Author Topic: Help Needed - Report  (Read 6577 times)

0 Members and 1 Guest are viewing this topic.

November 02, 2014, 02:47:55 AM

Russ773

  • Guest
Help Needed - Report
« on: November 02, 2014, 02:47:55 AM »
Hi there,

This past week I've noticed a few issues with my laptop. I've run my virus scanner (Bullguard) and MalwareBytes. Malwarebytes keeps blocking things from getting to me but somehow, something has slipped past. I've tried numerous different software to try and rid my computer of whatever is hidden in it. I've now come across RogueKiller and I'm pretty impressed with it.

I was wondering if anyone would be able to look at my report and tell me if they see anything suspicious.

Code: [Select]
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Russ [Administrator]
Mode : Delete -- Date : 11/02/2014  01:44:15

¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] mbar-1.07.0.1012.exe -- C:\Users\Russ\Desktop\mbar-1.07.0.1012.exe[7] -> ERROR [12]
[Suspicious.Path] mbar.exe -- C:\Users\Russ\Desktop\mbar\mbar.exe[7] -> ERROR [12]
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll[-] -> Unloaded
[Suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll[-] -> Unloaded
[Suspicious.Path] (SVC) UnsignedThemes -- C:\WINDOWS\unsignedthemes.exe[-] -> Stopped

