1
Malware removal help / Re: Pc is unstable Please help
« on: March 05, 2015, 09:17:40 AM »
Thank You for reviewing these reports. 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Malware removal help / Re: Pc is unstable Please help
« on: March 04, 2015, 01:32:19 AM »
Thank You. Here is the latest report.
RogueKiller V10.5.0.0 [Mar 2 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr. Ed [Administrator]
Mode : Scan -- Date : 03/03/2015 19:28:47
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] HP Photo Creations Communicator.job -- C:\ProgramData\HP Photo Creations\Communicator.exe (--auto) -> Found
[Suspicious.Path] \\HP Photo Creations Communicator -- C:\ProgramData\HP Photo Creations\Communicator.exe (--auto) -> Found
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87df79f8
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87df7a90
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x8848b288
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87d2c428
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x87df7470
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x87df7820
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x87df7268
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x88528cd0
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x87df7508
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x8848b3c8
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87df7f80
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x87df78c8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x87df7960
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87d2e6d0
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87df7ec8
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x87df7788
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x8848b4b8
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8848b330
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x87df7658
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x8848b470
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x87df73c8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x87df71c0
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x88267fc0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87df7b28
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x87df7cf0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87df7d88
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x87df75a0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x87df76f0
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87df7bc0
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x85ce9ef8
[SSDT:Addr(Hook.SSDT)] unknown[335] : Unknown @ 0x87df7c58
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87df7e30
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x8848b1c0
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x87df7310
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x886d51a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x886c8bc0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x886b30c0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x87b3eed8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x886b31b8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x886c8800
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x886c8910
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x886c8888
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x886d5a98
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x886b35e0
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 7874a3666fcbd00374f23e6e96c32625
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 601489665 | Size: 11546 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
============================================
RKreport_DEL_02172015_224209.log - RKreport_DEL_02172015_224255.log - RKreport_DEL_02172015_224258.log - RKreport_DEL_02172015_224302.log
RKreport_DEL_02172015_224315.log - RKreport_DEL_02172015_225426.log - RKreport_DEL_02172015_225435.log - RKreport_DEL_02172015_225436.log
RKreport_DEL_02172015_225437.log - RKreport_DEL_02172015_225438.log - RKreport_DEL_02172015_225439.log - RKreport_DEL_02172015_225440.log
RKreport_DEL_02172015_225441.log - RKreport_DEL_02172015_225442.log - RKreport_DEL_02172015_225450.log - RKreport_DEL_02222015_002720.log
RKreport_DEL_02222015_002723.log - RKreport_DEL_02222015_002741.log - RKreport_DEL_02222015_002756.log - RKreport_SCN_02172015_120211.log
RKreport_SCN_02172015_213052.log - RKreport_SCN_02172015_225253.log - RKreport_SCN_02222015_002313.log - RKreport_SCN_02272015_131338.log
RogueKiller V10.5.0.0 [Mar 2 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr. Ed [Administrator]
Mode : Scan -- Date : 03/03/2015 19:28:47
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] HP Photo Creations Communicator.job -- C:\ProgramData\HP Photo Creations\Communicator.exe (--auto) -> Found
[Suspicious.Path] \\HP Photo Creations Communicator -- C:\ProgramData\HP Photo Creations\Communicator.exe (--auto) -> Found
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87df79f8
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87df7a90
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x8848b288
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87d2c428
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x87df7470
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x87df7820
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x87df7268
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x88528cd0
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x87df7508
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x8848b3c8
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87df7f80
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x87df78c8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x87df7960
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87d2e6d0
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87df7ec8
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x87df7788
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x8848b4b8
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8848b330
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x87df7658
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x8848b470
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x87df73c8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x87df71c0
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x88267fc0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87df7b28
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x87df7cf0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87df7d88
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x87df75a0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x87df76f0
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87df7bc0
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x85ce9ef8
[SSDT:Addr(Hook.SSDT)] unknown[335] : Unknown @ 0x87df7c58
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87df7e30
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x8848b1c0
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x87df7310
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x886d51a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x886c8bc0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x886b30c0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x87b3eed8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x886b31b8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x886c8800
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x886c8910
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x886c8888
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x886d5a98
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x886b35e0
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 7874a3666fcbd00374f23e6e96c32625
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 601489665 | Size: 11546 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
============================================
RKreport_DEL_02172015_224209.log - RKreport_DEL_02172015_224255.log - RKreport_DEL_02172015_224258.log - RKreport_DEL_02172015_224302.log
RKreport_DEL_02172015_224315.log - RKreport_DEL_02172015_225426.log - RKreport_DEL_02172015_225435.log - RKreport_DEL_02172015_225436.log
RKreport_DEL_02172015_225437.log - RKreport_DEL_02172015_225438.log - RKreport_DEL_02172015_225439.log - RKreport_DEL_02172015_225440.log
RKreport_DEL_02172015_225441.log - RKreport_DEL_02172015_225442.log - RKreport_DEL_02172015_225450.log - RKreport_DEL_02222015_002720.log
RKreport_DEL_02222015_002723.log - RKreport_DEL_02222015_002741.log - RKreport_DEL_02222015_002756.log - RKreport_SCN_02172015_120211.log
RKreport_SCN_02172015_213052.log - RKreport_SCN_02172015_225253.log - RKreport_SCN_02222015_002313.log - RKreport_SCN_02272015_131338.log
3
Malware removal help / Re: Pc is unstable Please help
« on: March 03, 2015, 06:24:46 AM »
Thank You. No threats were found. Not sure about the security software featuring anti-exploit technology? Here is the contents of the Tdsskiller.
