Inactive Hi there sorry took me so long.....

stephen forbes · Apr 14, 2014

Here are my reports. I actually just got round to doings this tonight:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Stephen [Admin rights]
Mode : Remove -- Date : 04/14/2014 22:34:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\atapi.sys -> HOOKED (Unknown @ 0x856151F8)
[Address] EAT @explorer.exe (AddGadgetMessageHandler) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7E980)
[Address] EAT @explorer.exe (AttachWndProcA) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C816)
[Address] EAT @explorer.exe (AttachWndProcW) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7B056)
[Address] EAT @explorer.exe (AutoTrace) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8704D)
[Address] EAT @explorer.exe (BeginTransition) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C9B3)
[Address] EAT @explorer.exe (BuildAnimation) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7E589)
[Address] EAT @explorer.exe (BuildDropTarget) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8713D)
[Address] EAT @explorer.exe (BuildInterpolation) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7E5E0)
[Address] EAT @explorer.exe (CreateAction) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A786F5)
[Address] EAT @explorer.exe (CreateGadget) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A758D4)
[Address] EAT @explorer.exe (CreateTransition) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C846)
[Address] EAT @explorer.exe (DUserBuildGadget) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B7F4)
[Address] EAT @explorer.exe (DUserCastClass) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C782)
[Address] EAT @explorer.exe (DUserCastDirect) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C7C5)
[Address] EAT @explorer.exe (DUserCastHandle) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B82A)
[Address] EAT @explorer.exe (DUserDeleteGadget) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B9CD)
[Address] EAT @explorer.exe (DUserFindClass) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C6F3)
[Address] EAT @explorer.exe (DUserFlushDeferredMessages) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A77C9E)
[Address] EAT @explorer.exe (DUserFlushMessages) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A77D0E)
[Address] EAT @explorer.exe (DUserGetAlphaPRID) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A87909)
[Address] EAT @explorer.exe (DUserGetGutsData) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C7D5)
[Address] EAT @explorer.exe (DUserGetRectPRID) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A87914)
[Address] EAT @explorer.exe (DUserGetRotatePRID) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8791F)
[Address] EAT @explorer.exe (DUserGetScalePRID) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8792A)
[Address] EAT @explorer.exe (DUserInstanceOf) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C741)
[Address] EAT @explorer.exe (DUserPostEvent) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A77E29)
[Address] EAT @explorer.exe (DUserPostMethod) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B645)
[Address] EAT @explorer.exe (DUserRegisterGuts) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A81F69)
[Address] EAT @explorer.exe (DUserRegisterStub) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8194D)
[Address] EAT @explorer.exe (DUserRegisterSuper) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A829FC)
[Address] EAT @explorer.exe (DUserSendEvent) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A73976)
[Address] EAT @explorer.exe (DUserSendMethod) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B5BC)
[Address] EAT @explorer.exe (DUserStopAnimation) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A884F0)
[Address] EAT @explorer.exe (DeleteHandle) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A76DF6)
[Address] EAT @explorer.exe (DetachWndProc) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A78097)
[Address] EAT @explorer.exe (DllMain) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7261D)
[Address] EAT @explorer.exe (DrawGadgetTree) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C652)
[Address] EAT @explorer.exe (EndTransition) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CA9C)
[Address] EAT @explorer.exe (EnumGadgets) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C31B)
[Address] EAT @explorer.exe (FindGadgetFromPoint) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7C8A7)
[Address] EAT @explorer.exe (FindGadgetMessages) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C1A9)
[Address] EAT @explorer.exe (FindStdColor) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7AFC2)
[Address] EAT @explorer.exe (FireGadgetMessages) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C077)
[Address] EAT @explorer.exe (ForwardGadgetMessage) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A79C96)
[Address] EAT @explorer.exe (GetActionTimeslice) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CB11)
[Address] EAT @explorer.exe (GetDebug) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A87069)
[Address] EAT @explorer.exe (GetGadget) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C533)
[Address] EAT @explorer.exe (GetGadgetAnimation) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A780FD)
[Address] EAT @explorer.exe (GetGadgetBufferInfo) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7F6FD)
[Address] EAT @explorer.exe (GetGadgetCenterPoint) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BE7B)
[Address] EAT @explorer.exe (GetGadgetFocus) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A76CDB)
[Address] EAT @explorer.exe (GetGadgetMessageFilter) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C5C6)
[Address] EAT @explorer.exe (GetGadgetProperty) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A781AF)
[Address] EAT @explorer.exe (GetGadgetRect) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A73FF7)
[Address] EAT @explorer.exe (GetGadgetRgn) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A75C96)
[Address] EAT @explorer.exe (GetGadgetRootInfo) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BFC7)
[Address] EAT @explorer.exe (GetGadgetRotation) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BD41)
[Address] EAT @explorer.exe (GetGadgetScale) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BBF5)
[Address] EAT @explorer.exe (GetGadgetSize) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C3D6)
[Address] EAT @explorer.exe (GetGadgetStyle) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7F42E)
[Address] EAT @explorer.exe (GetGadgetTicket) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7648B)
[Address] EAT @explorer.exe (GetMessageExA) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7C405)
[Address] EAT @explorer.exe (GetMessageExW) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B6CF)
[Address] EAT @explorer.exe (GetStdColorBrushF) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CBF6)
[Address] EAT @explorer.exe (GetStdColorBrushI) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A73A0F)
[Address] EAT @explorer.exe (GetStdColorF) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CE51)
[Address] EAT @explorer.exe (GetStdColorI) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A79F4E)
[Address] EAT @explorer.exe (GetStdColorName) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CD52)
[Address] EAT @explorer.exe (GetStdColorPenF) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CCDE)
[Address] EAT @explorer.exe (GetStdColorPenI) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CC6A)
[Address] EAT @explorer.exe (GetStdPalette) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B83A)
[Address] EAT @explorer.exe (GetTransitionInterface) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C93F)
[Address] EAT @explorer.exe (InitGadgetComponent) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B8CA)
[Address] EAT @explorer.exe (InitGadgets) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7B3A2)
[Address] EAT @explorer.exe (InvalidateGadget) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A748E1)
[Address] EAT @explorer.exe (IsGadgetParentChainStyle) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BA8B)
[Address] EAT @explorer.exe (IsInsideContext) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B578)
[Address] EAT @explorer.exe (IsStartDelete) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7E671)
[Address] EAT @explorer.exe (LookupGadgetTicket) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CDC8)
[Address] EAT @explorer.exe (MapGadgetPoints) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A83A4A)
[Address] EAT @explorer.exe (PeekMessageExA) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B71C)
[Address] EAT @explorer.exe (PeekMessageExW) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B76A)
[Address] EAT @explorer.exe (PlayTransition) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C8BC)
[Address] EAT @explorer.exe (PrintTransition) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CA28)
[Address] EAT @explorer.exe (RegisterGadgetMessage) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7FA7B)
[Address] EAT @explorer.exe (RegisterGadgetMessageString) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C155)
[Address] EAT @explorer.exe (RegisterGadgetProperty) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7FC35)
[Address] EAT @explorer.exe (RemoveGadgetMessageHandler) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C226)
[Address] EAT @explorer.exe (RemoveGadgetProperty) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7E243)
[Address] EAT @explorer.exe (SetActionTimeslice) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CB8E)
[Address] EAT @explorer.exe (SetGadgetBufferInfo) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7F04B)
[Address] EAT @explorer.exe (SetGadgetCenterPoint) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BF16)
[Address] EAT @explorer.exe (SetGadgetFillF) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BB53)
[Address] EAT @explorer.exe (SetGadgetFillI) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7DE45)
[Address] EAT @explorer.exe (SetGadgetFocus) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A76D6E)
[Address] EAT @explorer.exe (SetGadgetFocusEx) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A79D4E)
[Address] EAT @explorer.exe (SetGadgetMessageFilter) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A76360)
[Address] EAT @explorer.exe (SetGadgetOrder) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C469)
[Address] EAT @explorer.exe (SetGadgetParent) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A75D8F)
[Address] EAT @explorer.exe (SetGadgetProperty) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7E6D8)
[Address] EAT @explorer.exe (SetGadgetRect) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A75BA3)
[Address] EAT @explorer.exe (SetGadgetRootInfo) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7B78F)
[Address] EAT @explorer.exe (SetGadgetRotation) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BDD5)
[Address] EAT @explorer.exe (SetGadgetScale) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8BC90)
[Address] EAT @explorer.exe (SetGadgetStyle) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A7551C)
[Address] EAT @explorer.exe (UninitGadgetComponent) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B94B)
[Address] EAT @explorer.exe (UnregisterGadgetMessage) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C17D)
[Address] EAT @explorer.exe (UnregisterGadgetMessageString) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C155)
[Address] EAT @explorer.exe (UnregisterGadgetProperty) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8C2EF)
[Address] EAT @explorer.exe (UtilBuildFont) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B846)
[Address] EAT @explorer.exe (UtilDrawBlendRect) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B856)
[Address] EAT @explorer.exe (UtilDrawOutlineRect) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B866)
[Address] EAT @explorer.exe (UtilGetColor) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B876)
[Address] EAT @explorer.exe (UtilSetBackground) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8CD84)
[Address] EAT @explorer.exe (WaitMessageEx) : authui.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A8B7B8)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Administrator\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\Public\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\Stephen\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3320620AS ATA Device +++++
--- User ---
[MBR] 438cddd88b412b62858d01ed46ec6f95
[BSP] 9fbeedf0ceba753e151396a3e1f5f44c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 131059 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268410880 | Size: 174184 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EACS-22D6B0 ATA Device +++++
--- User ---
[MBR] 6f140ea869be67709085d46ac6920a3e
[BSP] 20e950bf57908418a777b7353330a928 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) TEAC USB HS-CF Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) TEAC USB HS-xD/SM USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) TEAC USB HS-MS Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) TEAC USB HS-SD Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_04142014_223444.txt >>
RKreport[0]_S_04142014_223359.txt

stephen forbes · Apr 14, 2014

Other report

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.14.07

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Stephen :: STEPHEN-PC [administrator]

14/04/2014 22:43:23
mbar-log-2014-04-14 (22-43-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 247583
Time elapsed: 23 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\rpcss.dll (Trojan.Zekos.Patchedwv0) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Broni · Apr 14, 2014

This is not the way to handle closed topics.
You should have PMed me with some explanation and I 'd open your original topic.
Your original topic is now open: https://www.techspot.com/community/topics/virus-and-malware-removal.200661/#post-1386854
Please continue there.
This topic is closed.

Inactive Hi there sorry took me so long.....

stephen forbes

Posts: 9 +0

stephen forbes

Posts: 9 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts