Author Topic: IEAT Hooks. Unsure if problematic.  (Read 6852 times)

0 Members and 3 Guests are viewing this topic.

September 29, 2015, 01:53:03 AM

tactora

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
IEAT Hooks. Unsure if problematic.
« on: September 29, 2015, 01:53:03 AM »
Did a scan with several malware/antivirus programs since my computer has begun acting a bit sluggish.
Not long ago I had a DNSunlocker on my computer, though Windows Defender found it.
Roguekiller found these hooks tied to chrome, and I'm concerned on whether or not they could be causing the current sluggish behaviour.

Here is the scan results :

RogueKiller V10.10.7.0 (x64) [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tyler [Administrator]
Started from : C:\Users\Tyler\Documents\PC Fixes, and other shit\RogueKillerX64.exe
Mode : Scan -- Date : 09/28/2015 19:30:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

¤¤¤ Antirootkit : 21 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - .


$ : Unknown @ 0x1003c9db6 (jmp 0x3fe9cd)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll -


$ : Unknown @ 0xe7ce9fe (call 0x80e79)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - Óï‹L$|ƒÂ    Ïω|$d‹{ ‹L$d‰‹K ‹|$hƒÁ)ú‰K ‹|$pˆÁ‰;¿ : Unknown @ 0x1c8e768b (call 0xa0fe)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - o : Unknown @ 0x102445ba (jmp 0xffffffed)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - üèôÄ   ×÷uý Sbú‰ýþ#`öû
&+û›ôí ûøÁùu íö/þ ¸ý›öø …ûûÃBÄÿàù}` —üIú³$Áþû™7²ÿÇøúuüIýËJüÞú…íø<ÿ ºýÊù<—÷»öì!“±ø®ü¥ ´   •öôút,?ÿqûà¡ : Unknown @ 0xffffffffe8a232ad (call 0xe80dad17)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - o<SfoáfØÈfØÄfëÁfoÊfØÔfØáfëâfoÖfØ÷fØúfëþfoõfØêfØÖfëÕfÞÄfÞ×fÞÂfo<foáfo×fØÊfØüfëÏfÞÁfo8foïfoÞfØûfØõfëþfïöfÞÇfÞÏfØD$fØL$ ftÆftÎfL$0foúfoÍfØÑfØïfëÕfÜÒfoôfoëfØåfØÞfëãfïÛfÛ%à‰jfsÔfÜâfØ$$ftãfÛÄfoÑfoç : Unknown @ 0x5f68ea8d (call 0x5ec43e07)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - Ö : Unknown @ 0x38e8113 (jmp 0x2c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - ‹D$4‰kÙîÙɉ‰D$0Ýéßà€äE€ü@…Í : Unknown @ 0x84d89ad (jmp 0x6c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - |$d‹{ ‹L$d‰‹K ‹|$hƒÁ)ú‰K ‹|$pˆÁ‰;¿ : Unknown @ 0x18168493 (jmp 0x2)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - ÿé–ñÿÿÇD$< : Unknown @ 0x305f17b4 (call 0x28088ea8)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - Ö : Unknown @ 0xffffffffc4a46af2 (jmp 0xa81f45ef)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - Ö : Unknown @ 0xffffffff977c93f2 (jmp 0x869010f1)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - Ö : Unknown @ 0x1040d918 (jmp 0xc)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll - Ö : Unknown @ 0x857f6332 (jmp 0x68f24b15)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avcodec-54.dll) avutil-51.dll -


$ : Unknown @ 0x1003ba431 (call 0x3f0044)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avformat-54.dll) avcodec-54.dll - avpriv_frame_rate_tab : Unknown @ 0x827ed674 (jmp 0x18000008)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avformat-54.dll) avutil-51.dll -  : Unknown @ 0xffffffffeeb809aa (jmp 0xe0ffe4ee)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avformat-54.dll) avcodec-54.dll - av_sha_size : Unknown @ 0x137e06c3 (call 0xfe42fe0c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ avformat-54.dll) avcodec-54.dll - n in DOS mode.


$ : Unknown @ 0x599f5f0f (call 0xefff2e4d)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ swscale-2.dll) avutil-51.dll -  : Unknown @ 0x1eff8334 (jmp 0x2b)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ swscale-2.dll) avutil-51.dll - Þ)î,Í : Unknown @ 0x46972965 (call 0x2b131a4b)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] b84c86cadce5e955e0f181c2a58347ea
[BSP] 9947cff8e3bc7a33ad670c32ff57fb5b : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 10468 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 21520384 | Size: 943359 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Reply #1September 30, 2015, 05:03:19 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: IEAT Hooks. Unsure if problematic.
« Reply #1 on: September 30, 2015, 05:03:19 PM »
Hi tactora,

Welcome to Adlice.com Forum.

Your report seems clean but RogueKiller encountered a bug during the scan.
We are going to investigate it.

Regards.

Reply #2September 30, 2015, 07:52:38 PM

tactora

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: IEAT Hooks. Unsure if problematic.
« Reply #2 on: September 30, 2015, 07:52:38 PM »
I see. If it helps at all, this scan result occured twice, once a few days ago with a previous version of Roguekiller, and a second time (the one posted here) with a more updated version. I found it strange since none of it seemed to make any sense.

Reply #3September 30, 2015, 09:38:13 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: IEAT Hooks. Unsure if problematic.
« Reply #3 on: September 30, 2015, 09:38:13 PM »
Hi tactora,

Thanks for the information. :)
I'll let you know about the results of our investigations.

Regards.

Reply #4October 07, 2015, 01:40:51 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: IEAT Hooks. Unsure if problematic.
« Reply #4 on: October 07, 2015, 01:40:51 PM »
Hello,
Could you tell us what Chrome extensions you installed?

Also, could you search avcodec-54.dll and tell us where the file is?
Thanks.

Reply #5October 10, 2015, 12:45:53 AM

tactora

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: IEAT Hooks. Unsure if problematic.
« Reply #5 on: October 10, 2015, 12:45:53 AM »
Chrome extensions are :

AdBlock 2.41.2
AdBlock plus  1.9.3     (I'm a terrible person I know)
BetterTTV  6.8
Calculator 2.1
Dark Skin for Youtube 1.3.28
FrankerFaceZ 1.57
Google docs 0.9
Google sheet 1.1
Google Slides 0.9
Stylish 1.4.0


As for avcodec-54.dll ,
C:\Users\Tyler\AppData\Roaming\SplitMediaLabs\XSplit\install\6990E7D
C:\Program Files (x86)\Steam\SteamApps\common\WEE01\lib\windows-i686
C:\Program Files (x86)\Razer\Razer Game Booster
C:\Program Files (x86)\SplitMediaLabs\XSplit

Reply #6October 12, 2015, 06:24:45 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: IEAT Hooks. Unsure if problematic.
« Reply #6 on: October 12, 2015, 06:24:45 AM »
Thanks, it comes from XSplit :)
We'll look at this.