Adlice forum
Software feedback => RogueKiller => Topic started by: Russ773 on November 02, 2014, 02:47:55 AM
-
Hi there,
This past week I've noticed a few issues with my laptop. I've run my virus scanner (Bullguard) and MalwareBytes. Malwarebytes keeps blocking things from getting to me but somehow, something has slipped past. I've tried numerous different software to try and rid my computer of whatever is hidden in it. I've now come across RogueKiller and I'm pretty impressed with it.
I was wondering if anyone would be able to look at my report and tell me if they see anything suspicious.
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Russ [Administrator]
Mode : Delete -- Date : 11/02/2014 01:44:15
¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] mbar-1.07.0.1012.exe -- C:\Users\Russ\Desktop\mbar-1.07.0.1012.exe[7] -> ERROR [12]
[Suspicious.Path] mbar.exe -- C:\Users\Russ\Desktop\mbar\mbar.exe[7] -> ERROR [12]
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll[-] -> Unloaded
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll[-] -> Unloaded
[Suspicious.Path] (SVC) UnsignedThemes -- C:\WINDOWS\unsignedthemes.exe[-] -> Stopped
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 114 (Driver: Not loaded [0x2]) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7ffccca303a0 (jmp 0xffffffff8012e480)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x7ffccca302a0 (jmp 0xffffffff8012db70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7ffccca30490 (jmp 0xffffffff8012de10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7ffccca303b0 (jmp 0xffffffff8012e9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7ffccca302b0 (jmp 0xffffffff8012e150)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ffccca302c0 (jmp 0xffffffff8012db40)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x7ffccca30290 (jmp 0xffffffff8012e1c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x7ffccca30330 (jmp 0xffffffff8012e1a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x7ffccca30340 (jmp 0xffffffff8012db80)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ffccca30350 (jmp 0xffffffff8012e2f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7ffccca303d0 (jmp 0xffffffff8012e250)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x7ffccca303f0 (jmp 0xffffffff8012e850)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x7ffccca30380 (jmp 0xffffffff8012dbd0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x7ffccca30430 (jmp 0xffffffff8012d430)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x7ffccca30400 (jmp 0xffffffff8012d700)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7ffccca304a0 (jmp 0xffffffff8012de10)
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\WINDOWS\SYSTEM32\gpapi.dll @ 0x7ffd48df1540
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ combase.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ combase.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ combase.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\WINDOWS\SYSTEM32\clbcatq.dll @ 0x7ffd4b2024b0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\WINDOWS\SYSTEM32\clbcatq.dll @ 0x7ffd4b2023c0
[IAT:Inl] (explorer.exe @ powrprof.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ advapi32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ advapi32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x7ffccca30280 (jmp 0xffffffff8012d160)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x7ffccca30280 (jmp 0xffffffff8012d160)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ TWINAPI.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ SspiCli.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7ffccca30440 (jmp 0xffffffff8012d970)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ bcryptPrimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ clbcatq.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ DUI70.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ DEVOBJ.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ twinui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ twinui.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x7ffccca30340 (jmp 0xffffffff8012db80)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x7ffccca30380 (jmp 0xffffffff8012dbd0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ffccca302c0 (jmp 0xffffffff8012db40)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x7ffccca302a0 (jmp 0xffffffff8012db70)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ CRYPTSP.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ twinui.appcore.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51be0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51330
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d516a0
[IAT:Inl] (explorer.exe @ wpncore.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d516a0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51330
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationQueryInformationW : C:\WINDOWS\SYSTEM32\WINSTA.dll @ 0x7ffd49b11160
[IAT:Inl] (explorer.exe @ dwrite.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ Authui.DLL) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ Authui.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ ncrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x7ffccca301e0 (jmp 0xffffffff8012dc50)
[IAT:Inl] (explorer.exe @ wpnprv.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ WSClient.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Addr] (explorer.exe @ SettingSyncCore.dll) ext-ms-win-shell-settingsync-l1-1-0.dll - SettingSync_IsAllowedByGroupPolicy : C:\WINDOWS\SYSTEM32\SETTINGSYNCPOLICY.dll @ 0x7ffd3a712e44
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ffccca30350 (jmp 0xffffffff8012e2f0)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x7ffccca301e0 (jmp 0xffffffff8012dc50)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ fwpuclnt.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Addr] (explorer.exe @ PackageStateRoaming.dll) ext-ms-win-shell-settingsync-l1-1-0.dll - SettingSync_IsAppDataBackupRestoreEnabled : C:\WINDOWS\SYSTEM32\SETTINGSYNCPOLICY.dll @ 0x7ffd3a71204c
[IAT:Inl] (explorer.exe @ schannel.DLL) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ schannel.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ schannel.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Inl] (explorer.exe @ ncryptsslp.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ tbs.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 77e64d21064fdb0f8c6e932ba198e25a
[BSP] 0c6b2592cef7e5ccff74d06bb2fccd3f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11022014_012027.log - RKreport_DEL_11022014_012303.log - RKreport_SCN_11022014_014350.log
-
Hello
Yes, there's something hooking your APIs.
What did Mbar say?
-
When I ran it yesterday it came back clear. I'm currently running it again now and will post back the result once its completed.
-
Scan completed.
Came back all clear :/
-
I think those hooks are legit.
However, that would be interesting to know where they go...
We'll investigate
-
Thanks :)