Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - nitrousable

Pages: 1 2 [3]
31
RogueKiller / Re: some PUM DNS found
« on: December 12, 2014, 12:19:06 pm »
Hello. I did some research and I found out that this IP belongs to Tunngle program so it should be legit.
Anti Rootkit found nothing.
RogueKiller scan now shows mountmgr.sys as a hooked driver, WMILIB.sys was only a one time thing. It also shows a lot of green legit mountmgr entries, perhaps you forgot to whitelist the orange ones?

32
RogueKiller / Re: some PUM DNS found
« on: December 11, 2014, 04:47:16 pm »
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_CREATE[0] : Unknown @ 0xee6172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0xee6172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xee6172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xee6172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_POWER[22] : Unknown @ 0xee6172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xee6172c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\WMILIB.SYS - IRP_MJ_PNP[27] : Unknown @ 0xee6172c0

New entries in antirootkit tab found

33
RogueKiller / Re: some PUM DNS found
« on: December 11, 2014, 03:59:33 pm »
Are those PUM DNS dangerous? I've no idea how it got there. I don't live in the US by the way.

34
RogueKiller / some PUM DNS found
« on: December 11, 2014, 03:35:32 pm »
I ran latest roguekiller version today and it found some pum dns. Log attached below.
It might be worth mentioning that my internet had been very unstable today, I was able to run Steam and Skype and other such programs but I was unable to load any internet page.  I'm not sure if this could be related but anyway.
Can I get some clearance here, please?




RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Administrator]
Mode : Scan -- Date : 12/11/2014  15:28:42

Processes : 0

Registry : 2
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9DFA091-EE4C-4E93-8FE1-0316941911F3} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F9DFA091-EE4C-4E93-8FE1-0316941911F3} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Found

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 7 (Driver: Loaded)
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x5bc002c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x5bc002c0

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 37345cd71e41256344dce83f23e3d943
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 923516 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 1e5e6ffb562d75a94caff1a57a5f48ca
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -490340352 | Size: 49999 MB
User = LL1 ... OK
User = LL2 ... OK

35
RogueKiller / Re: Roguekiller problem after new version.
« on: November 13, 2014, 06:25:59 pm »
Same here

36
RogueKiller / Re: ===> False Positives <===
« on: November 06, 2014, 01:55:30 pm »
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_POWER[22] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x40a0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\PCIIDEX.SYS - IRP_MJ_PNP[27] : Unknown @ 0x40a0c2c0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7fff606c24b0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7fff606c23c0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb16a0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\Windows\SYSTEM32\WTSAPI32.dll @ 0x7fff5eeb1330
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationQueryInformationW : C:\Windows\SYSTEM32\WINSTA.dll @ 0x7fff5f6c1160
[IAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-input-l1-1-0.dll - WGIGetCurrentInputLanguage : C:\Windows\SYSTEM32\globinputhost.dll @ 0x7fff567d62f4

37
RogueKiller / Please analyze my log
« on: October 19, 2014, 07:40:10 pm »
Antirootkit : 48 (Driver: Loaded)
[IAT:Addr] (explorer.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d92604
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a227f470
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a227e350
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2253c7c
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225a060
[IAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2258848
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiUpdateLockScreenApplications : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696c3c4
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiChangeSessionState : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff896952b90
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d925bc
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtAssociateActivationProxy : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff896956bac
[IAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtDisassociateWorkItem : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696c94c
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtActivateWorkItem : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696c718
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtFreeMemory : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff896958cc8
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtQueryWorkItem : C:\Windows\SYSTEM32\twinapi.appcore.dll @ 0x7ff89696cae0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtEnumerateWorkItemsForPackageName : C:\Windows\SYSTEM32\twinapi.appcore.dll @

