Moddingspree

Thanks for the reply

It doesn't let me post, it's too long. How can I upload the txt files?

For some reason RogueKiller didn't find any rootkits this time, but instead found other things. In the registry tab it found 2 "suspicious paths", here it is (some writing is in italian, "fermato" means stopped and "trovato" means found). RogueKiller: RogueKiller V10.6.1.0 (x64) [Apr 24 2015] di Adlice Softwareposta : http://www.adlice.com/contact/Commenti : http://forum.adlice.comSito Web : http://www.adlice.com/softwares/roguekiller/Discussione : http://www.adlice.com Sistema Operativo : Windows 8.1 (6.3.9200 ) 64 bits versionIniziato in : Modalità NormaleUtente : Moddingspree [Amministratore]Iniziato da : C:\Users\Moddingspree\Documents\Programs\RogueKillerX64.exeModalità : Scansione -- Data : 05/01/2015 12:56:45 ¤¤¤ Processi : 1 ¤¤¤[suspicious.Path] (SVC) GPUZ -- \??\C:\Users\MODDIN~1\AppData\Local\Temp\GPUZ.sys[x] -> Fermato ¤¤¤ Registro : 8 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Users\MODDIN~1\AppData\Local\Temp\GPUZ.sys) -> Trovato[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Users\MODDIN~1\AppData\Local\Temp\GPUZ.sys) -> Trovato[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trovato[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trovato[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trovato ¤¤¤ Attività : 0 ¤¤¤ ¤¤¤ Archivi : 0 ¤¤¤ ¤¤¤ Archivio Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤ ¤¤¤ Web Browser : 0 ¤¤¤ ¤¤¤ Controllo MBR : ¤¤¤+++++ PhysicalDrive0: WDC WD10EZEX-00BN5A0 +++++--- User ---[MBR] 6b92aed551767dd95c014cba35b1f8e1[bSP] e89d3b1febf26bfc6ebfb88121503ca7 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_04302015_190615.log - RKreport_SCN_04302015_210226.log - RKreport_SCN_04302015_223847.log - RKreport_SCN_04302015_230602.logRKreport_SCN_05012015_094233.log malwarebytes scan: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 01/05/2015Scan Time: 12:40:29Logfile: Malwarebyte Scan.txtAdministrator: Yes Version: 2.01.6.1022Malware Database: v2015.05.01.01Rootkit Database: v2015.04.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Moddingspree Scan Type: Threat ScanResult: CompletedObjects Scanned: 336748Time Elapsed: 5 min, 58 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

Hi, thanks for the answer. I am running the scans, will post here as soon as they finish.

Bump. Please someone...

Hello everyone, Today I ran a scan of "Roguekiller", and it detected 2 IAT/EAT hooks. The program says the following: ¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤[iAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - wcstoul : Unknown @ 0xffffffff95937bf0 (call 0xffffffff8dc5eaeb)[iAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - floorf : Unknown @ 0x7ebf9a0 (jmp 0xffffffffffffffb0|jmp 0x8533182) I also did a scan (with rootkit scan enabled) with Malwarebytes but it didn't detect anything. So it is a false positive, or should I be worried? Thanks in advance