 81, 87]
.text ... 
? C:\Users\Dad\AppData\Local\Temp\mbr.sys  The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 1A, 00] {SUB [EAX], AL; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 1A, 00] {SUB [EBX], AL; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 1A, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 1A, 00] {TEST AL, 0x1; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B277A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 1A, 00] {TEST AL, 0x2; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 1A, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 1A, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B27835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 1A, 00] {TEST AL, 0x0; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B279F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 1A, 00] {SUB [ECX], AL; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 1A, 00] {SUB [EDX], AL; SBB AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 1A, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B299A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B29A35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B29BF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 10, 00] {SUB [EAX], AL; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 10, 00] {SUB [EBX], AL; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 10, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenProcess + 6  77B25D8E 4 Bytes [A8, 01, 10, 00] {TEST AL, 0x1; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B26DA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 10, 00] {TEST AL, 0x2; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 10, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 10, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B26E35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 10, 00] {TEST AL, 0x0; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B26FF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 10, 00] {SUB [ECX], AL; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 10, 00] {SUB [EDX], AL; ADC [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 10, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2672] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 3C, 00] {SUB [EAX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 3C, 00] {SUB [EBX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 3C, 00] {TEST AL, 0x1; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B299A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 3C, 00] {TEST AL, 0x2; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B29A35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 3C, 00] {TEST AL, 0x0; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B29BF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 3C, 00] {SUB [ECX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 3C, 00] {SUB [EDX], AL; CMP AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 3C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B27AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B27B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B27CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 1D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 31, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B28EA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 31, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 31, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B28F35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B290F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 31, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 0C, 00] {SUB [EAX], AL; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 0C, 00] {SUB [EBX], AL; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 0C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 0C, 00] {TEST AL, 0x1; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B269A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 0C, 00] {TEST AL, 0x2; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 0C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 0C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B26A35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 0C, 00] {TEST AL, 0x0; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B26BF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 0C, 00] {SUB [ECX], AL; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 0C, 00] {SUB [EDX], AL; OR AL, 0x0}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 0C, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[4064] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 22, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B27FA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 22, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 22, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B28035 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B281F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 22, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[5760] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B28AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B28B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B28CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 2D, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6012] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + 6 77B255CE 4 Bytes [28, 00, 38, 00] {SUB [EAX], AL; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + B 77B255D3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 1 Byte [28]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77B25C2E 4 Bytes [28, 03, 38, 00] {SUB [EBX], AL; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + B 77B25C33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + 6 77B25CDE 4 Bytes [68, 00, 38, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + B 77B25CE3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + 6 77B25D8E 4 Bytes [A8, 01, 38, 00] {TEST AL, 0x1; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + B 77B25D93 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + 6 77B25D9E 4 Bytes CALL 76B295A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + B 77B25DA3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + 6 77B25DAE 4 Bytes [A8, 02, 38, 00] {TEST AL, 0x2; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + B 77B25DB3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + 6 77B25E0E 4 Bytes [68, 01, 38, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + B 77B25E13 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + 6 77B25E1E 4 Bytes [68, 02, 38, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + B 77B25E23 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + 6 77B25E2E 4 Bytes CALL 76B29635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + B 77B25E33 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + 6 77B25F3E 4 Bytes [A8, 00, 38, 00] {TEST AL, 0x0; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + B 77B25F43 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + 6 77B25FEE 4 Bytes CALL 76B297F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + B 77B25FF3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + 6 77B2663E 4 Bytes [28, 01, 38, 00] {SUB [ECX], AL; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + B 77B26643 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + 6 77B2669E 4 Bytes [28, 02, 38, 00] {SUB [EDX], AL; CMP [EAX], AL}
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + B 77B266A3 1 Byte [E2]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 1 Byte [68]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 77B269BE 4 Bytes [68, 03, 38, 00]
.text C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + B 77B269C3 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I am working on the Ark.txt scan, but it's taking a lot longer than 3 minutes (37 minutes and counting, so far). I will reply to this thread when I have it.


----------



## JPSeabury (Mar 8, 2012)

And I'm a total noob, apparently, because I can't see how to attach the Attach.txt file as an attachment. Coach me, please?


----------



## Deejay100six (Sep 27, 2011)

Hi, and welcome to TSG.

Hit the reply button directly underneath this post and scroll down the page. You will see a button named Manage Attachments. Click that and a new window will open. Use the browse button to navigate to the file you wish to attach. Then click open and upload.

Remember, you are only attaching attach.txt. Ark.txt should be copy/pasted.


----------



## JPSeabury (Mar 8, 2012)

Attach.txt ... attached!


----------



## Deejay100six (Sep 27, 2011)

Hi and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that *all* my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.


----------



## Deejay100six (Sep 27, 2011)

Hi, my name is Dave and I will be helping you to clean any malware which may be present on your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does *NOT* mean that your system is clean.
If there is anything you don't understand, please ask *BEFORE* proceeding with the fixes.
Please ensure that you follow the instructions in the order I have them listed.
Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into your thread. If the logs are too big to post in one reply, please feel free to use more posts. Do *NOT* add them as attachments unless specifically instructed.
If I don't hear from you within *3 days* from this initial or any subsequent post, I will have to unsubscribe from this thread, which means I will not recieve notifications of any further replies and will move on to assist someone else.

*------------------------------------------------------------------------------------------------------*

*LogMeIn and GoToMeeting 4.8.0.723* - This kind of software is designed to enable a remote connection to your PC from another. Some of our tools will remove these programs as a matter of course because they are often installed without the users knowledge by malware. If you installed these programs intentionally and would prefer to keep them, make a note of any settings and as they are free downloads, you can reinstall them after we are done. If you didn't install them intentionally and wish me to remove them, please let me know.

*------------------------------------------------------------------------------------------------------*

*McAfee Security Scan* - I believe this was probably installed because of a failure to notice a tick box allowing you to opt out of bundled software possibly during a Flash Player Update or something similar. You should uninstall it now via Control Panel >> Programs and Features >> Uninstall a Program to avoid conflicts with your existing antivirus program.

*------------------------------------------------------------------------------------------------------*

*Combofix*

We will begin with *ComboFix.exe*. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Please read all the information carefully!*

*You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.*

Please include the log *C:\ComboFix.txt* in your next reply for further review.

*Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.*


----------



## JPSeabury (Mar 8, 2012)

Thanks, Dave ... you're not going to be happy with my inability to follow directions. =)

I downloaded ComboFix, but forget to move it to my desktop. I ran it from the directory that Chrome downloads to by default (c:\users\Dad\Downloads). I hope this didn't mess things up terribly, please let me know if I need to move it to desktop and run it again.

Also, I thought I had properly disabled Malware Bytes and Norton AV. ComboFix showed a warning that Norton AV was still running, so I disabled it a 2nd time.

On the plus side, the first search I ran (to search for these forums, after ComboFix ran) did not have any Intellibar pop-ups. So perhaps I'm in the clear, despite my bad direction following?

Here is the log:

ComboFix 12-03-11.01 - Dad 03/11/2012 20:21:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2048.1131 [GMT -4:00]
Running from: c:\users\Dad\Downloads\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dad\AppData\Local\assembly\tmp
c:\users\Dad\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 00:32 . 2012-03-12 00:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-12 00:32 . 2012-03-12 00:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-08 03:44 . 2012-03-08 03:44	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-08 03:30 . 2012-03-08 03:30	--------	d-----w-	c:\users\Dad\AppData\Roaming\Malwarebytes
2012-03-08 03:29 . 2012-03-08 03:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-08 03:29 . 2012-03-08 03:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-08 03:29 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-08 02:51 . 2012-03-08 02:51	--------	d-----w-	c:\program files\Common Files\Java
2012-03-03 19:36 . 2012-03-03 19:37	--------	d-----w-	c:\users\Dad\AppData\Local\Logitech
2012-02-27 01:42 . 2012-03-11 20:18	--------	d-----w-	c:\users\Dad\AppData\Roaming\.techniclauncher
2012-02-23 21:23 . 2012-02-23 21:23	4448256	----a-w-	c:\windows\system32\GPhotos.scr
2012-02-14 18:27 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-14 18:27 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-14 18:27 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-14 18:26 . 2011-12-16 07:54	981504	----a-w-	c:\windows\system32\wininet.dll
2012-02-14 18:26 . 2011-12-16 07:52	860672	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-02-14 18:26 . 2011-12-16 07:52	163328	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-02-14 18:26 . 2011-12-16 06:09	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-14 18:26 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-12 18:32 . 2012-02-12 18:32	--------	d-----w-	c:\users\Dad\AppData\Local\LogMeIn
2012-02-12 18:31 . 2012-02-01 02:30	52096	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-12 18:31 . 2012-02-01 02:30	30592	----a-w-	c:\windows\system32\LMIport.dll
2012-02-12 18:31 . 2012-02-01 02:30	83360	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-02-12 18:31 . 2011-09-16 19:10	47640	----a-w-	c:\windows\system32\drivers\LMIRfsDriver.sys
2012-02-12 18:31 . 2012-02-01 02:30	87424	----a-w-	c:\windows\system32\LMIinit.dll
2012-02-12 18:31 . 2012-03-11 05:51	--------	d-----w-	c:\programdata\LogMeIn
2012-02-12 18:31 . 2012-02-12 20:37	--------	d-----w-	c:\program files\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 02:51 . 2011-10-01 19:21	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-15 03:03 . 2011-07-17 10:38	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-30 00:55 . 2011-12-30 00:55	53248	----a-r-	c:\users\Dad\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2011-7-15 304584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-2-15 4720200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2011-06-24 157128]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-08 40776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-16 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [2012-03-02 820856]
S1 GIDv2;GIDv2; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvix86.sys [2012-03-06 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\Ironx86.SYS [2010-11-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502000.00D\SYMNETS.SYS [2011-04-21 299640]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2012-02-15 65096]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-01 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-03-04 20448]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26	435976	----a-w-	c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667325299-3958078736-2706873873-1000Core.job
- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:12]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2667325299-3958078736-2706873873-1000UA.job
- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-11 20:42:08
ComboFix-quarantined-files.txt 2012-03-12 00:42
.
Pre-Run: 19,085,578,240 bytes free
Post-Run: 22,539,169,792 bytes free
.
- - End Of File - - F69361C3E811BF9E21699B7DA6F475D3


