1
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 06, 2015, 12:02:29 AM »
Thanks
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
Thanks
2
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 04, 2015, 02:21:01 AM »
Hi there.
I've followed those options. I now see the file in my browser, but not in the Virus Total browser. Any other options?
I've followed those options. I now see the file in my browser, but not in the Virus Total browser. Any other options?
3
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 03, 2015, 01:23:22 AM »
I've installed Virustotal but it will not let me UL that file. Any other options?
4
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 02, 2015, 04:23:31 PM »
Ok so I've reDL'd the exe - it's v10.1.1
I've done a scan and added the log below. There is still no box to check the files to delete them - should there be?
J
RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KINGFISHER [Administrator]
Mode : Scan -- Date : 01/02/2015 23:19:05
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass5 : \Driver\SynTP @ \Device\0000009f (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass4 : \Driver\SynTP @ \Device\0000009a (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\SynTP @ \Device\00000098 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\00000097 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\0000008d (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
--- User ---
[MBR] c4a7161b6a04617324ada1e8e6e99a35
[BSP] f22a1020c3ae33691ec4576bb324c392 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7500BPKT-22PK4T0 +++++
--- User ---
[MBR] 27c661ad256d5194ac156f6352a0dc47
[BSP] b3b20bb8709b3c4333c1f43f4f99ef5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_01012015_080120.log - RKreport_DEL_07262014_211846.log - RKreport_DEL_07262014_213155.log - RKreport_DEL_10082014_212938.log
RKreport_DEL_12302014_235711.log - RKreport_DEL_12302014_235740.log - RKreport_DEL_12312014_001904.log - RKreport_SCN_07262014_211836.log
RKreport_SCN_07262014_212939.log - RKreport_SCN_10062014_190124.log - RKreport_SCN_10082014_212200.log - RKreport_SCN_10082014_213146.log
RKreport_SCN_12302014_235146.log - RKreport_SCN_12312014_001614.log - RKreport_SCN_12312014_002516.log
I've done a scan and added the log below. There is still no box to check the files to delete them - should there be?
J
RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KINGFISHER [Administrator]
Mode : Scan -- Date : 01/02/2015 23:19:05
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass5 : \Driver\SynTP @ \Device\0000009f (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass4 : \Driver\SynTP @ \Device\0000009a (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\SynTP @ \Device\00000098 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\00000097 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\0000008d (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
--- User ---
[MBR] c4a7161b6a04617324ada1e8e6e99a35
[BSP] f22a1020c3ae33691ec4576bb324c392 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7500BPKT-22PK4T0 +++++
--- User ---
[MBR] 27c661ad256d5194ac156f6352a0dc47
[BSP] b3b20bb8709b3c4333c1f43f4f99ef5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_01012015_080120.log - RKreport_DEL_07262014_211846.log - RKreport_DEL_07262014_213155.log - RKreport_DEL_10082014_212938.log
RKreport_DEL_12302014_235711.log - RKreport_DEL_12302014_235740.log - RKreport_DEL_12312014_001904.log - RKreport_SCN_07262014_211836.log
RKreport_SCN_07262014_212939.log - RKreport_SCN_10062014_190124.log - RKreport_SCN_10082014_212200.log - RKreport_SCN_10082014_213146.log
RKreport_SCN_12302014_235146.log - RKreport_SCN_12312014_001614.log - RKreport_SCN_12312014_002516.log
5
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 01, 2015, 01:11:55 AM »
Hi there. This IS from your website, I downloaded the most recent version, however when I run it it keeps telling me it's outdated. Do you have a direct link to the newest version at all?
6
RogueKiller / Anti-rookit results? Unsure what to do with these
« on: December 30, 2014, 05:34:51 PM »
Hi all.
I can't select these items in RK to be deleted - I'm unsure what to do with them.
JG
Can't UL file so listed below:
RogueKiller V10.0.0.0 (x64) [Oct 7 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KINGFISHER [Administrator]
Mode : Scan -- Date : 12/31/2014 00:25:17
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass5 : \Driver\SynTP @ \Device\0000009d (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass4 : \Driver\SynTP @ \Device\0000009b (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\SynTP @ \Device\00000099 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\00000098 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\0000008e (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[EAT:Addr] (explorer.exe) samcli.dll - DllCanUnloadNow : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb222350
[EAT:Addr] (explorer.exe) samcli.dll - DllGetClassObject : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb222130
[EAT:Addr] (explorer.exe) samcli.dll - DllRegisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb221f70
[EAT:Addr] (explorer.exe) samcli.dll - DllUnregisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb222060
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
--- User ---
[MBR] c4a7161b6a04617324ada1e8e6e99a35
[BSP] f22a1020c3ae33691ec4576bb324c392 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7500BPKT-22PK4T0 +++++
--- User ---
[MBR] 27c661ad256d5194ac156f6352a0dc47
[BSP] b3b20bb8709b3c4333c1f43f4f99ef5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 00c00502dc4d8d07c9cdb3708859a264
[BSP] f95a0069f0928bdfcf078dd2b93016b5 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_07262014_211846.log - RKreport_DEL_07262014_213155.log - RKreport_DEL_10082014_212938.log - RKreport_DEL_12302014_235711.log
RKreport_DEL_12302014_235740.log - RKreport_DEL_12312014_001904.log - RKreport_SCN_07262014_211836.log - RKreport_SCN_07262014_212939.log
RKreport_SCN_10062014_190124.log - RKreport_SCN_10082014_212200.log - RKreport_SCN_10082014_213146.log - RKreport_SCN_12302014_235146.log
RKreport_SCN_12312014_001614.log
I can't select these items in RK to be deleted - I'm unsure what to do with them.
JG
Can't UL file so listed below:
RogueKiller V10.0.0.0 (x64) [Oct 7 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KINGFISHER [Administrator]
Mode : Scan -- Date : 12/31/2014 00:25:17
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass5 : \Driver\SynTP @ \Device\0000009d (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass4 : \Driver\SynTP @ \Device\0000009b (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\SynTP @ \Device\00000099 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\00000098 (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\0000008e (\SystemRoot\system32\DRIVERS\o2mdgx64.sys)
[EAT:Addr] (explorer.exe) samcli.dll - DllCanUnloadNow : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb222350
[EAT:Addr] (explorer.exe) samcli.dll - DllGetClassObject : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb222130
[EAT:Addr] (explorer.exe) samcli.dll - DllRegisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb221f70
[EAT:Addr] (explorer.exe) samcli.dll - DllUnregisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefb222060
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
--- User ---
[MBR] c4a7161b6a04617324ada1e8e6e99a35
[BSP] f22a1020c3ae33691ec4576bb324c392 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD7500BPKT-22PK4T0 +++++
--- User ---
[MBR] 27c661ad256d5194ac156f6352a0dc47
[BSP] b3b20bb8709b3c4333c1f43f4f99ef5d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 00c00502dc4d8d07c9cdb3708859a264
[BSP] f95a0069f0928bdfcf078dd2b93016b5 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_07262014_211846.log - RKreport_DEL_07262014_213155.log - RKreport_DEL_10082014_212938.log - RKreport_DEL_12302014_235711.log
RKreport_DEL_12302014_235740.log - RKreport_DEL_12312014_001904.log - RKreport_SCN_07262014_211836.log - RKreport_SCN_07262014_212939.log
RKreport_SCN_10062014_190124.log - RKreport_SCN_10082014_212200.log - RKreport_SCN_10082014_213146.log - RKreport_SCN_12302014_235146.log
RKreport_SCN_12312014_001614.log
Pages: [1]
