RogueKiller V12.0.3.0 [Mar 21 2016] (Free) (H'37) (1F'E, Adlice 'D(1J/ 'D%DC*1HFJ : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com 'DEHB9 : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com F8'E 'D*4:JD : Windows 7 (6.1.7601 Service Pack 1) 64 bits version J(/# AJ : 'DH69 'D7(J9J 'DE3*./E : sama office [E3$HD] Started from : C:\Users\sama office\Desktop\RogueKiller.exe 'DH69 : A-5 -- 'DJHE : 03/26/2016 04:50:08 ¤¤¤ 'D9EDJ) : 0 ¤¤¤ ¤¤¤ 'DE3,D : 25 ¤¤¤ [PUP] (X64) HKEY_LOCAL_MACHINE\Software\SuperEasy Software -> H,/ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> H,/ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\omiga-plusSoftware -> H,/ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SystemK -> H,/ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Torch -> H,/ [PUP] (X64) HKEY_USERS\S-1-5-21-3855221253-3299819671-4228833451-1000\Software\Microsoft\Windows\CurrentVersion\Run | VideoDownloaderUltimate : C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair [7][x] -> H,/ [PUP] (X86) HKEY_USERS\S-1-5-21-3855221253-3299819671-4228833451-1000\Software\Microsoft\Windows\CurrentVersion\Run | VideoDownloaderUltimate : C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair [7][x] -> H,/ [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RelevantKnowledge (C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service) -> H,/ [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SystemkService (C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe) -> H,/ [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RelevantKnowledge (C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service) -> H,/ [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SystemkService (C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe) -> H,/ [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RelevantKnowledge (C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service) -> H,/ [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SystemkService (C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe) -> H,/ [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://isearch.omiga-plus.com/?type=hp&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT -> H,/ [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://isearch.omiga-plus.com/?type=hp&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT -> H,/ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3855221253-3299819671-4228833451-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.default-search.net?sid=503&aid=100&itype=n&ver=13437&tm=414&src=hmp -> H,/ [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3855221253-3299819671-4228833451-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.default-search.net?sid=503&aid=100&itype=n&ver=13437&tm=414&src=hmp -> H,/ [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://isearch.omiga-plus.com/?type=hp&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT -> H,/ [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://isearch.omiga-plus.com/?type=hp&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT -> H,/ [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://isearch.omiga-plus.com/web/?type=ds&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT&q={searchTerms} -> H,/ [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://isearch.omiga-plus.com/web/?type=ds&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT&q={searchTerms} -> H,/ [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3855221253-3299819671-4228833451-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> H,/ [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3855221253-3299819671-4228833451-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> H,/ [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://isearch.omiga-plus.com/web/?type=ds&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT&q={searchTerms} -> H,/ [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://isearch.omiga-plus.com/web/?type=ds&ts=1403963136&from=ild&uid=TOSHIBAXMQ01ABD100_X3S5P8QZTXXX3S5P8QZT&q={searchTerms} -> H,/ ¤¤¤ 'DEG'E : 0 ¤¤¤ ¤¤¤ 'DEDA'* : 5 ¤¤¤ [PUP][EDA] C:\Users\sama office\AppData\Roaming\OpenCandy -> H,/ [PUP][EDA] C:\Users\sama office\AppData\Local\Pokki -> H,/ [PUP][EDA] C:\ProgramData\VideoDownloaderUltimateWinApp -> H,/ [PUP][EDA] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} -> H,/ [PUP][EDA] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} -> H,/ ¤¤¤ EDA 'DGH3* : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: DE J*E 'D*-EJD [0xc000036b]) ¤¤¤ ¤¤¤ 'DE*5A- : 2 ¤¤¤ [PUP][FIREFX:Addon] zb8a5j99.default : Fast Start [faststartff@gmail.com] -> H,/ [PUM.HomePage][FIREFX:Config] zb8a5j99.default : user_pref("browser.startup.homepage", "http://www.default-search.net?sid=503&aid=100&itype=n&ver=13437&tm=414&src=hmp"); -> H,/ ¤¤¤ A-5 'D MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SCSI Disk Device +++++ --- User --- [MBR] 06be89e59914c1b37de45160821d4bc1 [BSP] 6590ab8238aa8fb3838372b819d23367 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 239649 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 491520000 | Size: 240000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 983040000 | Size: 240000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1474560000 | Size: 233868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User != LL2 ... KO! --- LL2 --- [MBR] 06be89e59914c1b37de45160821d4bc1 [BSP] 6590ab8238aa8fb3838372b819d23367 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 239649 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 491520000 | Size: 240000 MB [Error reading VBR! ([1] Incorrect function. )] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 983040000 | Size: 240000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1474560000 | Size: 233868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]