4
Malware removal help / Pc is unstable Please help
« on: February 27, 2015, 07:43:44 PM »
New to this forum. Thank you in advance for your help. My computer running vista home premium has become unstable and continues to become unresponsive when left at idle for more than 15 or more minutes. I ran the Roguekiller and this is my report. Please let me know if this clean or not. Thanks again!
RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr. Ed [Administrator]
Mode : Scan -- Date : 02/27/2015 13:13:38
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-
5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-
08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-
5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-
08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x880dfc10
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x880dfca8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87b79748
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87d57520
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x880e0ec0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x880dfa38
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x880e0cb8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x8878a450
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x880e0f58
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87b79848
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87b795d8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x880dfae0
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x880dfb78
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87c75338
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87b79520
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x880df9a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87dfd608
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x87b797d0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x880df870
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x880df4c8
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x880e0e18
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x880e0c10
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x880e0b68
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x880dfd40
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x880dff08
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x880dff80
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x880e0fd0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x880df908
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x880dfdd8
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8819b0c0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x880dfe70
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87b79488
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87b79680
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x880e0d60
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x889d49a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x889c0228
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x889d3180
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x889d3fd0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x889c8e10
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x889d3da0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x889c8468
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x889d3e28
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x889d3248
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x889d4fb0
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 7874a3666fcbd00374f23e6e96c32625
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293696 MB [Windows Vista/7/8 Bootstrap | Windows
Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 601489665 | Size: 11546 MB [Windows Vista/7/8 Bootstrap |
Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
============================================
RKreport_DEL_02172015_224209.log - RKreport_DEL_02172015_224255.log - RKreport_DEL_02172015_224258.log -
RKreport_DEL_02172015_224302.log
RKreport_DEL_02172015_224315.log - RKreport_DEL_02172015_225426.log - RKreport_DEL_02172015_225435.log -
RKreport_DEL_02172015_225436.log
RKreport_DEL_02172015_225437.log - RKreport_DEL_02172015_225438.log - RKreport_DEL_02172015_225439.log -
RKreport_DEL_02172015_225440.log
RKreport_DEL_02172015_225441.log - RKreport_DEL_02172015_225442.log - RKreport_DEL_02172015_225450.log -
RKreport_DEL_02222015_002720.log
RKreport_DEL_02222015_002723.log - RKreport_DEL_02222015_002741.log - RKreport_DEL_02222015_002756.log -
RKreport_SCN_02172015_120211.log
RKreport_SCN_02172015_213052.log - RKreport_SCN_02172015_225253.log - RKreport_SCN_02222015_002313.log
RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr. Ed [Administrator]
Mode : Scan -- Date : 02/27/2015 13:13:38
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-
5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-
08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-
5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003
\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-
08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x880dfc10
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x880dfca8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87b79748
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87d57520
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x880e0ec0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x880dfa38
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x880e0cb8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x8878a450
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x880e0f58
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87b79848
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87b795d8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x880dfae0
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x880dfb78
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87c75338
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87b79520
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x880df9a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87dfd608
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x87b797d0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x880df870
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x880df4c8
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x880e0e18
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x880e0c10
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x880e0b68
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x880dfd40
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x880dff08
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x880dff80
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x880e0fd0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x880df908
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x880dfdd8
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8819b0c0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x880dfe70
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87b79488
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87b79680
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x880e0d60
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x889d49a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x889c0228
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x889d3180
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x889d3fd0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x889c8e10
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x889d3da0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x889c8468
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x889d3e28
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x889d3248
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x889d4fb0
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 7874a3666fcbd00374f23e6e96c32625
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293696 MB [Windows Vista/7/8 Bootstrap | Windows
Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 601489665 | Size: 11546 MB [Windows Vista/7/8 Bootstrap |
Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
============================================
RKreport_DEL_02172015_224209.log - RKreport_DEL_02172015_224255.log - RKreport_DEL_02172015_224258.log -
RKreport_DEL_02172015_224302.log
RKreport_DEL_02172015_224315.log - RKreport_DEL_02172015_225426.log - RKreport_DEL_02172015_225435.log -
RKreport_DEL_02172015_225436.log
RKreport_DEL_02172015_225437.log - RKreport_DEL_02172015_225438.log - RKreport_DEL_02172015_225439.log -
RKreport_DEL_02172015_225440.log
RKreport_DEL_02172015_225441.log - RKreport_DEL_02172015_225442.log - RKreport_DEL_02172015_225450.log -
RKreport_DEL_02222015_002720.log
RKreport_DEL_02222015_002723.log - RKreport_DEL_02222015_002741.log - RKreport_DEL_02222015_002756.log -
RKreport_SCN_02172015_120211.log
RKreport_SCN_02172015_213052.log - RKreport_SCN_02172015_225253.log - RKreport_SCN_02222015_002313.log
Pages: [1]