----------



## Deejay100six (Sep 27, 2011)

Hi,

Apologies for the delay. Real life things made a really busy day for me today and also, I haven't been well. Should have a response for you early tomorrow evening.

Thanks for your patience.


----------



## JPSeabury (Mar 8, 2012)

It's just as well that you are late in viewing it ... because I spoke too soon in my previous post: incredibar is still redirecting my search engine results. Take your time with the response, and more importantly, feel better soon.


----------



## Deejay100six (Sep 27, 2011)

Hi,



> Thanks, Dave ... you're not going to be happy with my inability to follow directions. =)
> 
> I downloaded ComboFix, but forget to move it to my desktop. I ran it from the directory that Chrome downloads to by default (c:\users\Dad\Downloads). I hope this didn't mess things up terribly, please let me know if I need to move it to desktop and run it again.


No, thats ok, we only instruct that it be saved to your desktop because it makes things easier for you if we have to run any scripts from Combofix.

I'm not seeing anything malicious or related to Incredibar in your logs but we'll run a couple more scans just to be sure.

I notice that you have Malwarebytes Antimalware (MBAM) installed
I want you to run a scan for me.
First I want you to *update MBAM* so we have the latest definitions onboard.....

Please open Malwarebytes Antimalware
Now click on the *update tab*
Next - Click on the *Check for updates* button


_If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install._
On the Scanner tab:
Make sure the "*Perform Quick Scan*" option is selected.
Then click on the *Scan* button.

The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the *Start Scan* button.
The scan will begin and "_Scan in progress_" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "_The scan completed successfully. Click 'Show Results' to display all objects found_".
Click *OK* to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the *Show Results* button to see a list of any malware that was found.
Make sure that *everything is checked*, and click *Remove Selected*.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. _(see Note below)_
The log is automatically saved and can be viewed by clicking the *Logs* tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
_*Note*: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware._


----------



## Deejay100six (Sep 27, 2011)

Hi, do you still require assistance?

If you do not reply within *24 hours* I will have to *unsubscribe* from this thread and wont be notified about any new replies.


----------



## JPSeabury (Mar 8, 2012)

Sorry, I think I got your sickness, whatever it was. But I'm feeling better now. =)

I updated MBAM and ran it. Malware Bytes detected no problems (see log below). Search requests are still being redirected by Incredibar and the wiufe complains that the computer runs sluggish.

Any other thoughts?

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Dad :: DAD-SEATV [administrator]

Protection: Enabled

3/16/2012 9:56:30 PM
mbam-log-2012-03-16 (21-56-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237073
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## JPSeabury (Mar 8, 2012)

I think I may have resolved this. Here's what I did:

1.) With Chrome running, clicked Toolbar > Tools > Extensions Basics
2.) In the "Search" section, I noticed that "MyStart Incredibar" was listed as the default Search engine. I changed the Search drop-down option back to "Google"
3.) Clicked "Manage Search Engines", removed "MyStart Incredibar" as an available search engine option.
4.) Cleared all browsing data (history, cache, downloaded data, cookies, site data, etc.
5.) Closed Chrome, restarted Chrome, did a search ... *success*! It was not redirected by MyStart Incredibar.

I'm optimistic, but let me know if there's anything else you see in the logs that concerns you, or if there are any other tests you think I should run.


----------



## Deejay100six (Sep 27, 2011)

Hi,

Good work! :up:

We'll just run this last scan to make sure theres nothing else lurking and then give it 24hrs or so to make sure the redirecting has definitely gone.

Go *here* to run an online scannner from ESET.


*Note:* You will need to use *Internet explorer* for this scan
*Vista or Windows 7 users, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.*
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click *Scan*
Wait for the scan to finish
Use *notepad* to open the logfile located at *C:\Program Files\EsetOnlineScanner\log.txt*
Copy and paste that log in your next reply.


----------



## JPSeabury (Mar 8, 2012)

It's not a large file, and the on-screen results indicated No Threats Found.

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK


----------



## Deejay100six (Sep 27, 2011)

Hi,

Looking good. 

This small program will check whether all your software is up to date.

Download *Security Check* by screen317 from here or here.


Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## Deejay100six (Sep 27, 2011)

Hi, do you still require assistance?

If you do not reply within *24 hours* I will have to *unsubscribe* from this thread and wont be notified about any new replies.


----------

