Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sprintman

Pages: [1]
1
RogueKiller / New version 10.1.2.0 today
« on: January 06, 2015, 09:28:21 PM »
Initializes then immediately says Scan Complete.   Not actually doing anything. Used it for a long time so I know how it usually behaves
Cheers..Steve

RogueKiller V10.1.2.0 [Jan  6 2015] by Adlice Software
mail :
Feedback :
Website :
Blog :

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 01/07/2015  07:29:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000012f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

============================================
RKreport_DEL_05292014_200714.log - RKreport_DEL_05302014_203121.log - RKreport_DEL_05312014_214449.log - RKreport_DEL_06022014_190553.log
RKreport_DEL_06032014_210107.log - RKreport_DEL_06042014_200934.log - RKreport_DEL_06062014_225044.log - RKreport_DEL_06072014_181937.log
RKreport_DEL_06082014_192806.log - RKreport_DEL_06102014_184219.log - RKreport_DEL_06112014_195331.log - RKreport_DEL_06142014_193359.log
RKreport_DEL_06152014_223617.log - RKreport_DEL_06192014_211147.log - RKreport_DEL_06222014_105516.log - RKreport_DEL_06222014_183511.log
RKreport_DEL_06222014_184321.log - RKreport_DEL_06232014_185658.log - RKreport_DEL_06252014_204209.log - RKreport_DEL_06282014_200416.log
RKreport_DEL_06292014_085946.log - RKreport_DEL_07012014_194829.log - RKreport_DEL_07022014_202638.log - RKreport_DEL_07062014_091130.log
RKreport_DEL_07072014_193729.log - RKreport_DEL_07082014_201242.log - RKreport_DEL_07082014_202528.log - RKreport_DEL_07102014_180005.log
RKreport_DEL_07112014_203808.log - RKreport_DEL_07142014_192529.log - RKreport_DEL_07152014_195809.log - RKreport_DEL_07172014_080852.log
RKreport_DEL_07172014_220526.log - RKreport_DEL_07202014_180915.log - RKreport_DEL_07212014_184503.log - RKreport_DEL_07242014_195903.log
RKreport_DEL_07252014_185549.log - RKreport_DEL_08022014_214507.log - RKreport_DEL_08062014_191154.log - RKreport_DEL_08082014_184653.log
RKreport_DEL_08102014_184110.log - RKreport_DEL_08112014_182105.log - RKreport_DEL_08162014_080627.log - RKreport_DEL_08182014_152958.log
RKreport_DEL_08192014_102434.log - RKreport_DEL_08212014_185422.log - RKreport_DEL_08262014_090608.log - RKreport_DEL_09032014_174211.log
RKreport_DEL_09052014_194630.log - RKreport_DEL_09062014_153610.log - RKreport_DEL_09082014_214208.log - RKreport_DEL_09092014_223251.log
RKreport_DEL_09132014_182624.log - RKreport_DEL_09142014_104558.log - RKreport_DEL_09182014_075110.log - RKreport_DEL_09192014_062751.log
RKreport_DEL_09192014_202109.log - RKreport_DEL_09202014_203210.log - RKreport_DEL_09232014_202851.log - RKreport_DEL_09242014_085936.log
RKreport_DEL_09272014_202451.log - RKreport_DEL_09282014_050620.log - RKreport_DEL_09292014_200635.log - RKreport_DEL_09302014_101211.log
RKreport_DEL_10042014_201941.log - RKreport_DEL_10082014_112040.log - RKreport_DEL_10092014_121113.log - RKreport_DEL_10092014_143534.log
RKreport_DEL_10092014_210910.log - RKreport_DEL_10112014_065300.log - RKreport_DEL_10122014_205809.log - RKreport_DEL_10162014_071448.log
RKreport_DEL_10162014_224704.log - RKreport_DEL_10182014_153800.log - RKreport_DEL_10212014_073324.log - RKreport_DEL_10232014_070801.log
RKreport_DEL_10282014_202632.log - RKreport_DEL_10302014_072735.log - RKreport_DEL_11052014_060950.log - RKreport_DEL_11142014_075930.log
