Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kjm1755

Pages: [1]
1
Thanks for looking and  verifying. Glad to help add to white list :)

2
Recent scan with RogueKiller orange listed a kernel filter and I am not sure exactly how to continue. I have include the scan log. Would someone be able to take a look and make suggestion on how to proceed? THANKS

RogueKiller V10.5.9.0 (x64) [Apr  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ken [Administrator]
Started from : C:\Users\Ken\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 04/10/2015  11:45:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\PxHlpa64 @ Unknown (\SystemRoot\System32\Drivers\PxHlpa64.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM501II ATA Device +++++
--- User ---
[MBR] 11f5a0872b4a537cd5290f5108ee56f4
[BSP] f471722293d46bef1de26ec6b25607e9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03102015_223405.log - RKreport_DEL_03102015_224020.log - RKreport_SCN_03112015_220550.log - RKreport_SCN_03162015_234326.log

3
Thanks for assistance. Had me going there for a moment or two ..... 8)

4
Scanned with Virus Total :  "Probably harmless! There are strong indicators suggesting that this file is safe to use. "

5
root.Keyloger Name: \Driver\Kbdclass@\Device\KeyboardClass0

Not sure how to go about removing entry as RogueKiller says "Critical. The item is malware and should be removed."
Delete sure didn't work. (such a rookie). So I am thinking this has a manual removal process. Didn't want to guess as I really do not understand how it works. Assistance would be most appreciated.

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Studio User [Administrator]
Mode : Delete -- Date : 12/03/2014  13:35:17

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000073 (\SystemRoot\system32\DRIVERS\blbdrive.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM501II ATA Device +++++
--- User ---
[MBR] ad163aea0e1f43fad9b4cad3168c2826
[BSP] 400e3873cce2b5d6c385994e5db5e6ba : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11242014_072630.log - RKreport_DEL_11242014_072638.log - RKreport_SCN_11242014_070214.log - RKreport_SCN_11242014_173042.log
RKreport_SCN_12032014_083232.log - RKreport_DEL_12032014_111310.log - RKreport_DEL_12032014_111603.log - RKreport_DEL_12032014_112110.log
RKreport_DEL_12032014_112113.log - RKreport_SCN_12032014_112828.log

Pages: [1]