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 114 (Driver: Not loaded [0x2]) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7ffccca303a0 (jmp 0xffffffff8012e480)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x7ffccca302a0 (jmp 0xffffffff8012db70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7ffccca30490 (jmp 0xffffffff8012de10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7ffccca303b0 (jmp 0xffffffff8012e9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7ffccca302b0 (jmp 0xffffffff8012e150)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ffccca302c0 (jmp 0xffffffff8012db40)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x7ffccca30290 (jmp 0xffffffff8012e1c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x7ffccca30330 (jmp 0xffffffff8012e1a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x7ffccca30340 (jmp 0xffffffff8012db80)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ffccca30350 (jmp 0xffffffff8012e2f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7ffccca303d0 (jmp 0xffffffff8012e250)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x7ffccca303f0 (jmp 0xffffffff8012e850)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x7ffccca30380 (jmp 0xffffffff8012dbd0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x7ffccca30430 (jmp 0xffffffff8012d430)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x7ffccca30400 (jmp 0xffffffff8012d700)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7ffccca304a0 (jmp 0xffffffff8012de10)
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\WINDOWS\SYSTEM32\gpapi.dll @ 0x7ffd48df1540
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ combase.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ combase.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ combase.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\WINDOWS\SYSTEM32\clbcatq.dll @ 0x7ffd4b2024b0
[IAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\WINDOWS\SYSTEM32\clbcatq.dll @ 0x7ffd4b2023c0
[IAT:Inl] (explorer.exe @ powrprof.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ advapi32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ advapi32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x7ffccca30280 (jmp 0xffffffff8012d160)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x7ffccca30280 (jmp 0xffffffff8012d160)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ TWINAPI.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ SspiCli.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7ffccca30440 (jmp 0xffffffff8012d970)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ bcryptPrimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ clbcatq.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ DUI70.dll) ntdll.dll - NtCreateSection : Unknown @ 0x7ffccca30310 (jmp 0xffffffff8012e800)
[IAT:Inl] (explorer.exe @ DEVOBJ.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ twinui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ twinui.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x7ffccca30340 (jmp 0xffffffff8012db80)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x7ffccca30380 (jmp 0xffffffff8012dbd0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ffccca302c0 (jmp 0xffffffff8012db40)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x7ffccca302a0 (jmp 0xffffffff8012db70)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ CRYPTSP.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ twinui.appcore.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51be0
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51330
[IAT:Addr] (explorer.exe @ twinui.appcore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d516a0
[IAT:Inl] (explorer.exe @ wpncore.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSQuerySessionInformationW : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d516a0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSRegisterSessionNotification : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51be0
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-wtsapi32-l1-1-0.dll - WTSFreeMemory : C:\WINDOWS\SYSTEM32\WTSAPI32.dll @ 0x7ffd46d51330
[IAT:Addr] (explorer.exe @ wpncore.dll) ext-ms-win-session-winsta-l1-1-0.dll - WinStationQueryInformationW : C:\WINDOWS\SYSTEM32\WINSTA.dll @ 0x7ffd49b11160
[IAT:Inl] (explorer.exe @ dwrite.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ Authui.DLL) ntdll.dll - NtOpenProcess : Unknown @ 0x7ffccca30370 (jmp 0xffffffff8012eaa0)
[IAT:Inl] (explorer.exe @ Authui.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ ncrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x7ffccca30320 (jmp 0xffffffff8012e940)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x7ffccca301e0 (jmp 0xffffffff8012dc50)
[IAT:Inl] (explorer.exe @ wpnprv.dll) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ WSClient.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ffccca301f0 (jmp 0xffffffff8012d310)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ffccca30480 (jmp 0xffffffff8012e590)
[IAT:Addr] (explorer.exe @ SettingSyncCore.dll) ext-ms-win-shell-settingsync-l1-1-0.dll - SettingSync_IsAllowedByGroupPolicy : C:\WINDOWS\SYSTEM32\SETTINGSYNCPOLICY.dll @ 0x7ffd3a712e44
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ffccca30350 (jmp 0xffffffff8012e2f0)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x7ffccca301e0 (jmp 0xffffffff8012dc50)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ fwpuclnt.dll) ntdll.dll - NtQueryObject : Unknown @ 0x7ffccca30450 (jmp 0xffffffff8012ece0)
[IAT:Addr] (explorer.exe @ PackageStateRoaming.dll) ext-ms-win-shell-settingsync-l1-1-0.dll - SettingSync_IsAppDataBackupRestoreEnabled : C:\WINDOWS\SYSTEM32\SETTINGSYNCPOLICY.dll @ 0x7ffd3a71204c
[IAT:Inl] (explorer.exe @ schannel.DLL) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)
[IAT:Inl] (explorer.exe @ schannel.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x7ffccca302e0 (jmp 0xffffffff8012e870)
[IAT:Inl] (explorer.exe @ schannel.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ffccca30390 (jmp 0xffffffff8012e960)
[IAT:Inl] (explorer.exe @ ncryptsslp.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ffccca303e0 (jmp 0xffffffff8012eab0)
[IAT:Inl] (explorer.exe @ tbs.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x7ffccca302d0 (jmp 0xffffffff8012e7e0)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 77e64d21064fdb0f8c6e932ba198e25a
[BSP] 0c6b2592cef7e5ccff74d06bb2fccd3f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11022014_012027.log - RKreport_DEL_11022014_012303.log - RKreport_SCN_11022014_014350.log
« Last Edit: November 02, 2014, 03:14:36 AM by Russ773 »

Reply #1November 02, 2014, 11:55:09 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Help Needed - Report
« Reply #1 on: November 02, 2014, 11:55:09 PM »
Hello
Yes, there's something hooking your APIs.
What did Mbar say?

Reply #2November 03, 2014, 12:21:05 AM

Russ773

  • Guest
Re: Help Needed - Report
« Reply #2 on: November 03, 2014, 12:21:05 AM »
When I ran it yesterday it came back clear. I'm currently running it again now and will post back the result once its completed.

Reply #3November 03, 2014, 12:48:38 AM

Russ773

  • Guest
Re: Help Needed - Report
« Reply #3 on: November 03, 2014, 12:48:38 AM »
Scan completed.

Came back all clear :/

Reply #4November 03, 2014, 11:54:57 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Help Needed - Report
« Reply #4 on: November 03, 2014, 11:54:57 AM »
I think those hooks are legit.
However, that would be interesting to know where they go...
We'll investigate
« Last Edit: November 04, 2014, 10:31:08 AM by Tigzy »

Reply #5November 03, 2014, 07:32:40 PM

Russ773

  • Guest
Re: Help Needed - Report
« Reply #5 on: November 03, 2014, 07:32:40 PM »
Thanks :)