Author Topic: ===> False Positives <===  (Read 351635 times)

0 Members and 1 Guest are viewing this topic.

October 20, 2014, 11:44:25 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
===> False Positives <===
« on: October 20, 2014, 11:44:25 AM »
This is a common thread to report all false positives.
Please put the entire line of the text report, no screenshot as much as possible.

Thanks :)

VT.Unknown specific case:
VT.Unknown means the file was unknown on Virus Total, and normally it has been uploaded at the same time.
So, after the file is uploaded, it's analysed by Virus Total. It can take a few hours.

If you redo a scan later enough, there's a high chance that the Virus Total report is available.
RogueKiller will grab it and not see it as unknown anymore (and not flag it).
Then depending on the VirusTotal results, if it's malware it will be flagged and you will see a VT.Something detection.

So, please when you see a VT.Unknown detection, it's because the file is quite new on the web.
Be patient, and redo a scan an hour later to check if it has changed. You can also upload it on VirusTotal by yourself to know if it's legit or not.
« Last Edit: July 30, 2015, 12:16:33 PM by Tigzy »

Reply #1October 20, 2014, 02:20:49 PM

Irrelevant

  • Guest
Re: ===> False Positives <===
« Reply #1 on: October 20, 2014, 02:20:49 PM »
Hello, are these false positives or is my computer infected ?

¤¤¤ Antirootkit : 34 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd2030c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd204034
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7fefe6f0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7fefe6e9370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7fefe712e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7fefe707490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7fefe702a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefe70ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7fefe71bf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7fefe6f3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7fefe6e8284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7fefe6ed9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7fefe70ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7fefe70f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7fefe703560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7fefe6f9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7fefe809440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7fefe708e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7fefe708e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7fefe701314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefc0a1b94
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Get_DevNode_Status_Ex : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd202fb4
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Reenumerate_DevNode : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd20cff0
[IAT:Addr] (explorer.exe @ nvapi64.dll) SETUPAPI.dll - CM_Get_Device_ID_ExW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd202d90
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef2a516f0

Reply #2October 20, 2014, 05:21:00 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #2 on: October 20, 2014, 05:21:00 PM »
Hello
Yes, they are already fixed and waiting for the next release :)

Reply #3October 22, 2014, 06:20:13 AM

davec

  • Guest
Re: ===> False Positives <===
« Reply #3 on: October 22, 2014, 06:20:13 AM »
Are these also all false positives???????? TIA for your consideration.

¤¤¤ Antirootkit : 108 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x80720000
[IAT:Addr] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x80580000
[IAT:Addr] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x80580000
[IAT:Addr] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd4430c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd444034
[IAT:Addr] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ guard64.dll) ntdll.dll - ZwCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x806f0000
[IAT:Addr] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x80690000
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff380680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3a2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff397490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3abf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff378284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff379370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff37d9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff39ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff393560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff389980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff383e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff499440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff398e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff398e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff392a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff391314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefd0b1b94
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff398e70
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\system32\ole32.dll @ 0x7feff49a1a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff393560
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff398e20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\system32\ole32.dll @ 0x7feff455fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3abf00
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff397490
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoDisconnectObject : C:\Windows\system32\ole32.dll @ 0x7feff378420
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstanceEx : C:\Windows\system32\ole32.dll @ 0x7feff37de90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetCurrentLogicalThreadId : C:\Windows\system32\ole32.dll @ 0x7feff371d60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff391314
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetObjectContext : C:\Windows\system32\ole32.dll @ 0x7feff38c920
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff392a30
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\system32\ole32.dll @ 0x7feff4c3f90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff389980
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff379370
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - IIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff378d18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff37ad64
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff3963a8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\system32\ole32.dll @ 0x7feff375da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetApartmentType : C:\Windows\system32\ole32.dll @ 0x7feff396cf0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - GetHGlobalFromStream : C:\Windows\system32\ole32.dll @ 0x7feff439d20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39f1ac
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - ProgIDFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff4bf850
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff380680
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3787e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff378284
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\system32\ole32.dll @ 0x7feff3a2c60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\system32\ole32.dll @ 0x7feff4ca130
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\system32\ole32.dll @ 0x7feff38ca98
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMalloc : C:\Windows\system32\ole32.dll @ 0x7feff393540
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3a2e18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff39ea20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantClear : C:\Windows\system32\ole32.dll @ 0x7feff396da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantCopy : C:\Windows\system32\ole32.dll @ 0x7feff4730a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff383e90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff39ef20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3740c0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff37d9d0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeSecurity : C:\Windows\system32\ole32.dll @ 0x7feff388220
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevertToSelf : C:\Windows\system32\ole32.dll @ 0x7feff375a58
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoImpersonateClient : C:\Windows\system32\ole32.dll @ 0x7feff375a14
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b14e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b15e0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefd0b193c
[IAT:Addr] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x80640000
[IAT:Addr] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x806c0000
[IAT:Addr] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x80000000
[IAT:Addr] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000
[IAT:Addr] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x80610000

