Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Quick Query
Message
<blockquote data-quote="CapeBuffalo" data-source="post: 201808" data-attributes="member: 22356"><p>Hi i ran a roguekiller scan when i connect mirc via comodo sandbox and it usually kills 3 svchost host , but this time i saw it found a hidden process but gave no link to location (note: i just got zemana)</p><p></p><p></p><p>RogueKiller V9.0.0.0 [May 29 2014] by Adlice Software</p><p>mail : <a href="http://www.adlice.com/contact/" target="_blank">http://www.adlice.com/contact/</a></p><p>Feedback : <a href="http://forum.adlice.com" target="_blank">http://forum.adlice.com</a></p><p>Website : <a href="http://www.adlice.com/softwares/roguekiller/" target="_blank">http://www.adlice.com/softwares/roguekiller/</a></p><p>Blog : <a href="http://www.adlice.com" target="_blank">http://www.adlice.com</a></p><p></p><p>Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version</p><p>Started in : Normal mode</p><p>User : Ducktales [Admin rights]</p><p>Mode : Scan -- Date : 05/29/2014 07:42:59</p><p></p><p>¤¤¤ Bad processes : 4 ¤¤¤</p><p>[SVCHOST] svchost.exe -- [x] -> KILLED [TermProc]</p><p>[SVCHOST] svchost.exe -- [x] -> KILLED [TermProc]</p><p>[SVCHOST] svchost.exe -- [x] -> KILLED [TermProc]</p><p>[Hidden!] -- [x] -> KILLED [TermThr]</p><p></p><p>¤¤¤ Registry Entries : 2 ¤¤¤</p><p>[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND</p><p>[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND</p><p></p><p>¤¤¤ Scheduled tasks : 0 ¤¤¤</p><p></p><p>¤¤¤ Files : 0 ¤¤¤</p><p></p><p>¤¤¤ HOSTS File : 1 ¤¤¤</p><p>[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost</p><p></p><p>¤¤¤ Antirootkit : 107 ¤¤¤</p><p>[SSDT:Addr] NtCreateFile[66] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933c99dc</p><p>[SSDT:Addr] NtCreateSymbolicLinkObject[86] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933c9dba</p><p>[SSDT:Addr] NtCreateThread[87] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca102</p><p>[SSDT:Addr] NtDeleteKey[103] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca476</p><p>[SSDT:Addr] NtDeleteValueKey[106] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca544</p><p>[SSDT:Addr] NtDeviceIoControlFile[107] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca690</p><p>[SSDT:Addr] NtLoadDriver[155] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc062</p><p>[SSDT:Addr] NtMapViewOfSection[168] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc480</p><p>[SSDT:Addr] NtOpenFile[179] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc798</p><p>[SSDT:Addr] NtOpenKey[182] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc962</p><p>[SSDT:Addr] NtOpenProcess[190] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc974</p><p>[SSDT:Addr] NtOpenThread[198] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd03e</p><p>[SSDT:Addr] NtProtectVirtualMemory[215] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd0d2</p><p>[SSDT:Addr] NtQueueApcThread[269] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd0e4</p><p>[SSDT:Addr] NtSecureConnectPort[312] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd3e6</p><p>[SSDT:Addr] NtSetContextThread[316] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd452</p><p>[SSDT:Addr] NtSetSystemInformation[350] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd78a</p><p>[SSDT:Addr] NtSetValueKey[358] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd7f4</p><p>[SSDT:Addr] NtTerminateProcess[370] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdbc6</p><p>[SSDT:Addr] NtWriteVirtualMemory[399] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfcba</p><p>[ShwSSDT:Addr] NtGdiAlphaBlend[7] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca9ba</p><p>[ShwSSDT:Addr] NtGdiBitBlt[14] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cacd2</p><p>[ShwSSDT:Addr] NtGdiDeleteObjectApp[125] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cafe4</p><p>[ShwSSDT:Addr] NtGdiGetPixel[200] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933caffe</p><p>[ShwSSDT:Addr] NtGdiMaskBlt[237] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb324</p><p>[ShwSSDT:Addr] NtGdiOpenDCW[243] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb63c</p><p>[ShwSSDT:Addr] NtGdiPlgBlt[247] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb716</p><p>[ShwSSDT:Addr] NtGdiStretchBlt[302] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cba38</p><p>[ShwSSDT:Addr] NtGdiTransparentBlt[308] