RogueKiller V11.0.4.0 (x64) [Dec 20 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : BReese76 [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 12/27/2015 11:19:12 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤ [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0) [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0) [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49282;https=127.0.0.1:49282 -> Deleted [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49282;https=127.0.0.1:49282 -> ERROR [2] [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 45 (Driver: Loaded) ¤¤¤ [IAT:Inl(Hook.IEAT)] (firefox.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x303fc (jmp 0x88c2c870|jmp 0x552bd334) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateSection : Unknown @ 0x210300 (jmp 0x88fe24b0|jmp 0xfffffcf9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtTerminateThread : Unknown @ 0x2103e0 (jmp 0x88fe2500|jmp 0xfffffc19|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtQueryObject : Unknown @ 0x210440 (jmp 0x88fe2990|jmp 0xfffffbb9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenProcess : Unknown @ 0x210360 (jmp 0x88fe2750|jmp 0xfffffc99|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenThread : Unknown @ 0x210370 (jmp 0x88fe19b0|jmp 0xfffffc89|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x2103a0 (jmp 0x88fe2650|jmp 0xfffffc59|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtTerminateProcess : Unknown @ 0x2103d0 (jmp 0x88fe2760|jmp 0xfffffc29|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateThreadEx : Unknown @ 0x2103c0 (jmp 0x88fe1f90|jmp 0xfffffc39|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateThread : Unknown @ 0x2103b0 (jmp 0x88fe2520|jmp 0xfffffc49|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSuspendThread : Unknown @ 0x210420 (jmp 0x88fe1290|jmp 0xfffffbd9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetContextThread : Unknown @ 0x2103f0 (jmp 0x88fe1510|jmp 0xfffffc09|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetBootOptions : Unknown @ 0x210260 (jmp 0x88fe1390|jmp 0xfffffd99|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenTimer : Unknown @ 0x210330 (jmp 0x88fe1960|jmp 0xfffffcc9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x210490 (jmp 0x88fe1bf0|jmp 0xfffffb69|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSuspendProcess : Unknown @ 0x210410 (jmp 0x88fe1290|jmp 0xfffffbe9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateTimer : Unknown @ 0x210320 (jmp 0x88fe1ee0|jmp 0xfffffcd9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetSystemInformation : Unknown @ 0x2101e0 (jmp 0x88fe1140|jmp 0xfffffe19|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x210340 (jmp 0x88fe2020|jmp 0xfffffcb9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtModifyBootEntry : Unknown @ 0x210240 (jmp 0x88fe19e0|jmp 0xfffffdb9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenMutant : Unknown @ 0x210290 (jmp 0x88fe1950|jmp 0xfffffd69|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetSystemPowerState : Unknown @ 0x210200 (jmp 0x88fe1150|jmp 0xfffffdf9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtReplyWaitReceivePortEx : Unknown @ 0x210460 (jmp 0x88fe2800|jmp 0xfffffb99|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtShutdownSystem : Unknown @ 0x2101f0 (jmp 0x88fe10d0|jmp 0xfffffe09|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenIoCompletion : Unknown @ 0x210350 (jmp 0x88fe1a70|jmp 0xfffffca9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtAddBootEntry : Unknown @ 0x210220 (jmp 0x88fe21e0|jmp 0xfffffdd9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtReplyWaitReceivePort : Unknown @ 0x210450 (jmp 0x88fe29f0|jmp 0xfffffba9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtDeleteBootEntry : Unknown @ 0x210230 (jmp 0x88fe1d50|jmp 0xfffffdc9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSetBootEntryOrder : Unknown @ 0x210250 (jmp 0x88fe1390|jmp 0xfffffda9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenSection : Unknown @ 0x210310 (jmp 0x88fe25f0|jmp 0xfffffce9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtDebugActiveProcess : Unknown @ 0x210400 (jmp 0x88fe1f50|jmp 0xfffffbf9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x210390 (jmp 0x88fe2160|jmp 0xfffffc69|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenEvent : Unknown @ 0x2102d0 (jmp 0x88fe2520|jmp 0xfffffd29|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x210470 (jmp 0x88fe2270|jmp 0xfffffb89|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x210480 (jmp 0x88fe1bf0|jmp 0xfffffb79|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenEventPair : Unknown @ 0x2102f0 (jmp 0x88fe1a20|jmp 0xfffffd09|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateEvent : Unknown @ 0x2102c0 (jmp 0x88fe2490|jmp 0xfffffd39|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateSemaphore : Unknown @ 0x2102a0 (jmp 0x88fe1e90|jmp 0xfffffd59|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtSystemDebugControl : Unknown @ 0x210210 (jmp 0x88fe1070|jmp 0xfffffde9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateMutant : Unknown @ 0x210280 (jmp 0x88fe1f00|jmp 0xfffffd79|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtLoadDriver : Unknown @ 0x2101d0 (jmp 0x88fe1a30|jmp 0xfffffe29|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtCreateEventPair : Unknown @ 0x2102e0 (jmp 0x88fe1fd0|jmp 0xfffffd19|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x210430 (jmp 0x88fe1770|jmp 0xfffffbc9|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtDuplicateObject : Unknown @ 0x210380 (jmp 0x88fe2610|jmp 0xfffffc79|jmp 0x19b) [IAT:Inl(Hook.IEAT)] (firefox.exe @ wow64.dll) ntdll!NtOpenSemaphore : Unknown @ 0x2102b0 (jmp 0x88fe1920|jmp 0xfffffd49|jmp 0x19b) ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] 7movo481.default : user_pref("browser.startup.homepage", "http:/www.google.com"); -> Not selected ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 ATA Device +++++ --- User --- [MBR] 4fe5913ae5f30323b966c4157e2ce8c6 [BSP] ee1d63d4d3100797feb571096a6d9cd2 : Empty MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB 2 - Basic data partition | Offset (sectors): 468992 | Size: 936599 MB 3 - Basic data partition | Offset (sectors): 1918623744 | Size: 17041 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ --- User --- [MBR] 4347992813eb22fbef2cf7ab7ce1ded1 [BSP] 30075960e52535b611628c2b6093fa97 : Unknown MBR Code Partition table: 0 - [XXXXXX] OS/2 (0xa) [VISIBLE] Offset (sectors): 1919230059 | Size: 2092621 MB 1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 544829025 | Size: 266028 MB 3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 2885681152 | Size: 25 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )