Author Topic: Newbie with Amber ANTI rootkit emtries  (Read 6119 times)

0 Members and 1 Guest are viewing this topic.

September 17, 2015, 01:09:44 AM

jhp1

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Newbie with Amber ANTI rootkit emtries
« on: September 17, 2015, 01:09:44 AM »
Greetings,

I just upgraded to 10.10.5.0 and ran a scan and got a bunch of amber anti rootkit results that I cannot delete.
I need assistance as to what to do next.

Thanks,

Joe

Reply #1September 17, 2015, 01:14:17 AM

jhp1

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Newbie with Amber ANTI rootkit emtries
« Reply #1 on: September 17, 2015, 01:14:17 AM »
Excuse me , Joe again I thought the log might help:
RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jhp1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 09/16/2015 18:57:04

¤¤¤ Processes : 2 ¤¤¤
[Tr.Zeus] mbamservice.exe(2692) -- D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[7] -> [NoKill]
[VT.Unknown] CFShell64.dll(4060) -- D:\Program Files (x86)\CryptoForge\CFShell64.dll[7] -> [NoKill]

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer :  ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer :  ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ADB54A50-9400-42A5-A9F1-E1C929DF052F} | DhcpNameServer :  ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ADB54A50-9400-42A5-A9F1-E1C929DF052F} | DhcpNameServer :  ([(Private Address) (XX)][(Private Address) (XX)])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