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cbd4e</p><p>[ShwSSDT:Addr] NtUserAttachThreadInput[318] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdc36</p><p>[ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdfa8</p><p>[ShwSSDT:Addr] NtUserGetClassInfoEx[406] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ce2c4</p><p>[ShwSSDT:Addr] NtUserGetKeyState[436] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ce740</p><p>[ShwSSDT:Addr] NtUserMessageCall[490] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cea54</p><p>[ShwSSDT:Addr] NtUserPostMessage[508] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ced68</p><p>[ShwSSDT:Addr] NtUserPostThreadMessage[509] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cedde</p><p>[ShwSSDT:Addr] NtUserRegisterRawInputDevices[524] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cedf0</p><p>[ShwSSDT:Addr] NtUserSendInput[536] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf1f4</p><p>[ShwSSDT:Addr] NtUserSetClipboardViewer[544] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf538</p><p>[ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfb2e</p><p>[ShwSSDT:Addr] NtUserSetWinEventHook[588] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf80e</p><p>[ShwSSDT:Addr] NtUserUnhookWindowsHookEx[607] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfc98</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAddressToString : C:\Windows\System32\bthprops.cpl @ 0x6697740f</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateDevice : C:\Windows\System32\bthprops.cpl @ 0x669782a0</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateDeviceEx : C:\Windows\System32\bthprops.cpl @ 0x669783b9</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateMultipleDevices : C:\Windows\System32\bthprops.cpl @ 0x669782c8</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticationAgent : C:\Windows\System32\bthprops.cpl @ 0x669698be</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothDisconnectDevice : C:\Windows\System32\bthprops.cpl @ 0x6696dd74</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothDisplayDeviceProperties : C:\Windows\System32\bthprops.cpl @ 0x669741ab</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnableDiscovery : C:\Windows\System32\bthprops.cpl @ 0x6696e424</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnableIncomingConnections : C:\Windows\System32\bthprops.cpl @ 0x6696e6c4</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnumerateInstalledServices : C:\Windows\System32\bthprops.cpl @ 0x6696de94</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnumerateInstalledServicesEx : C:\Windows\System32\bthprops.cpl @ 0x6696f7a2</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindBrowseGroupClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindClassIdClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindDeviceClose : C:\Windows\System32\bthprops.cpl @ 0x6696d785</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstBrowseGroup : C:\Windows\System32\bthprops.cpl @ 0x6696db97</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstClassId : C:\Windows\System32\bthprops.cpl @ 0x6696d8f5</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstDevice : C:\Windows\System32\bthprops.cpl @ 0x6696e9e6</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProfileDescriptor : C:\Windows\System32\bthprops.cpl @ 0x6696dc7e</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProtocolDescriptorStack : C:\Windows\System32\bthprops.cpl @ 0x6696d9d5</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProtocolEntry : C:\Windows\System32\bthprops.cpl @ 0x6696dacc</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstRadio : C:\Windows\System32\bthprops.cpl @ 0x6696d6e6</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstService : C:\Windows\System32\bthprops.cpl @ 0x6697032d</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstServiceEx : C:\Windows\System32\bthprops.cpl @ 0x6696edbe</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextBrowseGroup : C:\Windows\System32\bthprops.cpl @ 0x6696cb98</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextClassId : C:\Windows\System32\bthprops.cpl @ 0x6696c97d</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextDevice : C:\Windows\System32\bthprops.cpl @ 0x6696c194</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProfileDescriptor : C:\Windows\System32\bthprops.cpl @ 0x6696cbfd</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProtocolDescriptorStack : C:\Windows\System32\bthprops.cpl @ 0x6696c9d4</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProtocolEntry : C:\Windows\System32\bthprops.cpl @ 0x6696caa8</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextRadio : C:\Windows\System32\bthprops.cpl @ 0x6696c066</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextService : C:\Windows\System32\bthprops.cpl @ 0x6696d84c</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProfileDescriptorClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProtocolDescriptorStackClose : C:\Windows\System32\bthprops.cpl @ 0x6696ca5b</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProtocolEntryClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindRadioClose : C:\Windows\System32\bthprops.cpl @ 0x6696c1cd</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindServiceClose : C:\Windows\System32\bthprops.cpl @ 0x6696c92f</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothGetDeviceInfo : C:\Windows\System32\bthprops.cpl @ 0x6696e8f6</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothGetRadioInfo : C:\Windows\System32\bthprops.cpl @ 0x6696d083</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsConnectable : C:\Windows\System32\bthprops.cpl @ 0x6696e6e6</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsDiscoverable : C:\Windows\System32\bthprops.cpl @ 0x6696e5f3</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsVersionAvailable : C:\Windows\System32\bthprops.cpl @ 0x6696d4b2</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothMapClassOfDeviceToImageIndex : C:\Windows\System32\bthprops.cpl @ 0x6697731e</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothMapClassOfDeviceToString : C:\Windows\System32\bthprops.cpl @ 0x66976f6d</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRegisterForAuthentication : C:\Windows\System32\bthprops.cpl @ 0x66970114</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRegisterForAuthenticationEx : C:\Windows\System32\bthprops.cpl @ 0x66970137</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRemoveDevice : C:\Windows\System32\bthprops.cpl @ 0x66970ebd</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpEnumAttributes : C:\Windows\System32\bthprops.cpl @ 0x6696ccd9</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetAttributeValue : C:\Windows\System32\bthprops.cpl @ 0x66971530</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetContainerElementData : C:\Windows\System32\bthprops.cpl @ 0x66971488</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetElementData : C:\Windows\System32\bthprops.cpl @ 0x66971223</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetString : C:\Windows\System32\bthprops.cpl @ 0x66971883</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSelectDevices : C:\Windows\System32\bthprops.cpl @ 0x66973d76</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSelectDevicesFree : C:\Windows\System32\bthprops.cpl @ 0x6697253f</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSendAuthenticationResponse : C:\Windows\System32\bthprops.cpl @ 0x6696e323</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSendAuthenticationResponseEx : C:\Windows\System32\bthprops.cpl @ 0x6696e235</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSetLocalServiceInfo : C:\Windows\System32\bthprops.cpl @ 0x6696fb77</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSetServiceState : C:\Windows\System32\bthprops.cpl @ 0x66970ddb</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothUnregisterAuthentication : C:\Windows\System32\bthprops.cpl @ 0x6696cf30</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BluetoothUpdateDeviceRecord : C:\Windows\System32\bthprops.cpl @ 0x6696d7e1</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BthpEnableAllServices : C:\Windows\System32\bthprops.cpl @ 0x6697106a</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BthpFindPnpInfo : C:\Windows\System32\bthprops.cpl @ 0x6696eec6</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - BthpMapStatusToErr : C:\Windows\System32\bthprops.cpl @ 0x669773df</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - CPlApplet : C:\Windows\System32\bthprops.cpl @ 0x6696bb60</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - DllCanUnloadNow : C:\Windows\System32\bthprops.cpl @ 0x6696b2e6</p><p>[EAT:Addr] (explorer.exe) QAgent.dll - DllGetClassObject : C:\Windows\System32\bthprops.cpl @ 0x6696b1e8</p><p></p><p>¤¤¤ Web browsers : 0 ¤¤¤</p><p></p><p>¤¤¤ MBR Check : ¤¤¤</p><p>+++++ PhysicalDrive0: WDC WD5000AADS-67S9B1 ATA Device +++++</p><p>--- User ---</p><p>[MBR] 5985724ba892a5726b4ce24e2f48fbe8</p><p>[BSP] eb11fb66582f439466a24426dcc02753 : Windows Vista/7/8 MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB</p><p>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB</p><p>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156299264 | Size: 400620 MB</p><p>User = LL1 ... OK</p><p>User = LL2 ... OK</p><p></p><p></p><p>============================================</p><p>RKreport_DEL_05292014_052109.log - RKreport_SCN_05292014_051606.log</p></blockquote><p></p>
