Author Topic: Rootkit warnings  (Read 6012 times)

0 Members and 1 Guest are viewing this topic.

June 05, 2014, 12:48:44 AM

phatpharm

  • Guest
Rootkit warnings
« on: June 05, 2014, 12:48:44 AM »
Hi,

I have been using your great program for some time now.  I keep my computer quite clean, but after a rebuild to Win 8.1 I can't seem to shake this problem.

RougueKiller shows positives,  but no other major brand gets any hits (except  GMER)   Neither has the ability to remove the process. GMER says its a hidden file in my sys32/drivers folder.  The name seems to random generate everytime I reboot and rerun.  Makes sense that a rootkit is on the PC.  Here's the log file, hope you can help!

¤¤¤ Antirootkit : 129 ¤¤¤
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - GetPwrCapabilities : C:\Windows\SYSTEM32\powrprof.dll @ 0x7ff8d8ae1aa0
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - PowerDeterminePlatformRoleEx : C:\Windows\SYSTEM32\powrprof.dll @ 0x7ff8d8ae1890
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - CallNtPowerInformation : C:\Windows\SYSTEM32\powrprof.dll @ 0x7ff8d8ae1050
[EAT:Addr] (explorer.exe) MrmCoreR.dll - AsyncGetClassBits : C:\Windows\system32\urlmon.dll @ 0x7ff8d15370b0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - AsyncInstallDistributionUnit : C:\Windows\system32\urlmon.dll @ 0x7ff8d1537210
[EAT:Addr] (explorer.exe) MrmCoreR.dll - BindAsyncMoniker : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521f90
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CDLGetLongPathNameA : C:\Windows\system32\urlmon.dll @ 0x7ff8d15378d0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CDLGetLongPathNameW : C:\Windows\system32\urlmon.dll @ 0x7ff8d15378e8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CORPolicyProvider : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521674
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoGetClassObjectFromURL : C:\Windows\system32\urlmon.dll @ 0x7ff8d15373fc
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInstall : C:\Windows\system32\urlmon.dll @ 0x7ff8d1537460
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCanonicalizeIUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e5660
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCombineIUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e80a0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCombineUrl : C:\Windows\system32\urlmon.dll @ 0x7ff8d14d46a4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCombineUrlEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14d43c0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCompareUrl : C:\Windows\system32\urlmon.dll @ 0x7ff8d1525280
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCreateSecurityManager : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a1ee0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetCreateZoneManager : C:\Windows\system32\urlmon.dll @ 0x7ff8d14b0810
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetFeatureSettingsChanged : C:\Windows\system32\urlmon.dll @ 0x7ff8d1560284
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetGetProtocolFlags : C:\Windows\system32\urlmon.dll @ 0x7ff8d152537c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetGetSecurityUrl : C:\Windows\system32\urlmon.dll @ 0x7ff8d15253d0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetGetSecurityUrlEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e9cd0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetGetSession : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a2460
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetIsFeatureEnabled : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e8dc0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetIsFeatureEnabledForIUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e51b8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetIsFeatureEnabledForUrl : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e1820
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetIsFeatureZoneElevationEnabled : C:\Windows\system32\urlmon.dll @ 0x7ff8d152586c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetParseIUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d14d56a8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetParseUrl : C:\Windows\system32\urlmon.dll @ 0x7ff8d14b1490
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetQueryInfo : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e7c50
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CoInternetSetFeatureEnabled : C:\Windows\system32\urlmon.dll @ 0x7ff8d1525af4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CompareSecurityIds : C:\Windows\system32\urlmon.dll @ 0x7ff8d14bd1a4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CompatFlagsFromClsid : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e4044
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CopyBindInfo : C:\Windows\system32\urlmon.dll @ 0x7ff8d1533020
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CopyStgMedium : C:\Windows\system32\urlmon.dll @ 0x7ff8d14aba0c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateAsyncBindCtx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14f86c0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateAsyncBindCtxEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e3d14
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateFormatEnumerator : C:\Windows\system32\urlmon.dll @ 0x7ff8d14c68e0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateIUriBuilder : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a3660
