Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Roguekiller issues.Help with removal


zizzy_top
 Share

Recommended Posts

Hello,

 

I scanned my system with roguekiller and it found some issues in the regisrty and the antirootkit.

Also when the scan finished it opened a link about IAT hooks from which basicly i know nothing.. :P Here is the link: http://www.adlice.com/userland-rootkits-part-1-iat-hooks/

 

I want someone to guide me to remove these issues.

I will be more than happy to donate if all issues are resolved :)

 

Here is the roguekiller log:

 

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 12/11/2014  05:13:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3132053673-1092604695-3925107994-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3132053673-1092604695-3925107994-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 2 (Driver: Not loaded [0xc000036b]) ¤¤¤
[iAT:Addr] (firefox.exe @ xul.dll) NETAPI32.dll - NetApiBufferFree : C:\Windows\system32\netutils.dll @ 0x713a13d2
[iAT:Addr] (firefox.exe @ xul.dll) NETAPI32.dll - NetUserGetInfo : C:\Windows\system32\SAMCLI.DLL @ 0x6b911be2

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 3xqrpk7b.default : user_pref("browser.startup.homepage", "www.google.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS5C1050CLA382 ATA Device +++++
--- User ---
[MBR] d7d0af23819bc1d950bbd5be6b7179d9
[bSP] 1234ac478c610fdb89afa18a2b23ecc7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 25000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 51202048 | Size: 451938 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10182014_112509.log - RKreport_DEL_12102014_010856.log - RKreport_SCN_10182014_111502.log - RKreport_SCN_12102014_010419.log

 

Thank you

Link to post
Share on other sites

Welcome to the forum.

RK is just a scanner and not everything found is bad.

If you want to check for rootkits.......

Download, update and run Malwarebytes Anti-Rookit:

http://downloads.malwarebytes.org/file/mbar/

Run it as Administrator! (right click..run as administrator)

Note: If you have Malwarebytes Pro it be must disabled to run MBAR

Right click on the Malwarebytes icon in the system tray and un-check

"Start with Windows" Re-boot and run MBAR

Don't forget to re-enable it when done.

MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.