¤¤¤ Antirootkit : 87 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegCreateKeyW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - DelayLoadFailureHook : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) GDI32.dll - GetRgnBox : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - CopyRect : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - iswalpha : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - WinSqmSetString : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHLWAPI.dll - StrStrIW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHCreateDataObject : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ole32.dll - CoInitializeEx : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) UxTheme.dll - GetThemeBackgroundExtent : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) POWRPROF.dll - CallNtPowerInformation : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) dwmapi.dll - DwmEnableBlurBehindWindow : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) slc.dll - SLGetWindowsInformationDWORD : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) gdiplus.dll - GdipSetInterpolationMode : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Secur32.dll - GetUserNameExW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) RPCRT4.dll - NdrClientCall3 : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe) PROPSYS.dll - PSCreateMemoryPropertyStore : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) KERNELBASE.dll - BaseReleaseProcessExePath : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GDI32.dll) LPK.dll - LpkGetCharacterPlacement : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ LPK.dll) USP10.dll - ScriptRecordDigitSubstitution : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ EXPLORERFRAME.dll) DUser.dll - GetGadgetFocus : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ EXPLORERFRAME.dll) DUI70.dll - FlushThemeHandles : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ EXPLORERFRAME.dll) IMM32.dll - ImmReleaseContext : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ IMM32.dll) MSCTF.dll - CtfImeProcessCicHotkey : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - SetupDiGetClassDevsW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SETUPAPI.dll) CFGMGR32.dll - CM_Get_Class_Property_ExW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SETUPAPI.dll) DEVOBJ.dll - DevObjOpenDeviceInterface : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ PROPSYS.dll) OLEAUT32.dll - BSTR_UserSize64 : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SndVolSSO.DLL) HID.DLL - HidP_GetUsages : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ timedate.cpl) comctl32.dll - InitCommonControlsEx : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ authui.dll) CRYPTUI.dll - CryptUIDlgViewCertificateW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ authui.dll) CRYPT32.dll - CertFreeCertificateContext : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) MSASN1.dll - ASN1BEREncEndOfContents : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gameux.dll) XmlLite.dll - CreateXmlReader : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gameux.dll) wer.dll - WerReportSubmit : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msiltcfg.dll) VERSION.dll - VerQueryValueW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-shlwapi-l1-1-0.dll - PathGetDriveNumberW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-advapi32-l1-1-0.dll - RegEnumValueA : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-user32-l1-1-0.dll - CharPrevA : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-normaliz-l1-1-0.dll - IdnToAscii : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) iertutil.dll - IsStringProperty : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) WININET.dll - AppCacheCloseHandle : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ WININET.dll) USERENV.dll - GetProfileType : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ stobject.dll) BatMeter.dll - IsBatteryLevelLow : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ prnfldr.dll) WINSPOOL.DRV - GetPrinterDataW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ dxp.dll) urlmon.dll - CoInternetParseUrl : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ dxp.dll) shdocvw.dll - DllRegisterWindowClasses : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ netshell.dll) IPHLPAPI.DLL - GetAdaptersAddresses : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ netshell.dll) nlaapi.dll - NlaCloseQuery : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ IPHLPAPI.DLL) NSI.dll - NsiSetParameter : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ IPHLPAPI.DLL) WINNSI.DLL - NsiRpcDeregisterChangeNotification : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ pnidui.dll) QUtil.dll - FreeIsolationInfo : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ pnidui.dll) wevtapi.dll - EvtSubscribe : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ credssp.dll) SSPICLI.DLL - RevertSecurityContext : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ provsvc.dll) WS2_32.dll - WSALookupServiceBeginW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ Wlanapi.dll) wlanutil.dll - WlanStringToSsid : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ wwanapi.dll) wwapi.dll - WwanRegister : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ fxsst.dll) FXSAPI.dll - FaxAccessCheckEx : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ wscinterop.dll) WSCAPI.dll - WscRegisterForChanges : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ werconcpl.dll) wercplsupport.dll - WerComGetAdminStores : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ framedynos.dll) WTSAPI32.dll - WTSUnRegisterSessionNotification : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msxml6.dll) bcrypt.dll - BCryptGenRandom : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ieframe.DLL) api-ms-win-downlevel-shlwapi-l2-1-0.dll - SHOpenRegStream2W : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ieframe.DLL) api-ms-win-downlevel-advapi32-l2-1-0.dll - ConvertStringSecurityDescriptorToSecurityDescriptorW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ieframe.DLL) api-ms-win-downlevel-shell32-l1-1-0.dll - GetCurrentProcessExplicitAppUserModelID : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ HMIPCore64.dll) MSWSOCK.dll - GetAcceptExSockaddrs : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ wpdshext.dll) WINMM.dll - timeSetEvent : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ TosBtExt.dll) comdlg32.dll - GetOpenFileNameW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ prnntfy.dll) puiapi.dll - STRAPI_FormatMsg : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ RasMM.dll) RASAPI32.dll - RasGetEntryPropertiesW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ RASAPI32.dll) rasman.dll - RasGetUnicodeDeviceName : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ WlanMM.dll) wlanhlp.dll - WlanPrivateGetAvailableNetworkList : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ wlanhlp.dll) Wlanapi.dll - WlanSetSecuritySettings : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ wlanhlp.dll) OneX.DLL - OneXCreateDefaultProfile : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ wlanhlp.dll) eappcfg.dll - EapHostPeerConfigBlob2Xml : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ OneX.DLL) eappprxy.dll - EapHostPeerGetResponseAttributes : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ RASDLG.dll) MPRAPI.dll - MprConfigInterfaceGetHandle : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ RASDLG.dll) rtutils.dll - TraceDeregisterExA : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ACLUI.dll) NTDSAPI.dll - DsFreeNameResultW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ oodsh.dll) MSIMG32.dll - AlphaBlend : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ oodsh.dll) OLEACC.dll - AccessibleObjectFromWindow : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ syncui.dll) SYNCENG.dll - OpenBriefcase : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ SYNCENG.dll) LINKINFO.dll - CreateLinkInfoW : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ acppage.dll) SFC.DLL - SfcIsFileProtected : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ thumbcache.dll) PSAPI.DLL - QueryWorkingSetEx : Unknown @ 0xffffffffed5d0217 (call 0xffffffffeb2f0216)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA INTEL SSDSC2MH12 SCSI Disk Device +++++
--- User ---
[MBR] 3a51f718ca40da64122e9422fb218332
[BSP] abfb9f111a6db72649f1b0545741721f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA WDC WD1002FAEX-0 SCSI Disk Device +++++
--- User ---
[MBR] b7bea23f71010211c88c9e741c70c74d
[BSP] 9366b4a4a74feb557a80f9badf9efd92 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 472000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 966658048 | Size: 481866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ATA WDC WD1002FAEX-0 SCSI Disk Device +++++
--- User ---
[MBR] d377b60f30eef82f329e675280397552
[BSP] f80d8c5646d431d28088ecc4b55b2ed5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 472000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 966658048 | Size: 481866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WD My Book 1140 USB Device +++++
--- User ---
[MBR] 0a8cd844c0c326ad9a6d1e98ee57a030
[BSP] 98ab19e02c345563e9ed688b95637f24 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: WDC WD10 03FZEX-00MK2A0 USB Device +++++
--- User ---
[MBR] 7c507e71f87c4901f242e8d73be23ce4
[BSP] db255e225e50784857e936e1718b3bf6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


Reply #2September 17, 2015, 08:26:32 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Newbie with Amber ANTI rootkit emtries
« Reply #2 on: September 17, 2015, 08:26:32 PM »
Hi Joe,

Welcome to Adlice.com Forum.
Those hooks are legit.

Regards.

Reply #3September 17, 2015, 11:58:29 PM

jhp1

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Newbie with Amber ANTI rootkit emtries
« Reply #3 on: September 17, 2015, 11:58:29 PM »
Thanks for your help

Joe

Reply #4September 18, 2015, 12:21:43 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Newbie with Amber ANTI rootkit emtries
« Reply #4 on: September 18, 2015, 12:21:43 AM »
Hi Joe,

You are welcome.

Regards.