RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : jorlan [Admin rights] Mode : Remove -- Date : 04/14/2013 19:02:02 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [BLPATH] cacaoweb.exe -- C:\Users\Dylan\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][BLPATH] HKUS\S-1-5-21-2520992642-3616090921-3505923365-1005[...]\Run : cacaoweb ("C:\Users\Dylan\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) [-] -> DELETED [RUN][SUSP PATH] HKCU\[...]\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) [-] -> DELETED [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : MSPCLOCK (rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}) -> DELETED [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : MSPQM (rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}) -> DELETED [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : MSKSSRV (rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}) -> DELETED [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : MSTEE.CxTransform (rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install) -> DELETED [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : MSTEE.Splitter (rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install) -> DELETED [RUN][BLACKLISTDLL] HKLM\[...]\RunOnce : WDM_DRMKAUD (rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.ProgFiles ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST750LM0 22 HN-M750MBB SATA Disk Device +++++ --- User --- [MBR] 31da2e0acdffa60dc9808641c72f541d [BSP] c6fe615751ca3a09e35c453445ba2ffb : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 715404 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04142013_02d1902.txt >> RKreport[1]_S_04142013_02d1859.txt ; RKreport[2]_D_04142013_02d1902.txt