RKreport_DEL_11202014_083955.log - RKreport_DEL_11212014_083052.log - RKreport_DEL_12032014_073549.log - RKreport_DEL_12082014_232107.log
RKreport_DEL_12112014_061549.log - RKreport_SCN_01052015_211911.log - RKreport_SCN_01072015_070235.log - RKreport_SCN_01072015_071810.log
RKreport_SCN_01072015_072052.log - RKreport_SCN_01072015_072109.log - RKreport_SCN_05292014_200537.log - RKreport_SCN_05302014_201833.log
RKreport_SCN_05312014_213924.log - RKreport_SCN_06022014_183435.log - RKreport_SCN_06032014_210016.log - RKreport_SCN_06042014_200800.log
RKreport_SCN_06062014_215045.log - RKreport_SCN_06072014_181824.log - RKreport_SCN_06082014_191907.log - RKreport_SCN_06102014_184127.log
RKreport_SCN_06112014_183625.log - RKreport_SCN_06142014_192148.log - RKreport_SCN_06152014_223530.log - RKreport_SCN_06192014_210748.log
RKreport_SCN_06222014_105418.log - RKreport_SCN_06222014_183406.log - RKreport_SCN_06222014_184125.log - RKreport_SCN_06232014_185623.log
RKreport_SCN_06252014_203750.log - RKreport_SCN_06282014_200143.log - RKreport_SCN_06292014_085352.log - RKreport_SCN_07012014_194722.log
RKreport_SCN_07022014_201935.log - RKreport_SCN_07062014_085503.log - RKreport_SCN_07072014_192725.log - RKreport_SCN_07082014_200922.log
RKreport_SCN_07082014_202204.log - RKreport_SCN_07102014_175350.log - RKreport_SCN_07112014_203748.log - RKreport_SCN_07142014_192234.log
RKreport_SCN_07152014_195659.log - RKreport_SCN_07172014_075623.log - RKreport_SCN_07172014_220448.log - RKreport_SCN_07202014_180843.log
RKreport_SCN_07212014_184448.log - RKreport_SCN_07242014_195850.log - RKreport_SCN_07252014_185343.log - RKreport_SCN_08022014_184113.log
RKreport_SCN_08062014_180245.log - RKreport_SCN_08082014_183216.log - RKreport_SCN_08102014_184026.log - RKreport_SCN_08112014_181717.log
RKreport_SCN_08162014_080556.log - RKreport_SCN_08172014_174529.log - RKreport_SCN_08182014_152943.log - RKreport_SCN_08192014_101613.log
RKreport_SCN_08212014_184652.log - RKreport_SCN_08262014_090550.log - RKreport_SCN_09032014_174129.log - RKreport_SCN_09052014_194202.log
RKreport_SCN_09062014_153554.log - RKreport_SCN_09082014_214135.log - RKreport_SCN_09092014_222733.log - RKreport_SCN_09132014_182526.log
RKreport_SCN_09142014_104311.log - RKreport_SCN_09182014_075042.log - RKreport_SCN_09192014_062714.log - RKreport_SCN_09192014_202037.log
RKreport_SCN_09202014_203146.log - RKreport_SCN_09232014_202309.log - RKreport_SCN_09242014_085603.log - RKreport_SCN_09272014_202424.log
RKreport_SCN_09282014_050337.log - RKreport_SCN_09292014_200526.log - RKreport_SCN_09302014_101143.log - RKreport_SCN_10042014_201920.log
RKreport_SCN_10082014_074438.log - RKreport_SCN_10092014_121013.log - RKreport_SCN_10092014_143342.log - RKreport_SCN_10092014_210835.log
RKreport_SCN_10112014_064008.log - RKreport_SCN_10122014_205734.log - RKreport_SCN_10162014_071023.log - RKreport_SCN_10162014_224608.log
RKreport_SCN_10182014_153400.log - RKreport_SCN_10212014_073201.log - RKreport_SCN_10232014_070732.log - RKreport_SCN_10282014_202611.log
RKreport_SCN_10302014_072650.log - RKreport_SCN_11052014_060648.log - RKreport_SCN_11122014_112411.log - RKreport_SCN_11142014_075725.log
RKreport_SCN_11202014_082321.log - RKreport_SCN_11212014_083023.log - RKreport_SCN_12032014_073311.log - RKreport_SCN_12082014_231219.log
RKreport_SCN_12102014_083808.log - RKreport_SCN_12112014_061415.log - RKreport_SCN_12112014_205659.log - RKreport_SCN_12122014_103835.log
RKreport_SCN_12232014_054344.log - RKreport_SCN_12242014_070747.log

