RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert Chau [Admin rights]
Mode : Remove -- Date : 12/28/2012 16:46:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 20 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : FinderNavigation (regsvr32 /s /u "C:\Users\Robert Chau\AppData\Local\Finder\FinderNavigation.dll") -> DELETED
[TASK][SUSP PATH] At7.job : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> DELETED
[TASK][SUSP PATH] At6.job : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> DELETED
[TASK][SUSP PATH] At5.job : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> DELETED
[TASK][SUSP PATH] At4.job : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> DELETED
[TASK][SUSP PATH] At3.job : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> DELETED
[TASK][SUSP PATH] At2.job : C:\Users\ROBERT~1\AppData\Local\Temp\gpupdatea.exe  -> DELETED
[TASK][SUSP PATH] At1.job : C:\Users\ROBERT~1\AppData\Local\Temp\cdso.exe  -> DELETED
[TASK][SUSP PATH] At1 : C:\Users\ROBERT~1\AppData\Local\Temp\cdso.exe  -> DELETED
[TASK][SUSP PATH] At2 : C:\Users\ROBERT~1\AppData\Local\Temp\gpupdatea.exe  -> ERROR
[TASK][SUSP PATH] At3 : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> ERROR
[TASK][SUSP PATH] At4 : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> ERROR
[TASK][SUSP PATH] At5 : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> ERROR
[TASK][SUSP PATH] At6 : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> ERROR
[TASK][SUSP PATH] At7 : C:\Users\ROBERT~1\AppData\Local\Temp\tsdiscona.exe  -> ERROR
[HJPOL] HKCU\[...]\Services\Microsoft\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Services\Microsoft\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT
-> E:\Documents and Settings\Robert Chau\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500KS-00MJB0 ATA Device +++++
--- User ---
[MBR] 789bf7d55c675885bf2676e3d7427531
[BSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500KS-00MJB0 ATA Device +++++
--- User ---
[MBR] bc3cdd39b74c2b351c92d83b936ffee9
[BSP] 5b625b9b0d2e3f8128d2666b878e519a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2500KS-00MJB0 ATA Device +++++
--- User ---
[MBR] 4fb19c5f7b8ed5f08bc595c5857ba017
[BSP] de620642f4c1f0b417705846acf8e4bd : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Hitachi HDT725025VLAT80 USB Device +++++
--- User ---
[MBR] 50eac2db85f5fdb1e74913718c4f0589
[BSP] 424f45a814422985cd6ff242dd94907c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WD Elements 1023 USB Device +++++
--- User ---
[MBR] 81f4567ca4f7344161943cebd71ad707
[BSP] 96ff7c7f3258164a746e287c90e9bb6f : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12282012_02d1646.txt >>
RKreport[1]_S_12282012_02d1645.txt ; RKreport[2]_D_12282012_02d1646.txt