ok, I have ran a scan and it detected 1 thing in anti rootkit it was a file called "mfewfpk.sys" and I looked it up and it is something to do with McAfee anti virus witch I have installed so I think that is a false positive or harmless then I get another thing in anti rootkit called (under name tab) "msvcrt.dll : free " under "Detection" it says it is a "Hook.IEAT" under "Address" witch says "0x770cf00" please help I am a bit worried. Report : RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebsite :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : RemoveName [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/29/2015 05:08:42
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\disk @ Unknown : \Driver\mfedisk @ Unknown (\SystemRoot\system32\drivers\mfewfpk.sys)
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - free : Unknown @ 0x39ee127b (jmp 0x327d4379)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3e99d018e8be4f8cb57f623e22c6e299
[BSP] b0d71a947d6636fb01c39676b7efba73 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 1907377 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05152015_001904.log - RKreport_DEL_05152015_002250.log - RKreport_DEL_05152015_002639.log - RKreport_SCN_05152015_003119.log
RKreport_SCN_05152015_084441.log - RKreport_DEL_05152015_084852.log - RKreport_DEL_05152015_084858.log - RKreport_SCN_05152015_085232.log
RKreport_SCN_05162015_040749.log - RKreport_DEL_05162015_041530.log - RKreport_SCN_05162015_042059.log - RKreport_DEL_05162015_045206.log
RKreport_SCN_05162015_045645.log - RKreport_SCN_05162015_071019.log - RKreport_DEL_05162015_071755.log - RKreport_SCN_05162015_072238.log
RKreport_SCN_05162015_075353.log - RKreport_DEL_05162015_075423.log - RKreport_SCN_05162015_083139.log - RKreport_SCN_05162015_093446.log
RKreport_DEL_05162015_093507.log - RKreport_SCN_05162015_102258.log - RKreport_SCN_05162015_105801.log - RKreport_SCN_05162015_110904.log
RKreport_DEL_05162015_111700.log - RKreport_SCN_05162015_162110.log - RKreport_SCN_05162015_171314.log - RKreport_SCN_05162015_203208.log
RKreport_SCN_05172015_125803.log - RKreport_SCN_05172015_130537.log - RKreport_DEL_05172015_131136.log - RKreport_SCN_05172015_192014.log
RKreport_SCN_05172015_193236.log - RKreport_SCN_05172015_195454.log - RKreport_SCN_05242015_091544.log - RKreport_DEL_05242015_092829.log
RKreport_SCN_05242015_093226.log - RKreport_SCN_05242015_094758.log - RKreport_SCN_05242015_170541.log - RKreport_SCN_05252015_134533.log
RKreport_SCN_05252015_184025.log - RKreport_SCN_05262015_153232.log - RKreport_SCN_05272015_193708.log - RKreport_DEL_05272015_194550.log
RKreport_SCN_05272015_194954.log - RKreport_SCN_05282015_045538.log - RKreport_SCN_05282015_182358.log - RKreport_SCN_05292015_022613.log
Topic: Please help, False positive ? infected ? can't find these anywhere. Worried (Read 3791 times)
