Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - pivotel

Pages: [1]
1
Malware removal help / Assistance Requested
« on: March 22, 2015, 05:51:34 AM »
Hi Curson,

Love your work, inspirational!

I recently had an error that I've never experienced before when opening a game.

http://i.gyazo.com/e6615a6fc6899ce5208b82331338456e.png

The game still worked fine but I decided to perform a scan anyway.

Quote
RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Edward [Administrator]
Started from : D:\Users\Edward\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/22/2015  04:39:14

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 19 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutGetVolume : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000acd0 (jmp 0xffffffff9f4859e8)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutWrite : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac10 (jmp 0xffffffff9f4a5c95)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInClose : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ae40 (jmp 0xffffffff9f485474)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutReset : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000abe0 (jmp 0xffffffff9f49fde7)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInPrepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000aec0 (jmp 0xffffffff9f485456)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInOpen : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ad10 (jmp 0xffffffff9f4a1cbc)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutSetVolume : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000acf0 (jmp 0xffffffff9f485991)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInAddBuffer : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af40 (jmp 0xffffffff9f4853e5)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInReset : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b060 (jmp 0xffffffff9f48543e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutUnprepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac90 (jmp 0xffffffff9f4a609e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInGetPosition : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b0d0 (jmp 0xffffffff9f485469)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInUnprepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af00 (jmp 0xffffffff9f485429)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutClose : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000abb0 (jmp 0xffffffff9f4a6043)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutOpen : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ab40 (jmp 0xffffffff9f4a6622)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInStart : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af80 (jmp 0xffffffff9f4853c6)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInStop : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b000 (jmp 0xffffffff9f485412)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutPrepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac50 (jmp 0xffffffff9f4a5d41)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstance : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000a4d0 (jmp 0xffffffff99f607c5)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstanceEx : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000a630 (jmp 0xffffffff99f608e2)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Patriot Wildfire ATA Device +++++
--- User ---
[MBR] be293b8871d071d74f51df1ebbd093f1
[BSP] 2304ca54a1dbb77be9e65b606f9d735a : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000524AS ATA Device +++++
--- User ---
[MBR] d6ce936278f6c81d270231da3cff0341
[BSP] 7a2a3dc3040122d2247ea76acf756947 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 7e91472cf6759fbe214f0a7067217200
[BSP] 64884cf4f9b3a48ec6de01dd6cb30ee6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Seagate Desktop USB Device +++++
--- User ---
[MBR] ef6903c55d6d1c4188001ca82313cb50
[BSP] 6e4264fe1fa5e03f4924ed0d60f5d268 : Empty MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_03212015_220721.log - RKreport_DEL_03212015_221208.log - RKreport_DEL_03222015_010834.log - RKreport_DEL_03222015_010841.log
RKreport_DEL_03222015_010849.log - RKreport_SCN_03212015_220237.log - RKreport_SCN_03212015_220936.log - RKreport_SCN_03212015_221342.log
RKreport_SCN_03212015_232328.log - RKreport_SCN_03212015_235851.log - RKreport_SCN_03222015_004736.log - RKreport_SCN_03222015_011037.log

Any ideas on what this issue is and how to resolve it would be very much appreciated.

Kind Regards,
Edward

Pages: [1]