RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Sean [Admin rights] Mode: Remove -- Date: 08/10/2012 11:48:04 ¤¤¤ Bad processes: 2 ¤¤¤ [SUSP PATH] xrseb.exe -- C:\Users\Sean\AppData\Roaming\Microsoft\Xrseb\xrseb.exe -> KILLED [TermProc] [SUSP PATH] aswMBR.exe -- C:\Users\Sean\Desktop\aswMBR.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : nafycrfe ("C:\Users\Sean\AppData\Roaming\Microsoft\Xrseb\xrseb.exe") -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] 31dd862f5897df0d5274a3732cb9bd75 [BSP] 043484c3b9126deab5df41705fa6fa64 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 699474 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1435596800 | Size: 14429 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt