RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/18/2013 12:37:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : dtlswbgexu (wscript.exe //B "C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs" [x][-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : dtlswbgexu (wscript.exe //B "C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs" [x][-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4051628422-3525690287-1979791056-500\[...]\Run : dtlswbgexu (wscript.exe //B "C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs" [x][-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\yowindow.scr [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Standard disk drives) - WDC WD3200BPVT-75JJ5 SCSI Disk Device +++++
--- User ---
[MBR] b0caeff0a8c2231e2f83f53be1f26e1e
[BSP] 3015a1c815c8207294b18f2e6dcbb5dc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 16540 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33955840 | Size: 288664 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 73920a717faa44688e257199dcd65184
[BSP] 06a57c4df93b66336f2c2dd85bdca78d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953836 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - Generic Flash Disk USB Device +++++
--- User ---
[MBR] d8fd4ea011939243c5d0e5de00388de6
[BSP] 027927e549254939956237cd4c318c90 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1504 | Size: 1899 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_10182013_123731.txt >>
RKreport[0]_S_10172013_233059.txt