[QUOTE="CapeBuffalo, post: 201808, member: 22356"] Hi i ran a roguekiller scan when i connect mirc via comodo sandbox and it usually kills 3 svchost host , but this time i saw it found a hidden process but gave no link to location (note: i just got zemana) RogueKiller V9.0.0.0 [May 29 2014] by Adlice Software mail : [url]http://www.adlice.com/contact/[/url] Feedback : [url]http://forum.adlice.com[/url] Website : [url]http://www.adlice.com/softwares/roguekiller/[/url] Blog : [url]http://www.adlice.com[/url] Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Ducktales [Admin rights] Mode : Scan -- Date : 05/29/2014 07:42:59 ¤¤¤ Bad processes : 4 ¤¤¤ [SVCHOST] svchost.exe -- [x] -> KILLED [TermProc] [SVCHOST] svchost.exe -- [x] -> KILLED [TermProc] [SVCHOST] svchost.exe -- [x] -> KILLED [TermProc] [Hidden!] -- [x] -> KILLED [TermThr] ¤¤¤ Registry Entries : 2 ¤¤¤ [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1260953176-3201969857-2580422920-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 107 ¤¤¤ [SSDT:Addr] NtCreateFile[66] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933c99dc [SSDT:Addr] NtCreateSymbolicLinkObject[86] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933c9dba [SSDT:Addr] NtCreateThread[87] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca102 [SSDT:Addr] NtDeleteKey[103] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca476 [SSDT:Addr] NtDeleteValueKey[106] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca544 [SSDT:Addr] NtDeviceIoControlFile[107] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca690 [SSDT:Addr] NtLoadDriver[155] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc062 [SSDT:Addr] NtMapViewOfSection[168] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc480 [SSDT:Addr] NtOpenFile[179] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc798 [SSDT:Addr] NtOpenKey[182] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc962 [SSDT:Addr] NtOpenProcess[190] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cc974 [SSDT:Addr] NtOpenThread[198] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd03e [SSDT:Addr] NtProtectVirtualMemory[215] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd0d2 [SSDT:Addr] NtQueueApcThread[269] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd0e4 [SSDT:Addr] NtSecureConnectPort[312] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd3e6 [SSDT:Addr] NtSetContextThread[316] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd452 [SSDT:Addr] NtSetSystemInformation[350] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd78a [SSDT:Addr] NtSetValueKey[358] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cd7f4 [SSDT:Addr] NtTerminateProcess[370] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdbc6 [SSDT:Addr] NtWriteVirtualMemory[399] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfcba [ShwSSDT:Addr] NtGdiAlphaBlend[7] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ca9ba [ShwSSDT:Addr] NtGdiBitBlt[14] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cacd2 [ShwSSDT:Addr] NtGdiDeleteObjectApp[125] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cafe4 [ShwSSDT:Addr] NtGdiGetPixel[200] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933caffe [ShwSSDT:Addr] NtGdiMaskBlt[237] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb324 [ShwSSDT:Addr] NtGdiOpenDCW[243] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb63c [ShwSSDT:Addr] NtGdiPlgBlt[247] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cb716 [ShwSSDT:Addr] NtGdiStretchBlt[302] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cba38 [ShwSSDT:Addr] NtGdiTransparentBlt[308] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cbd4e [ShwSSDT:Addr] NtUserAttachThreadInput[318] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdc36 [ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cdfa8 [ShwSSDT:Addr] NtUserGetClassInfoEx[406] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ce2c4 [ShwSSDT:Addr] NtUserGetKeyState[436] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ce740 [ShwSSDT:Addr] NtUserMessageCall[490] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cea54 [ShwSSDT:Addr] NtUserPostMessage[508] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933ced68 [ShwSSDT:Addr] NtUserPostThreadMessage[509] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cedde [ShwSSDT:Addr] NtUserRegisterRawInputDevices[524] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cedf0 [ShwSSDT:Addr] NtUserSendInput[536] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf1f4 [ShwSSDT:Addr] NtUserSetClipboardViewer[544] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf538 [ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfb2e [ShwSSDT:Addr] NtUserSetWinEventHook[588] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cf80e [ShwSSDT:Addr] NtUserUnhookWindowsHookEx[607] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x933cfc98 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAddressToString : C:\Windows\System32\bthprops.cpl @ 0x6697740f [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateDevice : C:\Windows\System32\bthprops.cpl @ 0x669782a0 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateDeviceEx : C:\Windows\System32\bthprops.cpl @ 0x669783b9 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticateMultipleDevices : C:\Windows\System32\bthprops.cpl @ 0x669782c8 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothAuthenticationAgent : C:\Windows\System32\bthprops.cpl @ 0x669698be [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothDisconnectDevice : C:\Windows\System32\bthprops.cpl @ 0x6696dd74 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothDisplayDeviceProperties : C:\Windows\System32\bthprops.cpl @ 0x669741ab [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnableDiscovery : C:\Windows\System32\bthprops.cpl @ 0x6696e424 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnableIncomingConnections : C:\Windows\System32\bthprops.cpl @ 0x6696e6c4 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnumerateInstalledServices : C:\Windows\System32\bthprops.cpl @ 0x6696de94 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothEnumerateInstalledServicesEx : C:\Windows\System32\bthprops.cpl @ 0x6696f7a2 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindBrowseGroupClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindClassIdClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindDeviceClose : C:\Windows\System32\bthprops.cpl @ 0x6696d785 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstBrowseGroup : C:\Windows\System32\bthprops.cpl @ 0x6696db97 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstClassId : C:\Windows\System32\bthprops.cpl @ 0x6696d8f5 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstDevice : C:\Windows\System32\bthprops.cpl @ 0x6696e9e6 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProfileDescriptor : C:\Windows\System32\bthprops.cpl @ 0x6696dc7e [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProtocolDescriptorStack : C:\Windows\System32\bthprops.cpl @ 0x6696d9d5 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstProtocolEntry : C:\Windows\System32\bthprops.cpl @ 0x6696dacc [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstRadio : C:\Windows\System32\bthprops.cpl @ 0x6696d6e6 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstService : C:\Windows\System32\bthprops.cpl @ 0x6697032d [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindFirstServiceEx : C:\Windows\System32\bthprops.cpl @ 0x6696edbe [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextBrowseGroup : C:\Windows\System32\bthprops.cpl @ 0x6696cb98 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextClassId : C:\Windows\System32\bthprops.cpl @ 0x6696c97d [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextDevice : C:\Windows\System32\bthprops.cpl @ 0x6696c194 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProfileDescriptor : C:\Windows\System32\bthprops.cpl @ 0x6696cbfd [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProtocolDescriptorStack : C:\Windows\System32\bthprops.cpl @ 0x6696c9d4 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextProtocolEntry : C:\Windows\System32\bthprops.cpl @ 0x6696caa8 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextRadio : C:\Windows\System32\bthprops.cpl @ 0x6696c066 