efralope_rogue_report_3_14_14

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Efrain [Admin rights]
Mode : Remove -- Date : 03/14/2014 05:36:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Efrain\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1122584a03b8355d35d535141049523c-b4c6fe9c9646c256f265a909c6ce23396b9b1c9e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Efrain\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 1122584a03b8355d35d535141049523c-b4c6fe9c9646c256f265a909c6ce23396b9b1c9e --CMPID 0913a [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-908756412-3643878856-3920343152-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Efrain\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1122584a03b8355d35d535141049523c-b4c6fe9c9646c256f265a909c6ce23396b9b1c9e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-908756412-3643878856-3920343152-1000\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Efrain\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 1122584a03b8355d35d535141049523c-b4c6fe9c9646c256f265a909c6ce23396b9b1c9e --CMPID 0913a [x][x][x]) -> [0x2] The system cannot find the file specified.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent [x] -> DELETED
[V2][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> DELETED

¤¤¤ Startup Entries : 1 ¤¤¤
[Efrain][SUSP PATH] Z Cinema.lnk : C:\Users\Efrain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk @C:\Users\Efrain\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe /Minimize [-][-] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) SAMSUNG HD501LJ +++++
--- User ---
[MBR] 9258928d86c154b032c6de048637f7a6
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 464912 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952140420 | Size: 12025 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE2 @ USB) WDC WD50 00BEVT-22ZAT0 USB Device +++++
--- User ---
[MBR] 2e01f508988c154e1f0aa2e9e3159799
[BSP] 6905deb1716f55e21b73b826eda7a4cc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_03142014_053643.txt >>
RKreport[0]_S_03142014_053524.txt