Reply #4October 22, 2014, 07:21:37 AM

Shola

  • Guest
Re: ===> False Positives <===
« Reply #4 on: October 22, 2014, 07:21:37 AM »
My report, I'm still getting redirect virus even though none of the anti virus I've downloaded are finding anything :(

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 10/22/2014  12:17:54

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 75 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefda230c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefda24034
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff8bef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff8b3560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff8a9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff89d9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff8a3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bf1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff899370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff8b2a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff8b8e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff8cbf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff898284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff8a0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8c2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff8b7490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff8b8e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff8b1314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff9b9440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\version.DLL @ 0x7fefc781b94
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff8b8e70
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\system32\ole32.dll @ 0x7feff9ba1a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff8b3560
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff8b8e20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\system32\ole32.dll @ 0x7feff975fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff8cbf00
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff8b7490
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoDisconnectObject : C:\Windows\system32\ole32.dll @ 0x7feff898420
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstanceEx : C:\Windows\system32\ole32.dll @ 0x7feff89de90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetCurrentLogicalThreadId : C:\Windows\system32\ole32.dll @ 0x7feff891d60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff8b1314
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetObjectContext : C:\Windows\system32\ole32.dll @ 0x7feff8ac920
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff8b2a30
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\system32\ole32.dll @ 0x7feff9e3f90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff8a9980
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff899370
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - IIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff898d18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff89ad64
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterInitializeSpy : C:\Windows\system32\ole32.dll @ 0x7feff8b63a8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\system32\ole32.dll @ 0x7feff895da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetApartmentType : C:\Windows\system32\ole32.dll @ 0x7feff8b6cf0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - GetHGlobalFromStream : C:\Windows\system32\ole32.dll @ 0x7feff959d20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bf1ac
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - ProgIDFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff9df850
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff8a0680
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevokeClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8987e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff898284
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\system32\ole32.dll @ 0x7feff8c2c60
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\system32\ole32.dll @ 0x7feff9ea130
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\system32\ole32.dll @ 0x7feff8aca98
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMalloc : C:\Windows\system32\ole32.dll @ 0x7feff8b3540
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8c2e18
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff8bea20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantClear : C:\Windows\system32\ole32.dll @ 0x7feff8b6da4
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - PropVariantCopy : C:\Windows\system32\ole32.dll @ 0x7feff9930a0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff8a3e90
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff8bef20
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRegisterClassObject : C:\Windows\system32\ole32.dll @ 0x7feff8940c0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff89d9d0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeSecurity : C:\Windows\system32\ole32.dll @ 0x7feff8a8220
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoRevertToSelf : C:\Windows\system32\ole32.dll @ 0x7feff895a58
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoImpersonateClient : C:\Windows\system32\ole32.dll @ 0x7feff895a14
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc7814e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc7815e0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc78193c

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARX-22N0YB0 +++++
--- User ---
[MBR] 10f00f4bc6194841d91ecd066bf1c8d3
[BSP] 388aac444daf538198df578a2d4fadbb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 205001 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 419842710 | Size: 743218 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Apacer AC203 USB Device +++++
--- User ---
[MBR] b711af9ead283f324f04ee82c252b1ad
[BSP] 4727881d2de01fb0fadbfc2b65e21c88 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_10212014_142034.log - RKreport_DEL_10212014_142109.log - RKreport_DEL_10212014_142136.log - RKreport_DEL_10212014_142541.log
RKreport_DEL_10212014_142556.log - RKreport_SCN_10212014_140633.log - RKreport_SCN_10212014_142451.log

Reply #5October 22, 2014, 11:07:42 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #5 on: October 22, 2014, 11:07:42 AM »
Please pay attention to what is above you when you post :)
Those lines are already reported, and are on their path to the new version.

Reply #6October 23, 2014, 12:17:41 AM

davec

  • Guest
Re: ===> False Positives <===
« Reply #6 on: October 23, 2014, 12:17:41 AM »
Tigzy......

Please RE-READ what was sent. The items ARE different. If providing a courteous response isn't within your capabilities, do something else. All you had to say was "Those lines are already reported, and are on their path to the new version."

Reply #7October 23, 2014, 02:56:17 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #7 on: October 23, 2014, 02:56:17 PM »
Was not just for you davec.  ;)
The same lines are :

Quote
C:\Windows\system32\ole32.dll
C:\Windows\system32\VERSION.dll
C:\Windows\system32\CFGMGR32.dll

Unknown modules cannot be treated.
Sorry for the rude answer, but yes they are the same :)

Reply #8October 26, 2014, 05:11:40 PM

ROUGEXIII

  • Guest
Re: ===> False Positives <===
« Reply #8 on: October 26, 2014, 05:11:40 PM »
Hi,

I dont know if they are already given as false positive or if they are true positive:

Quote
¤¤¤ Antirootkit : 4 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\kbdclass.sys - IRP_MJ_READ[3] : C:\WINDOWS\system32\DRIVERS\ETD.sys @ 0xb8cc0232
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Reenumerate_DevNode : C:\WINDOWS\system32\SETUPAPI.dll @ 0x779526a5
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_DevNode_Status : C:\WINDOWS\system32\SETUPAPI.dll @ 0x778ec6eb
[IAT:Addr] (explorer.exe @ sti.dll) CFGMGR32.dll - CM_Get_Parent : C:\WINDOWS\system32\SETUPAPI.dll @ 0x77957a5d

Thanks for help

Reply #9October 27, 2014, 08:36:41 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #9 on: October 27, 2014, 08:36:41 AM »
Thanks, I've added them when I saw your forum thread :)

Reply #10October 29, 2014, 08:06:56 AM

Aceinthewhatever

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #10 on: October 29, 2014, 08:06:56 AM »
Hi, I recently downloaded AVG and on the first scan it told me I had rootkit, which eventually led me here. Anyways, I don't know much about this kind of stuff, so here my results from the scan:

¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] HostAppServiceUpdater.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[7] -> Killed [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermThr]
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Killed [TermProc]
[PUP] (SVC) vToolbarUpdater18.1.10 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe[7] -> Stopped

¤¤¤ Registry : 14 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\BC234_000\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\BC234_000\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.10 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.10 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\Windows\SYSTEM32\sppc.dll @ 0x7ffa1b59566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\Windows\SYSTEM32\sppc.dll @ 0x7ffa1b5978e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ffa0d55bf60

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] 4eb748eb2bad407088f7494c6ed510e9
[BSP] 4602f267e28c59160c125920bff66dfd : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10292014_022328.log - RKreport_SCN_10292014_024954.log



Thanks for the help :)

Reply #11October 29, 2014, 08:42:56 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #11 on: October 29, 2014, 08:42:56 AM »
Thanks, that's already added :)

Reply #12October 29, 2014, 09:14:17 AM

Aceinthewhatever

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #12 on: October 29, 2014, 09:14:17 AM »
Oh, sorry, I think I posted in the wrong thread, I thought this was for asking if results were false positives or not, my bad. I really have no clue if these are false positives or not, so I was hoping if you guys could enlighten me.

Reply #13October 29, 2014, 10:12:32 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: ===> False Positives <===
« Reply #13 on: October 29, 2014, 10:12:32 AM »
Mmh, well, for Rootkit section yes it is.
For the rest, it's adware (PUP) and shall be removed

Reply #14November 05, 2014, 08:51:12 PM

patweb

  • Guest
Re: ===> False Positives <===
« Reply #14 on: November 05, 2014, 08:51:12 PM »
SYSFER.DLL identified as rootkit (yellow).

This program is part of Symantec Endpoint Protection and Norton 360.  I assume this is normal, and a false positive.

Log-

¤¤¤ Antirootkit : 218 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39b85 (jmp 0xfffffffffdaf7e05)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74b39e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74b39e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtRenameKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d65 (jmp 0xfffffffffdaf76d5)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ CRYPTBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39bc1 (jmp 0xfffffffffdaf7dc1)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ CSCDLL.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ CSCAPI.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntshrui.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ srvcli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtDeleteFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39bc1 (jmp 0xfffffffffdaf7dc1)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ iertutil.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WININET.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WININET.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ ksuser.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ netutils.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ netshell.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ dhcpcsvc.DLL) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ wkscli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ sfc_os.DLL) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ DEVRTL.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ drprov.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ drprov.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntlanman.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntlanman.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ dfscli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ browcli.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ browcli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ wshtcpip.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39b85 (jmp 0xfffffffffdaf7e05)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (iexplore.exe @ kernel32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74b39ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74b39b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74b39e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74b39e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (iexplore.exe @ USER32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74b39bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74b39c39 (jmp 0xfffffffffdaf8709)
(truncated too big)


Thanks, Pat