Messages

16

RogueKiller / Re: Weird antirootkit entry

« on: May 30, 2015, 01:38:52 AM »

RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/29/2015  18:02:46

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] MP3SkypeRecorder.exe(9156) -- C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 5 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3399570657-819039515-4050530942-1001\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3399570657-819039515-4050530942-1001\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GalaxyCommunication ("C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GalaxyCommunication ("C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GalaxyCommunication ("C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe") -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - memcpy : Unknown @ 0x1f20009 (call 0x5|jmp 0x34|jmp 0xffffff6e)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 37345cd71e41256344dce83f23e3d943
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 923516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3804626944 | Size: 49999 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3804626944 | Size: 49999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3804626944 | Size: 49999 MB[Invalid]

17

RogueKiller / Weird antirootkit entry

« on: May 29, 2015, 06:09:24 PM »

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - memcpy : Unknown @ 0x1f20009 (call 0x5|jmp 0x34|jmp 0xffffff6e)

Is this malware?

18

RogueKiller / Re: Please analyze my log

« on: May 12, 2015, 10:34:14 AM »

Hi nitrousable,

Your report is clean.

Regards.

Thank you but what are these 2 entries?
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found

I know this this is a part of a program WebChecker but I don't have it on my computer. These 2 entries along with the webcheck.dll randomly appeared yesterday. I checked the creation date to be doubly sure.

19

RogueKiller / Please analyze my log

« on: May 11, 2015, 07:15:40 PM »

RogueKiller V10.6.3.0 (x64) [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/11/2015  19:11:38

¤¤¤ Processes : 0 ¤¤¤


¤¤¤ Registry : 2 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 37345cd71e41256344dce83f23e3d943
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 923516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

20

RogueKiller / Re: ===> False Positives <===

« on: February 20, 2015, 04:17:41 AM »

[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - WinExec : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38500 (jmp 0xfffffffff84984ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d385c0 (jmp 0xfffffffff84c858a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d356f0 (jmp 0xfffffffff84656ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37cc0 (jmp 0xfffffffff8677c8a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetReadFileExW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37da0 (jmp 0xfffffffff86a7d6a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37460 (jmp 0xfffffffff85b742a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpSendRequestExW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d378b0 (jmp 0xfffffffff873787a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - HttpSendRequestW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d376b0 (jmp 0xfffffffff86d767a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WININET.dll - InternetOpenUrlW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d37a90 (jmp 0xfffffffff8617a5a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d385c0 (jmp 0xfffffffff84c858a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36160 (jmp 0xfffffffff891612a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtAllocateVirtualMemory : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d36270 (jmp 0xfffffffff88e623a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d38a00 (jmp 0xfffffffff82489ca)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d381f0 (jmp 0xfffffffff82e81ba)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d380c0 (jmp 0xfffffffff82b808a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35490 (jmp 0xfffffffff83d545a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - MoveFileA : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35550 (jmp 0xfffffffff840551a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CopyFileW : C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll @ 0x69d35620 (jmp 0xfffffffff84355ea)

21

RogueKiller / Re: ===> False Positives <===

« on: February 19, 2015, 01:35:30 AM »

[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) MF.dll - MFGetService : C:\Windows\SysWOW64\MFCORE.DLL @ 0x6c68f090
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68

22

RogueKiller / Please analyze my log

« on: February 18, 2015, 10:32:03 AM »

¤¤¤ Antirootkit : 70 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_POWER[22] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x2879a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_PNP[27] : Unknown @ 0x2879a2c0
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) MF.dll - MFGetService : C:\Windows\SysWOW64\MFCORE.DLL @ 0x6c68f090
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x53311b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x52ebfa68

23

RogueKiller / Re: Computer BOSD when running RogueKiller X64

« on: December 19, 2014, 09:41:26 PM »

I used to get the same BSOD on my older machine, however it wasn't related to RK. It was a hardware issue on my end. I changed my PC and this bsod didn't occur ever since.

24

RogueKiller / Re: some PUM DNS found

« on: December 19, 2014, 05:38:10 PM »

Hello again Tigzy! So uninstalled the Daemon Tools as you told me to, but after reboot these lines stayed. I ran gmer and noticed that sptd.sys was still running and sptd.sys is a part of Daemon Tools driver. So I ran the sptd installer and uninstalled it and rebooted once again. Now RogueKiller shows clean results! Since green results don't show in logs, I attached them in the picture below. Learn something every day! Thank you very much for pointing out the culprit, you've been of great help! One of the best antimalware engineers out there

25

RogueKiller / Re: some PUM DNS found

« on: December 17, 2014, 03:25:52 PM »

Did you read the logs Tigzy?

26

RogueKiller / Re: Need help reading my report...

« on: December 14, 2014, 04:46:18 PM »

You should upload a26206.exe to VirusTotal and check the detection rates

27

RogueKiller / Re: some PUM DNS found

« on: December 13, 2014, 11:12:59 AM »

Log attached below

28

RogueKiller / Re: some PUM DNS found

« on: December 12, 2014, 05:45:49 PM »

Yep, please.

Can you scan with Malwarebytes Anti-Rootkit?

Just scanned one more time, nothing was found.

29

RogueKiller / Re: some PUM DNS found

« on: December 12, 2014, 03:08:17 PM »

Okay, do you know anything I could do?
I searched the adlice forums for mountmgr.sys file and I see a plenty of users have this file hooked.
http://forum.adlice.com/index.php?topic=176.msg618#msg618
Here you said that this looks legit


EDIT2:
After restart all the mountmgr.sys entries (even green ones) are now gone. Instead I see a similar detection pattern but with another file.

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x450172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x450172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x450172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x450172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_POWER[22] : Unknown @ 0x450172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x450172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_PNP[27] : Unknown @ 0x450172c0

30

RogueKiller / Re: some PUM DNS found

« on: December 12, 2014, 12:30:58 PM »

By the way, I scanned both of those sys. files on VirusTotal and it didn't find anything. I'm not sure if that can somehow relate but WMILIB.sys doesn't have caps in its name but RogueKiller shows it in caps. Perhaps 2 different files??