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateURLMoniker : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fccf4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateURLMonikerEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a78d0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateURLMonikerEx2 : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e40f0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a16f0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateUriFromMultiByteString : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521ee4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateUriPriv : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521ef8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - CreateUriWithFragment : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521f40
[EAT:Addr] (explorer.exe) MrmCoreR.dll - DllCanUnloadNow : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a1600
[EAT:Addr] (explorer.exe) MrmCoreR.dll - DllGetClassObject : C:\Windows\system32\urlmon.dll @ 0x7ff8d14eab3c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - DllInstall : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522458
[EAT:Addr] (explorer.exe) MrmCoreR.dll - DllRegisterServer : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522464
[EAT:Addr] (explorer.exe) MrmCoreR.dll - DllRegisterServerEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fe070
[EAT:Addr] (explorer.exe) MrmCoreR.dll - DllUnregisterServer : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522470
[EAT:Addr] (explorer.exe) MrmCoreR.dll - Extract : C:\Windows\system32\urlmon.dll @ 0x7ff8d1537f74
[EAT:Addr] (explorer.exe) MrmCoreR.dll - FaultInIEFeature : C:\Windows\system32\urlmon.dll @ 0x7ff8d1538fe8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - FileBearsMarkOfTheWeb : C:\Windows\system32\urlmon.dll @ 0x7ff8d14d6b60
[EAT:Addr] (explorer.exe) MrmCoreR.dll - FindMediaType : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522e9c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - FindMediaTypeClass : C:\Windows\system32\urlmon.dll @ 0x7ff8d14c6080
[EAT:Addr] (explorer.exe) MrmCoreR.dll - FindMimeFromData : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e50bc
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetAddSitesFileUrl : C:\Windows\system32\urlmon.dll @ 0x7ff8d15602b0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetClassFileOrMime : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fb8ec
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetClassURL : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522074
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetComponentIDFromCLSSPEC : C:\Windows\system32\urlmon.dll @ 0x7ff8d15392e8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetIDNFlagsForUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d14bc7f0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetIUriPriv : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521f60
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetIUriPriv2 : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521f50
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetLabelsFromNamedHost : C:\Windows\system32\urlmon.dll @ 0x7ff8d1568b54
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetMarkOfTheWeb : C:\Windows\system32\urlmon.dll @ 0x7ff8d1559390
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetPortFromUrlScheme : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521e94
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetPropertyFromName : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521ea4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetPropertyName : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521eb4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetSoftwareUpdateInfo : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fe070
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetUrlmonThreadNotificationHwnd : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fdeb4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - GetZoneFromAlternateDataStreamEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a6d90
[EAT:Addr] (explorer.exe) MrmCoreR.dll - HlinkGoBack : C:\Windows\system32\urlmon.dll @ 0x7ff8d1556e78
[EAT:Addr] (explorer.exe) MrmCoreR.dll - HlinkGoForward : C:\Windows\system32\urlmon.dll @ 0x7ff8d1556f24
[EAT:Addr] (explorer.exe) MrmCoreR.dll - HlinkNavigateMoniker : C:\Windows\system32\urlmon.dll @ 0x7ff8d1556fd0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - HlinkNavigateString : C:\Windows\system32\urlmon.dll @ 0x7ff8d1557004
[EAT:Addr] (explorer.exe) MrmCoreR.dll - HlinkSimpleNavigateToMoniker : C:\Windows\system32\urlmon.dll @ 0x7ff8d1557038
[EAT:Addr] (explorer.exe) MrmCoreR.dll - HlinkSimpleNavigateToString : C:\Windows\system32\urlmon.dll @ 0x7ff8d15575e8
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IECompatLogCSSFix : C:\Windows\system32\urlmon.dll @ 0x7ff8d15312fc
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IEDllLoader : C:\Windows\system32\urlmon.dll @ 0x7ff8d15226f0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IEGetUserPrivateNamespaceName : C:\Windows\system32\urlmon.dll @ 0x7ff8d1533244
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IEInstallScope : C:\Windows\system32\urlmon.dll @ 0x7ff8d1537554
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IntlPercentEncodeNormalize : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521f70
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsAsyncMoniker : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e21fc
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsDWORDProperty : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521ec4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsIntranetAvailable : C:\Windows\system32\urlmon.dll @ 0x7ff8d1560668
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsJITInProgress : C:\Windows\system32\urlmon.dll @ 0x7ff8d14bb328
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsLoggingEnabledA : C:\Windows\system32\urlmon.dll @ 0x7ff8d155855c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsLoggingEnabledW : C:\Windows\system32\urlmon.dll @ 0x7ff8d1558688
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsStringProperty : C:\Windows\system32\urlmon.dll @ 0x7ff8d1521ed4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - IsValidURL : C:\Windows\system32\urlmon.dll @ 0x7ff8d14d7610
[EAT:Addr] (explorer.exe) MrmCoreR.dll - MkParseDisplayNameEx : C:\Windows\system32\urlmon.dll @ 0x7ff8d14f92f0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - ObtainUserAgentString : C:\Windows\system32\urlmon.dll @ 0x7ff8d152dce0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - PrivateCoInstall : C:\Windows\system32\urlmon.dll @ 0x7ff8d1537560
[EAT:Addr] (explorer.exe) MrmCoreR.dll - QueryAssociations : C:\Windows\system32\urlmon.dll @ 0x7ff8d14be9c0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - QueryClsidAssociation : C:\Windows\system32\urlmon.dll @ 0x7ff8d1530a8c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RegisterBindStatusCallback : C:\Windows\system32\urlmon.dll @ 0x7ff8d14df600
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RegisterFormatEnumerator : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e1c6c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RegisterMediaTypeClass : C:\Windows\system32\urlmon.dll @ 0x7ff8d15220c0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RegisterMediaTypes : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522210
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RegisterWebPlatformPermanentSecurityManager : C:\Windows\system32\urlmon.dll @ 0x7ff8d14d8c54
[EAT:Addr] (explorer.exe) MrmCoreR.dll - ReleaseBindInfo : C:\Windows\system32\urlmon.dll @ 0x7ff8d14a7d40
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RevokeBindStatusCallback : C:\Windows\system32\urlmon.dll @ 0x7ff8d14dfbf0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - RevokeFormatEnumerator : C:\Windows\system32\urlmon.dll @ 0x7ff8d15222cc
[EAT:Addr] (explorer.exe) MrmCoreR.dll - SetAccessForIEAppContainer : C:\Windows\system32\urlmon.dll @ 0x7ff8d1533258
[EAT:Addr] (explorer.exe) MrmCoreR.dll - SetSoftwareUpdateAdvertisementState : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fe070
[EAT:Addr] (explorer.exe) MrmCoreR.dll - ShouldDisplayPunycodeForUri : C:\Windows\system32\urlmon.dll @ 0x7ff8d152de50
[EAT:Addr] (explorer.exe) MrmCoreR.dll - ShouldShowIntranetWarningSecband : C:\Windows\system32\urlmon.dll @ 0x7ff8d14e3a3c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - ShowTrustAlertDialog : C:\Windows\system32\urlmon.dll @ 0x7ff8d1560820
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLDownloadA : C:\Windows\system32\urlmon.dll @ 0x7ff8d1525cc4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLDownloadToCacheFileA : C:\Windows\system32\urlmon.dll @ 0x7ff8d1557d9c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLDownloadToCacheFileW : C:\Windows\system32\urlmon.dll @ 0x7ff8d14ca0c4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLDownloadToFileA : C:\Windows\system32\urlmon.dll @ 0x7ff8d1557f10
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLDownloadToFileW : C:\Windows\system32\urlmon.dll @ 0x7ff8d14cefd0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLDownloadW : C:\Windows\system32\urlmon.dll @ 0x7ff8d1525d78
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLOpenBlockingStreamA : C:\Windows\system32\urlmon.dll @ 0x7ff8d1558058
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLOpenBlockingStreamW : C:\Windows\system32\urlmon.dll @ 0x7ff8d1558138
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLOpenPullStreamA : C:\Windows\system32\urlmon.dll @ 0x7ff8d155821c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLOpenPullStreamW : C:\Windows\system32\urlmon.dll @ 0x7ff8d15582e0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLOpenStreamA : C:\Windows\system32\urlmon.dll @ 0x7ff8d1558408
[EAT:Addr] (explorer.exe) MrmCoreR.dll - URLOpenStreamW : C:\Windows\system32\urlmon.dll @ 0x7ff8d15584d0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - UnregisterWebPlatformPermanentSecurityManager : C:\Windows\system32\urlmon.dll @ 0x7ff8d14fc9b4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - UrlMkBuildVersion : C:\Windows\system32\urlmon.dll @ 0x7ff8d1522804
[EAT:Addr] (explorer.exe) MrmCoreR.dll - UrlMkGetSessionOption : C:\Windows\system32\urlmon.dll @ 0x7ff8d14b3e60
[EAT:Addr] (explorer.exe) MrmCoreR.dll - UrlMkSetSessionOption : C:\Windows\system32\urlmon.dll @ 0x7ff8d14dd0e4
[EAT:Addr] (explorer.exe) MrmCoreR.dll - UrlmonCleanupCurrentThread : C:\Windows\system32\urlmon.dll @ 0x7ff8d14ca27c
[EAT:Addr] (explorer.exe) MrmCoreR.dll - WriteHitLogging : C:\Windows\system32\urlmon.dll @ 0x7ff8d15585d0
[EAT:Addr] (explorer.exe) MrmCoreR.dll - ZonesReInit : C:\Windows\system32\urlmon.dll @ 0x7ff8d1559c30

Reply #1June 05, 2014, 08:08:22 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Rootkit warnings
« Reply #1 on: June 05, 2014, 08:08:22 AM »
Hello
You didn't use the latest version because these are already fixed :)