Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - nitrousable

Pages: [1]
1
RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/25/2018 19:49:59 (Duration : 00:26:33)

Processes : 0

Registry : 2
[PUM.SEH] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | EnableShellExecuteHooks : 1  -> Found
[PUM.SEH] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | EnableShellExecuteHooks : 1  -> Found

2
RogueKiller / Please analyze my log
« on: November 27, 2016, 01:49:16 pm »
Registry : 4
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3234963918-1611741712-499426997-1002\Software\Microsoft\Windows\CurrentVersion\Run | BitTorrent : "C:\Users\****\AppData\Roaming\BitTorrent\updates\7.9.9_42924.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3234963918-1611741712-499426997-1002\Software\Microsoft\Windows\CurrentVersion\Run | BitTorrent : "C:\Users\****\AppData\Roaming\BitTorrent\updates\7.9.9_42924.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3234963918-1611741712-499426997-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | BitTorrent : "C:\Users\****\AppData\Roaming\BitTorrent\updates\7.9.9_42924.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3234963918-1611741712-499426997-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | BitTorrent : "C:\Users\****\AppData\Roaming\BitTorrent\updates\7.9.9_42924.exe"  /MINIMIZED [7] -> Found

Thanks

3
RogueKiller / Win32App_1
« on: November 01, 2016, 04:11:41 pm »
Got a new Entry in RK log:
[Hidden.ADS][] C::Win32App_1 -> Found

What is this? Wasn't there before. Is this a false positive?

Thanks

4
RogueKiller / New log
« on: October 12, 2016, 09:01:58 am »


Hi, are these false positives?

I've checked the files myself, are they part of the Win10? Because I don't remember downloading this tool

5
RogueKiller / RPEng folder
« on: July 20, 2016, 03:24:07 am »
C:\Users\--\AppData\Roaming\RPEng

Latest Version RogueKiller just detected this folder as a PUP. Inside this folder there is another folder "402C6FBB7D9D4857868ED66F6CB63FB1" and in that folder there is a setup file called "TUU2014-FR-1day-AID1006172" Looks like this file had been there for a while as the creation date is 13 of February.

Is this file dangerous? I've tried looking up RPEng in google and looks like there are a lot of people with this folder on their PCs but it doesn't say if it's malicious or not

Thanks

6
RogueKiller / PUM Proxies
« on: July 14, 2016, 04:01:37 am »
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-01-02-03-04-05 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\18-1e-78-4f-62-5e -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-01-02-03-04-05 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\18-1e-78-4f-62-5e -> Found

Any idea what are these and where did they come from? Latest version RogueKiller detected those.


wpad is supposedly some sort of an auto proxy detection tool in Windows. I've looked up the timestamps for these entries and found out that one of them was created yesterday at the time when I launched my torrenting program. Are these entries dangerous or not?
Thanks


http://kb.k12usa.com/Knowledgebase/Proxy-Auto-Detect-WPAD-Issues-With-IE-Windows-7 - here is a topic on wpad


7
RogueKiller / Strange profile in HKEY_USERS
« on: May 11, 2016, 03:41:29 pm »
I've noticed a strange profile in my registry named RK_Alex_ON_F_F24B.
Upon closer inspection turns out it was my old Windows profile from 2015 installation.
I have no idea how it got there. Could it be from RogueKiller since the first two letters are RK?
Registry : 2
[Suspicious.Path] (X64) HKEY_USERS\RK_Alex_ON_F_F24B\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
  • -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_Alex_ON_F_F24B\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
  • -> Found


Like I said this profile is ancient and is not in use anymore. I'm just wondering how the heck it's still in my registry even though I reinstalled windows

8
RogueKiller / Partner entry
« on: January 25, 2016, 08:48:01 pm »
RK found this entry a while ago and I removed it.
However it seems like it came back upon the latest scan.

Registry : 1
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found

What is this entry? I searched the forums and found out that some other people have it too. However there is no definite answer on this

I had it on my previous windows installation too. I reinstalled windows10 recently and it seems like it's still there

9
RogueKiller / Skype VT.Unknown
« on: October 18, 2015, 08:05:50 pm »


Is this a false positive?

10
RogueKiller / Weird antirootkit entry
« on: May 29, 2015, 06:09:24 pm »
Antirootkit : 1 (Driver: Loaded)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - memcpy : Unknown @ 0x1f20009 (call 0x5|jmp 0x34|jmp 0xffffff6e)

Is this malware?

11
RogueKiller / Please analyze my log
« on: May 11, 2015, 07:15:40 pm »



RogueKiller V10.6.3.0 (x64) [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/11/2015  19:11:38

Processes : 0


Registry : 2
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 37345cd71e41256344dce83f23e3d943
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 923516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

12
RogueKiller / Please analyze my log
« on: February 18, 2015, 10:32:03 am »
Antirootkit : 70 (Driver: Loaded)
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_POWER[22] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_PNP[27] : Unknown @ 0x2879a2c0
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) MF.dll - MFGetService : C:\Windows\SysWOW64\MFCORE.DLL @ 0x6c68f090
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68

13
RogueKiller / some PUM DNS found
« on: December 11, 2014, 03:35:32 pm »
I ran latest roguekiller version today and it found some pum dns. Log attached below.
It might be worth mentioning that my internet had been very unstable today, I was able to run Steam and Skype and other such programs but I was unable to load any internet page.  I'm not sure if this could be related but anyway.
Can I get some clearance here, please?




RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Administrator]
Mode : Scan -- Date : 12/11/2014  15:28:42

Processes : 0

Registry : 2
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9DFA091-EE4C-4E93-8FE1-0316941911F3} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F9DFA091-EE4C-4E93-8FE1-0316941911F3} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 7 (Driver: Loaded)
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x5bc002c0

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 37345cd71e41256344dce83f23e3d943
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 923516 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -490340352 | Size: 49999 MB
User = LL1 ... OK
User = LL2 ... OK

14
RogueKiller / Please analyze my log
« on: October 19, 2014, 07:40:10 pm »
Antirootkit : 48 (Driver: Loaded)
[IAT:Addr] (explorer.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d92604
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a227f470
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a227e350
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2253c7c
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225a060
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2258848
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiUpdateLockScreenApplications : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696c3c4
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiChangeSessionState : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff896952b90
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d925bc
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtAssociateActivationProxy : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff896956bac
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtDisassociateWorkItem : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696c94c
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtActivateWorkItem : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696c718
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtFreeMemory : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff896958cc8
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtQueryWorkItem : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696cae0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtEnumerateWorkItemsForPackageName : C:\Windows\SYSTEM32\twinapi.appcore.dll @

0x7ff89696c9f0
[IAT:Addr] (explorer.exe @ wpncore.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d9282c
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225a060
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2258848
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d925bc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageInstallTime : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d926dc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22594c4
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259200
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\Windows\SYSTEM32\sppc.dll @ 0x7ff89d81566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\Windows\SYSTEM32\sppc.dll @ 0x7ff89d8178e8
[IAT:Addr] (explorer.exe @ WSSync.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d9282c
[IAT:Addr] (explorer.exe @ MrmCoreR.dll) api-ms-win-appmodel-identity-l1-1-0.dll - AppXGetOSMaxVersionTested : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d92460
[IAT:Addr] (explorer.exe @ ondemandconnroutehelper.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentApplicationUserModelId : C:\Windows\SYSTEM32\kernel.appcore.dll @

0x7ff8a0d925d4
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d925bc
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageApplicationContext : C:\Windows\SYSTEM32\kernel.appcore.dll

@ 0x7ff8a0d925e0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageOSMaxVersionTested : C:\Windows\SYSTEM32\kernel.appcore.dll @

0x7ff8a0d926e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageContext : C:\Windows\SYSTEM32\kernel.appcore.dll @

0x7ff8a0d925f8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageApplicationPropertyString : C:\Windows\SYSTEM32\kernel.appcore.dll

@ 0x7ff8a0d92688
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ff894c1bf60
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetUserGetInfo : C:\Windows\system32\samcli.dll @ 0x7ff89b5b1770
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetApiBufferFree : C:\Windows\system32\netutils.dll @ 0x7ff8a11a1010
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetUserGetLocalGroups : C:\Windows\system32\samcli.dll @ 0x7ff89b5b2dc0
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetQueryDisplayInformation : C:\Windows\system32\samcli.dll @ 0x7ff89b5b5160
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdEx : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225b384
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2258848
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjects : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259730
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjects : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22597e8
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259200
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22594c4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevSetObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225b074
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFindProperty : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225c434
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdsEx : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22893d4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryEx : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259d20
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225a060
Rest of the logs are clean. Please check

15
RogueKiller / Can you please analyze my report?
« on: July 14, 2014, 11:10:10 pm »
I just installed a new legit Windows and I get this in report and don't know what to think. If any of you knowing folks would describe it for me I'd greatly appreciate it




RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Scan -- Date : 07/14/2014  14:02:12

Bad processes : 1
[Proc.Hidden]  --
  • -> KILLED [TermThr]


Registry Entries : 0

Scheduled tasks : 0

Files : 0

HOSTS File : 0

Antirootkit : 20 (Driver: LOADED)
[EAT:Addr] (explorer.exe) framedynos.dll - DllCanUnloadNow : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee148160
[EAT:Addr] (explorer.exe) framedynos.dll - DllGetClassObject : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee148118
[EAT:Addr] (explorer.exe) framedynos.dll - DllRegisterServer : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee1481b0
[EAT:Addr] (explorer.exe) framedynos.dll - DllUnregisterServer : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee1481e4
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 6f31a3b4e2438f6f852eb4a71421b31a
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152899 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 313344000 | Size: 770867 MB
3 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] c94a3f644b9df44855dcce7dcdcd19f1
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -490340352 | Size: 49999 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07142014_134723.log - RKreport_SCN_07142014_134635.log


Pages: [1]