0x7ff89696c9f0
[IAT:Addr] (explorer.exe @ wpncore.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d9282c
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225a060
[IAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2258848
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d925bc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageInstallTime : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d926dc
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22594c4
[IAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259200
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\Windows\SYSTEM32\sppc.dll @ 0x7ff89d81566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\Windows\SYSTEM32\sppc.dll @ 0x7ff89d8178e8
[IAT:Addr] (explorer.exe @ WSSync.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d9282c
[IAT:Addr] (explorer.exe @ MrmCoreR.dll) api-ms-win-appmodel-identity-l1-1-0.dll - AppXGetOSMaxVersionTested : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d92460
[IAT:Addr] (explorer.exe @ ondemandconnroutehelper.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentApplicationUserModelId : C:\Windows\SYSTEM32\kernel.appcore.dll @

0x7ff8a0d925d4
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\Windows\SYSTEM32\kernel.appcore.dll @ 0x7ff8a0d925bc
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageApplicationContext : C:\Windows\SYSTEM32\kernel.appcore.dll

@ 0x7ff8a0d925e0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageOSMaxVersionTested : C:\Windows\SYSTEM32\kernel.appcore.dll @

0x7ff8a0d926e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageContext : C:\Windows\SYSTEM32\kernel.appcore.dll @

0x7ff8a0d925f8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageApplicationPropertyString : C:\Windows\SYSTEM32\kernel.appcore.dll

@ 0x7ff8a0d92688
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ff894c1bf60
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetUserGetInfo : C:\Windows\system32\samcli.dll @ 0x7ff89b5b1770
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetApiBufferFree : C:\Windows\system32\netutils.dll @ 0x7ff8a11a1010
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetUserGetLocalGroups : C:\Windows\system32\samcli.dll @ 0x7ff89b5b2dc0
[IAT:Addr] (explorer.exe @ wpc.dll) NETAPI32.dll - NetQueryDisplayInformation : C:\Windows\system32\samcli.dll @ 0x7ff89b5b5160
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdEx : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225b384
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2258848
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjects : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259730
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjects : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22597e8
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259200
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22594c4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevSetObjectProperties : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225b074
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFindProperty : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225c434
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdsEx : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a22893d4
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryEx : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a2259d20
[IAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\Windows\SYSTEM32\cfgmgr32.dll @ 0x7ff8a225a060
Rest of the logs are clean. Please check

38
RogueKiller / Can you please analyze my report?
« on: July 14, 2014, 11:10:10 pm »
I just installed a new legit Windows and I get this in report and don't know what to think. If any of you knowing folks would describe it for me I'd greatly appreciate it




RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Scan -- Date : 07/14/2014  14:02:12

Bad processes : 1
[Proc.Hidden]  --
  • -> KILLED [TermThr]


Registry Entries : 0

Scheduled tasks : 0

Files : 0

HOSTS File : 0

Antirootkit : 20 (Driver: LOADED)
[EAT:Addr] (explorer.exe) framedynos.dll - DllCanUnloadNow : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee148160
[EAT:Addr] (explorer.exe) framedynos.dll - DllGetClassObject : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee148118
[EAT:Addr] (explorer.exe) framedynos.dll - DllRegisterServer : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee1481b0
[EAT:Addr] (explorer.exe) framedynos.dll - DllUnregisterServer : C:\Windows\System32\qmgrprxy.dll @ 0x7ff8ee1481e4
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllCanUnloadNow : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749d1845
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllGetClassObject : C:\Windows\SysWOW64\ieapfltr.dll @ 0x749c7390
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllRegisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a00fe0
[EAT:Addr] (iexplore.exe) DPAPI.DLL - DllUnregisterServer : C:\Windows\SysWOW64\ieapfltr.dll @ 0x74a01042

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: SAMSUNG HD103SI +++++
--- User ---
[MBR] 6f31a3b4e2438f6f852eb4a71421b31a
[BSP] d2c032d2125283caa119df8964ce8bd7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1892796416 | Size: 29651 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152899 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 313344000 | Size: 770867 MB
3 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1892079616 | Size: 350 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] c94a3f644b9df44855dcce7dcdcd19f1
[BSP] 56eea2c0bc00d01469255301e21a3c32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1857727 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -490340352 | Size: 49999 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07142014_134723.log - RKreport_SCN_07142014_134635.log


Pages: 1 2 [3]