RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Remove -- Date : 04/23/2013 12:05:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH] Updater21804.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Updater21804\Updater21804.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : Updater21804.exe (C:\Documents and Settings\Administrator\Local Settings\Application Data\Updater21804\Updater21804.exe /extensionid=21804 /extensionname='Coupon Companion Plugin' /chromeid=jneaojaoiajhnemidnjhoempalnidbhj /stayidle /delay=300) [-] -> DELETED [Services][HJNAME] HKLM\[...]\ControlSet001\Services\IASJet (C:\WINDOWS\SysWOW64\svchost.exe -k iasjet) [7] -> DELETED [Services][HJNAME] HKLM\[...]\ControlSet002\Services\IASJet (C:\WINDOWS\SysWOW64\svchost.exe -k iasjet) [7] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{11bf78f0-10e5-0265-1602-4314792ab3fe}\@ [-] --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{11bf78f0-10e5-0265-1602-4314792ab3fe}\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{11bf78f0-10e5-0265-1602-4314792ab3fe}\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Mal.Hosts|ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.winmx.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 +++++ --- User --- [MBR] ffd5c5037a2bb704984c3e3ac09a5471 [BSP] 99c33136d493688c71253d13dc0b4c20 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 71682030 | Size: 918866 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1002FAEX-00Z3A0 +++++ --- User --- [MBR] f3151306888147069a4a98d760d389bf [BSP] b8e061f445696c20c222aabfe70d912a : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD1001FALS-00J7B0 +++++ --- User --- [MBR] ac77c185595cfa0d849cf883c62207bb [BSP] 73ac9ac57eb989e79088f0ae29f63aeb : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD7501AALS-00J7B0 +++++ --- User --- [MBR] 3e1466b95a30de1ade942fe218d2575d [BSP] 5003d3836793fc006e917e5022b2ea17 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715403 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: WDC WD1001FALS-00J7B SCSI Disk Device +++++ --- User --- [MBR] 9b747da65d5e5500129a95dcdae75efc [BSP] 8df104b2374182b28f1539eeb534ec29 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_04232013_02d1205.txt >> RKreport[1]_S_04232013_02d1203.txt ; RKreport[2]_D_04232013_02d1205.txt