2
RogueKiller / Re: 10.0.9.0 and MalwareBytes
« on: December 12, 2014, 12:37:54 AM »
Nice!!

3
RogueKiller / Re: 10.0.9.0 and MalwareBytes
« on: December 11, 2014, 12:20:28 PM »
Agree. Only happened when latest version installed on both systems at same time.  You still have a great product

Cheers..steve

4
RogueKiller / Re: 10.0.9.0 and MalwareBytes
« on: December 11, 2014, 11:00:28 AM »
Same on our 32-bit and 64-bit systems.  I work in IT too


RogueKiller V10.0.9.0 [Dec  8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 12/11/2014  20:56:59

¤¤¤ Processes : 2 ¤¤¤
[Tr.Zeus] mbamservice.exe -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Killed [TermProc]
[Suspicious.Path] VMBQuickStartService.exe -- C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\User\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vodafone Mobile Broadband QuickStart ("C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe") -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\User\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Vodafone Mobile Broadband QuickStart ("C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe") -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\User\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Vodafone Mobile Broadband QuickStart ("C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe") -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3659011779-3850564267-1580858498-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

¤¤¤ Antirootkit : 106 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x86f08f18
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x86f08f90
[SSDT:Addr(Hook.SSDT)] unknown[19] : Unknown @ 0x86eef2d0
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x86e09708
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x86eefe60
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x86f04b38
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x86eefc58
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x86f1aa08
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x86eefd00
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x86eefef8
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x86eef530
[SSDT:Addr(Hook.SSDT)] unknown[131] : Unknown @ 0x86f1ab98
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x86f08de8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x86f08e80
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x86e16528
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x86eeefb0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x86f04ac0
[SSDT:Addr(Hook.SSDT)] unknown[190] : Unknown @ 0x86ed95a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x86eef358
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x86f04990
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x86eef5b8
[SSDT:Addr(Hook.SSDT)] unknown[215] : Unknown @ 0x86eefdb8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : Unknown @ 0x86eefbb0
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : Unknown @ 0x86eefb08
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x86ed79d0
[SSDT:Addr(Hook.SSDT)] unknown[316] : Unknown @ 0x86eeee18
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x86eeeeb0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x86eeff90
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x86f04a28
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x86ed7a68
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x86eed078
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x86ed7b00
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x86eeef38
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x86f1ac20
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x86d53cb8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x86d69830
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x87925830
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x8698fe10
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x87a2ff18
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x87926840
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x87a5d120
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x87a69120
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x86402268
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x87934830
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\drivers\tpm.sys)
[IAT:Inl] (explorer.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x719e001e]|jmp 0x6|jmp 0xfffffffff6191a6a)
[IAT:Inl] (explorer.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x7198001e]|jmp 0x6|jmp 0xfffffffff61f1bca)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x717d001e]|jmp 0x6|jmp 0xfffffffff63a291a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x718c001e]|jmp 0x6|jmp 0xfffffffff62b214a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x7189001e]|jmp 0x6|jmp 0xfffffffff62e222a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x718f001e]|jmp 0x6|jmp 0xfffffffff628204a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7180001e]|jmp 0x6|jmp 0xfffffffff637286a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7183001e]|jmp 0x6|jmp 0xfffffffff634282a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x7186001e]|jmp 0x6|jmp 0xfffffffff63127ca)
[IAT:Inl] (explorer.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x71a1001e]|jmp 0x6|jmp 0xfffffffff61619ba)
[IAT:Inl] (explorer.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x719b001e]|jmp 0x6|jmp 0xfffffffff61c1b1a)
[IAT:Inl] (explorer.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x718c001e]|jmp 0x6|jmp 0xfffffffff62b214a)
[IAT:Inl] (explorer.exe) USER32.dll - keybd_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81930 (jmp dword near [0x71a7001e]|jmp 0x6|jmp 0xfffffffff61018fa)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - CreateServiceW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81e00 (jmp dword near [0x7192001e]|jmp 0x6|jmp 0xfffffffff6251dca)
[IAT:Inl] (explorer.exe) USER32.dll - SendInput : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81980 (jmp dword near [0x71a4001e]|jmp 0x6|jmp 0xfffffffff613194a)
[IAT:Inl] (explorer.exe) WS2_32.dll - WSALookupServiceBeginW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b816c0 (jmp dword near [0x716e001e]|jmp 0x6|jmp 0xfffffffff649168a)
[IAT:Inl] (explorer.exe) user32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x71a1001e]|jmp 0x6|jmp 0xfffffffff61619ba)
[IAT:Inl] (explorer.exe) user32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x719e001e]|jmp 0x6|jmp 0xfffffffff6191a6a)
[IAT:Inl] (explorer.exe) user32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x7198001e]|jmp 0x6|jmp 0xfffffffff61f1bca)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x7123001e]|jmp 0x6|jmp 0xfffffffff694291a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x712f001e]|jmp 0x6|jmp 0xfffffffff688222a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x7135001e]|jmp 0x6|jmp 0xfffffffff682204a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7126001e]|jmp 0x6|jmp 0xfffffffff691286a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x712c001e]|jmp 0x6|jmp 0xfffffffff68b27ca)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x713e001e]|jmp 0x6|jmp 0xfffffffff6791bca)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x7144001e]|jmp 0x6|jmp 0xfffffffff6731a6a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x7147001e]|jmp 0x6|jmp 0xfffffffff67019ba)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x7141001e]|jmp 0x6|jmp 0xfffffffff6761b1a)
[IAT:Inl] (iexplore.exe) USER32.dll - keybd_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81930 (jmp dword near [0x714d001e]|jmp 0x6|jmp 0xfffffffff66a18fa)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendInput : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81980 (jmp dword near [0x714a001e]|jmp 0x6|jmp 0xfffffffff66d194a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x7123001e]|jmp 0x6|jmp 0xfffffffff694291a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x712f001e]|jmp 0x6|jmp 0xfffffffff688222a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x7135001e]|jmp 0x6|jmp 0xfffffffff682204a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7126001e]|jmp 0x6|jmp 0xfffffffff691286a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x712c001e]|jmp 0x6|jmp 0xfffffffff68b27ca)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x713e001e]|jmp 0x6|jmp 0xfffffffff6791bca)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x7144001e]|jmp 0x6|jmp 0xfffffffff6731a6a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x7147001e]|jmp 0x6|jmp 0xfffffffff67019ba)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x7141001e]|jmp 0x6|jmp 0xfffffffff6761b1a)
[IAT:Inl] (iexplore.exe) USER32.dll - mouse_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b818e0 (jmp dword near [0x7150001e]|jmp 0x6|jmp 0xfffffffff66718aa)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x7123001e]|jmp 0x6|jmp 0xfffffffff694291a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x712f001e]|jmp 0x6|jmp 0xfffffffff688222a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x7135001e]|jmp 0x6|jmp 0xfffffffff682204a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7126001e]|jmp 0x6|jmp 0xfffffffff691286a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x712c001e]|jmp 0x6|jmp 0xfffffffff68b27ca)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x713e001e]|jmp 0x6|jmp 0xfffffffff6791bca)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x7144001e]|jmp 0x6|jmp 0xfffffffff6731a6a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x7147001e]|jmp 0x6|jmp 0xfffffffff67019ba)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x7141001e]|jmp 0x6|jmp 0xfffffffff6761b1a)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) USER32.dll - mouse_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b818e0 (jmp dword near [0x7150001e]|jmp 0x6|jmp 0xfffffffff66718aa)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-60A7B0 ATA Device +++++
--- User ---
[MBR] 7e082e6332fb06acea39baa18206959d

5
RogueKiller / 10.0.9.0 and MalwareBytes
« on: December 11, 2014, 12:48:51 AM »
Latest version sees MBAMservice.exe as Zeus Trojan.  Needs fixing ASAP

Pages: [1]