Software feedback > RogueKiller

===> False Positives <===

(1/78) > >>

Tigzy:
This is a common thread to report all false positives.
Please put the entire line of the text report, no screenshot as much as possible.

Thanks :)

VT.Unknown specific case:
VT.Unknown means the file was unknown on Virus Total, and normally it has been uploaded at the same time.
So, after the file is uploaded, it's analysed by Virus Total. It can take a few hours.

If you redo a scan later enough, there's a high chance that the Virus Total report is available.
RogueKiller will grab it and not see it as unknown anymore (and not flag it).
Then depending on the VirusTotal results, if it's malware it will be flagged and you will see a VT.Something detection.

So, please when you see a VT.Unknown detection, it's because the file is quite new on the web.
Be patient, and redo a scan an hour later to check if it has changed. You can also upload it on VirusTotal by yourself to know if it's legit or not.

Irrelevant:
Hello, are these false positives or is my computer infected ?

Antirootkit : 34 (Driver: Loaded)
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd2030c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd204034
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7fefe6f0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7fefe6e9370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7fefe712e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7fefe707490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7fefe702a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefe70ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7fefe71bf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7fefe6f3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7fefe6e8284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7fefe6ed9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7fefe70ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefe70f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7fefe703560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7fefe6f9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7fefe809440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7fefe708e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7fefe708e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7fefe701314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefc0a1b94
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Get_DevNode_Status_Ex : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd202fb4
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Reenumerate_DevNode : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd20cff0
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Get_Device_ID_ExW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd202d90
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef2a516f0

Tigzy:
Hello
Yes, they are already fixed and waiting for the next release :)

davec:
Are these also all false positives???????? TIA for your consideration.

Antirootkit : 108 (Driver: Loaded)
[IAT:Addr] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x80720000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x80580000
[IAT:Addr] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x80580000
[IAT:Addr] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd4430c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd444034
[IAT:Addr] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ guard64.dll) ntdll.dll - ZwCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff380680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3a2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff397490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3abf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff378284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff379370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff37d9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff39ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff393560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff389980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff383e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff499440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff398e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff398e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff392a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff391314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefd0b1b94
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff398e70
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\system32\ole32.dll @ 0x7feff49a1a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff393560
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff398e20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\system32\ole32.dll @ 0x7feff455fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3abf00
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff397490
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoDisconnectObject : C:\Windows\system32\ole32.dll @ 0x7feff378420
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstanceEx : C:\Windows\system32\ole32.dll @ 0x7feff37de90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetCurrentLogicalThreadId : C:\Windows\system32\ole32.dll @ 0x7feff371d60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff391314
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetObjectContext : C:\Windows\system32\ole32.dll @ 0x7feff38c920
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff392a30
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\system32\ole32.dll @ 0x7feff4c3f90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff389980
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff379370
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - IIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff378d18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff37ad64
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff3963a8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\system32\ole32.dll @ 0x7feff375da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetApartmentType : C:\Windows\system32\ole32.dll @ 0x7feff396cf0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - GetHGlobalFromStream : C:\Windows\system32\ole32.dll @ 0x7feff439d20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39f1ac
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - ProgIDFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff4bf850
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff380680
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3787e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff378284
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\system32\ole32.dll @ 0x7feff3a2c60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\system32\ole32.dll @ 0x7feff4ca130
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\system32\ole32.dll @ 0x7feff38ca98
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMalloc : C:\Windows\system32\ole32.dll @ 0x7feff393540
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3a2e18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39ea20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantClear : C:\Windows\system32\ole32.dll @ 0x7feff396da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantCopy : C:\Windows\system32\ole32.dll @ 0x7feff4730a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff383e90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff39ef20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3740c0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff37d9d0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeSecurity : C:\Windows\system32\ole32.dll @ 0x7feff388220
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevertToSelf : C:\Windows\system32\ole32.dll @ 0x7feff375a58
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoImpersonateClient : C:\Windows\system32\ole32.dll @ 0x7feff375a14
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x80640000
[IAT:Addr] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000

Shola:
My report, I'm still getting redirect virus even though none of the anti virus I've downloaded are finding anything :(

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 10/22/2014  12:17:54

Processes : 0

Registry : 0

Tasks : 0

Files : 0

Hosts File : 1
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

Antirootkit : 75 (Driver: Loaded)
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefda230c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefda24034
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff8bef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff8b3560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff8a9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff89d9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff8a3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bf1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff899370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff8b2a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff8b8e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff8cbf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff898284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff8a0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8c2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff8b7490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff8b8e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff8b1314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff9b9440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\version.DLL @ 0x7fefc781b94
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff8b8e70
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\system32\ole32.dll @ 0x7feff9ba1a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff8b3560
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff8b8e20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\system32\ole32.dll @ 0x7feff975fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff8cbf00
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff8b7490
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoDisconnectObject : C:\Windows\system32\ole32.dll @ 0x7feff898420
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstanceEx : C:\Windows\system32\ole32.dll @ 0x7feff89de90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetCurrentLogicalThreadId : C:\Windows\system32\ole32.dll @ 0x7feff891d60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff8b1314
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetObjectContext : C:\Windows\system32\ole32.dll @ 0x7feff8ac920
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff8b2a30
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\system32\ole32.dll @ 0x7feff9e3f90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff8a9980
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff899370
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - IIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff898d18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff89ad64
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff8b63a8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\system32\ole32.dll @ 0x7feff895da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetApartmentType : C:\Windows\system32\ole32.dll @ 0x7feff8b6cf0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - GetHGlobalFromStream : C:\Windows\system32\ole32.dll @ 0x7feff959d20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bf1ac
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - ProgIDFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff9df850
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff8a0680
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8987e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff898284
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\system32\ole32.dll @ 0x7feff8c2c60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\system32\ole32.dll @ 0x7feff9ea130
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\system32\ole32.dll @ 0x7feff8aca98
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMalloc : C:\Windows\system32\ole32.dll @ 0x7feff8b3540
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8c2e18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bea20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantClear : C:\Windows\system32\ole32.dll @ 0x7feff8b6da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantCopy : C:\Windows\system32\ole32.dll @ 0x7feff9930a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff8a3e90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff8bef20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8940c0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff89d9d0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeSecurity : C:\Windows\system32\ole32.dll @ 0x7feff8a8220
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevertToSelf : C:\Windows\system32\ole32.dll @ 0x7feff895a58
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoImpersonateClient : C:\Windows\system32\ole32.dll @ 0x7feff895a14
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD10EARX-22N0YB0 +++++
--- User ---
[MBR] 10f00f4bc6194841d91ecd066bf1c8d3
[BSP] 388aac444daf538198df578a2d4fadbb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 205001 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 419842710 | Size: 743218 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Apacer AC203 USB Device +++++
--- User ---
[MBR] b711af9ead283f324f04ee82c252b1ad
[BSP] 4727881d2de01fb0fadbfc2b65e21c88 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_10212014_142034.log - RKreport_DEL_10212014_142109.log - RKreport_DEL_10212014_142136.log - RKreport_DEL_10212014_142541.log
RKreport_DEL_10212014_142556.log - RKreport_SCN_10212014_140633.log - RKreport_SCN_10212014_142451.log

Navigation

[0] Message Index

[#] Next page

Go to full version