rkreport

1. RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
2. mail : http://www.adlice.com/contact/
3. Feedback : http://forum.adlice.com
4. Website : http://www.adlice.com/softwares/roguekiller/
5. Blog : http://www.adlice.com
6.  
7. Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
8. Started in : Normal mode
9. User : April Bowers Agency [Admin rights]
10. Mode : Scan -- Date : 04/17/2014 16:16:50
11. | ARK || FAK || MBR |
12.  
13. ¤¤¤ Bad processes : 0 ¤¤¤
14.  
15. ¤¤¤ Registry Entries : 13 ¤¤¤
16. [RUN][SUSP PATH] HKCU\[...]\RunOnce : 414_1410224460086 ("C:\Users\April Bowers Agency\AppData\Local\LMIR0001.tmp_r.bat" [-]) -> FOUND
17. [RUN][SUSP PATH] HKCU\[...]\RunOnce : 414_1639508460086 ("C:\Users\April Bowers Agency\AppData\Local\LMIR0002.tmp_r.bat" [-]) -> FOUND
18. [RUN][SUSP PATH] HKUS\S-1-5-21-4234849188-1163541568-2843079188-1000\[...]\RunOnce : 414_1410224460086 ("C:\Users\April Bowers Agency\AppData\Local\LMIR0001.tmp_r.bat" [-]) -> FOUND
19. [RUN][SUSP PATH] HKUS\S-1-5-21-4234849188-1163541568-2843079188-1000\[...]\RunOnce : 414_1639508460086 ("C:\Users\April Bowers Agency\AppData\Local\LMIR0002.tmp_r.bat" [-]) -> FOUND
20. [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
21. [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
22. [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
23. [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
24. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
25. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
26. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
27. [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
28. [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
29.  
30. ¤¤¤ Scheduled tasks : 0 ¤¤¤
31.  
32. ¤¤¤ Startup Entries : 0 ¤¤¤
33.  
34. ¤¤¤ Web browsers : 0 ¤¤¤
35.  
36. ¤¤¤ Browser Addons : 0 ¤¤¤
37.  
38. ¤¤¤ Particular Files / Folders: ¤¤¤
39.  
40. ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
41.  
42. ¤¤¤ External Hives: ¤¤¤
43.  
44. ¤¤¤ Infection : ¤¤¤
45.  
46. ¤¤¤ HOSTS File: ¤¤¤
47. --> %SystemRoot%\System32\drivers\etc\hosts
48.  
49.  
50. 127.0.0.1 localhost
51.  
52.  
53. ¤¤¤ MBR Check: ¤¤¤
54.  
55. +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
56. --- User ---
57. [MBR] 7146ac023b590120d324c2054f930238
58. [BSP] ed9188adb6df21e42c95ae8751f547c0 : Windows Vista/7/8 MBR Code
59. Partition table:
60. 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
61. 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598025 MB
62. 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1224962048 | Size: 12353 MB
63. User = LL1 ... OK!
64. User != LL2 ... KO!
65. --- LL2 ---
66. [MBR] 543e07ee5ab191f51c451df8fb780f08
67. [BSP] 2125549b3c828837a59d43cb76e30c23 : Windows 7/8 MBR Code
68. Partition table:
69. 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB
70.  
71. +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Multi Flash Reader USB Device +++++
72. Error reading User MBR! ([0x15] The device is not ready. )
73. User = LL1 ... OK!
74. Error reading LL2 MBR! ([0x32] The request is not supported. )
75.  
76. Finished : << RKreport[0]_S_04172014_161650.txt >>