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindNextService : C:\Windows\System32\bthprops.cpl @ 0x6696d84c [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProfileDescriptorClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProtocolDescriptorStackClose : C:\Windows\System32\bthprops.cpl @ 0x6696ca5b [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindProtocolEntryClose : C:\Windows\System32\bthprops.cpl @ 0x6696cb63 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindRadioClose : C:\Windows\System32\bthprops.cpl @ 0x6696c1cd [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothFindServiceClose : C:\Windows\System32\bthprops.cpl @ 0x6696c92f [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothGetDeviceInfo : C:\Windows\System32\bthprops.cpl @ 0x6696e8f6 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothGetRadioInfo : C:\Windows\System32\bthprops.cpl @ 0x6696d083 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsConnectable : C:\Windows\System32\bthprops.cpl @ 0x6696e6e6 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsDiscoverable : C:\Windows\System32\bthprops.cpl @ 0x6696e5f3 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothIsVersionAvailable : C:\Windows\System32\bthprops.cpl @ 0x6696d4b2 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothMapClassOfDeviceToImageIndex : C:\Windows\System32\bthprops.cpl @ 0x6697731e [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothMapClassOfDeviceToString : C:\Windows\System32\bthprops.cpl @ 0x66976f6d [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRegisterForAuthentication : C:\Windows\System32\bthprops.cpl @ 0x66970114 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRegisterForAuthenticationEx : C:\Windows\System32\bthprops.cpl @ 0x66970137 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothRemoveDevice : C:\Windows\System32\bthprops.cpl @ 0x66970ebd [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpEnumAttributes : C:\Windows\System32\bthprops.cpl @ 0x6696ccd9 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetAttributeValue : C:\Windows\System32\bthprops.cpl @ 0x66971530 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetContainerElementData : C:\Windows\System32\bthprops.cpl @ 0x66971488 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetElementData : C:\Windows\System32\bthprops.cpl @ 0x66971223 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSdpGetString : C:\Windows\System32\bthprops.cpl @ 0x66971883 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSelectDevices : C:\Windows\System32\bthprops.cpl @ 0x66973d76 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSelectDevicesFree : C:\Windows\System32\bthprops.cpl @ 0x6697253f [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSendAuthenticationResponse : C:\Windows\System32\bthprops.cpl @ 0x6696e323 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSendAuthenticationResponseEx : C:\Windows\System32\bthprops.cpl @ 0x6696e235 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSetLocalServiceInfo : C:\Windows\System32\bthprops.cpl @ 0x6696fb77 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothSetServiceState : C:\Windows\System32\bthprops.cpl @ 0x66970ddb [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothUnregisterAuthentication : C:\Windows\System32\bthprops.cpl @ 0x6696cf30 [EAT:Addr] (explorer.exe) QAgent.dll - BluetoothUpdateDeviceRecord : C:\Windows\System32\bthprops.cpl @ 0x6696d7e1 [EAT:Addr] (explorer.exe) QAgent.dll - BthpEnableAllServices : C:\Windows\System32\bthprops.cpl @ 0x6697106a [EAT:Addr] (explorer.exe) QAgent.dll - BthpFindPnpInfo : C:\Windows\System32\bthprops.cpl @ 0x6696eec6 [EAT:Addr] (explorer.exe) QAgent.dll - BthpMapStatusToErr : C:\Windows\System32\bthprops.cpl @ 0x669773df [EAT:Addr] (explorer.exe) QAgent.dll - CPlApplet : C:\Windows\System32\bthprops.cpl @ 0x6696bb60 [EAT:Addr] (explorer.exe) QAgent.dll - DllCanUnloadNow : C:\Windows\System32\bthprops.cpl @ 0x6696b2e6 [EAT:Addr] (explorer.exe) QAgent.dll - DllGetClassObject : C:\Windows\System32\bthprops.cpl @ 0x6696b1e8 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AADS-67S9B1 ATA Device +++++ --- User --- [MBR] 5985724ba892a5726b4ce24e2f48fbe8 [BSP] eb11fb66582f439466a24426dcc02753 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156299264 | Size: 400620 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_05292014_052109.log - RKreport_SCN_05292014_051606.log [/QUOTE]
Insert quotes…
Verification
Post reply
Top