« previous next »
Pages: [1]

Author Topic: First timer here. Need help with my log.  (Read 4839 times)

0 Members and 1 Guest are viewing this topic.

January 23, 2015, 09:57:15 PM

Tomnundrum

  • Newbie
  • Offline
  • *
  • 1
  • Reputation:
    0
    • View Profile
First timer here. Need help with my log.
« on: January 23, 2015, 09:57:15 PM »
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : guest2 [Administrator]
Mode : Scan -- Date : 01/22/2015  06:16:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2825570796-2100251623-751099467-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2825570796-2100251623-751099467-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 12 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryExA : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x2582710 (jmp 0xffffffff8c06de15)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryW : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x25827f0 (jmp 0xffffffff8c06dedd)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryExW : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x2582780 (jmp 0xffffffff8c06de3b)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x2582850 (jmp 0xffffffff8ca58b45)
[IAT:Inl(Hook.IEAT)] (chrome.exe) d3d9.dll - Direct3DCreate9 : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x2583f70 (jmp 0xffffffff91a8350e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.dll - LoadLibraryW : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x100027f0 (jmp 0xffffffff99aededd)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.dll - LoadLibraryExW : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x10002780 (jmp 0xffffffff99aede3b)
[IAT:Inl(Hook.IEAT)] (firefox.exe) KERNEL32.dll - LoadLibraryExA : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x10002710 (jmp 0xffffffff99aede15)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x10002850 (jmp 0xffffffff9a4d8b45)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutReset : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x10003390 (jmp 0xffffffff9e308597)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutRestart : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x100034d0 (jmp 0xffffffff9e2ee018)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutPause : C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll @ 0x10003430 (jmp 0xffffffff9e2edfac)

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] 44xmzb39.default : DVDVideoSoft YouTube MP3 and Video Download [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 012c82119919a1bd41b4d830b8112ea1
[BSP] b41e3964ded7b67906fa1d55daa1f04f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 670405 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 012c82119919a1bd41b4d830b8112ea1
[BSP] b41e3964ded7b67906fa1d55daa1f04f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 670405 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 MB

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 36bd836550c12816c5600f4a4e693649
[BSP] d2ad29310d18af66a8448b9cca4f1c20 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
Logged
Reply #1January 24, 2015, 02:56:35 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: First timer here. Need help with my log.
« Reply #1 on: January 24, 2015, 02:56:35 PM »
Hi Tomnundrum,

Welcome to Adlice.com Forum.

The report was generated with the 32 bits version of RogueKiller.
Please download RogueKiller (64 bits version), redo a full scan and post the report obtained in your next reply.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.
Logged
Pages: [1]
« previous next »