RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo...13-roguekiller/
Website :
http://tigzy.geeksto...roguekiller.php
Blog :
http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mom [Admin rights]
Mode : Remove -- Date : 04/24/2013 19:10:35
| ARK || FAK || MBR |
¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] genupdater.exe -- C:\Users\Mom\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]
[SUSP PATH] gentray.exe -- C:\Users\Mom\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] StrongVaultApp.exe -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe [-] -> KILLED [TermProc]
[SUSP PATH] genieutils.exe -- C:\Users\Mom\AppData\Roaming\Genieo\Application\Engine\lib\genieutils.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoUpdaterService ("C:\Users\Mom\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5) [7] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\Mom\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe") [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging (C:\Users\Mom\AppData\Local\Strongvault Online Backup\SMessaging.exe) [7] -> DELETED
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4478 : wscript.exe C:\Users\Mom\AppData\Local\Temp\launchie.vbs //B -> DELETED
[TASK][SUSP PATH] Poppet : C:\Users\Mom\AppData\Roaming\Microsoft\Windows\trillipoppet.exe [x] -> DELETED
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Mom\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [x] -> DELETED
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [-] -> DELETED
[STARTUP][RESIDUE] StrongVaultApp.exe @Common : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe [-] -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] f86f41c7fa6c00b5d15747c9d3af5078
[BSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 943710 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04242013_02d1910.txt >>
RKreport[1]_S_04242013_02d1909.txt ; RKreport[2]_D_04242013_02d1910.txt