RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : David [Admin rights] Mode : Scan -- Date : 09/25/2012 15:03:00 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 29 ¤¤¤ [Services][LOCK] HKLM\[...]\ControlSet001\Services\bdfm (bdfm.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet001\Services\bdfsfltr (bdfsfltr.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet001\Services\BDSelfPr (BDSelfPr.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet001\Services\LIVESRV (LIVESRV.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet001\Services\scan (scan.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet001\Services\VSSERV (VSSERV.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet003\Services\bdfm (bdfm.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet003\Services\bdfsfltr (bdfsfltr.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet003\Services\BDSelfPr (BDSelfPr.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet003\Services\LIVESRV (LIVESRV.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet003\Services\scan (scan.sys) -> FOUND [Services][LOCK] HKLM\[...]\ControlSet003\Services\VSSERV (VSSERV.sys) -> FOUND [TASK][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: RAIDVOL +++++ --- User --- [MBR] 1f4b0519f60c8fe9a57a2e6148e51584 [BSP] a18e77fe46c737af66080dadd9590f81 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1894063 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3879247872 | Size: 13570 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt