RogueKiller V12.11.0.0 [May 29 2017] (Premium) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : fadi [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Delete -- Date : 05/29/2017 14:02:28 (Duration : 00:46:05) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 31 ¤¤¤ [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{53D9DE0B-FC61-4650-9773-74D13CC7E582} (C:\Program Files\Tencent\QQPlayer\mkx.dll) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{564FD788-86C9-4444-971E-CC4A243DA150} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{64F2005C-6CF5-4652-B94F-600360B15B27} (C:\Program Files\Tencent\QQPlayer\mkx.dll) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{7B63A013-DC2C-462E-9292-CAF8C867100F} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{895322C5-84A1-450C-8478-C57793CAE86F} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{90C7D10E-CE9A-479B-A238-1A0F2396DE43} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{B841F346-4835-4de8-AA5E-2E7CD2D4C435} (C:\Program Files\Tencent\QQPlayer\ts.dll) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{BD4FB4BE-809D-487b-ADD6-F7D164247E52} (C:\Program Files\Tencent\QQPlayer\mkx.dll) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{F13D3732-96BD-4108-AFEB-E85F68FF64DC} (C:\Program Files\Tencent\QQPlayer\splitter.ax) -> Deleted [PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{FB50EEA7-2E65-4BA7-8AE1-465C7393F695} (C:\Program Files\Tencent\QQPlayer\QPShellExt.dll) -> Deleted [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Replaced () [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Replaced () [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB4C17DB-9260-407B-881F-C6FEA3A7137B} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Replaced () [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EB4C17DB-9260-407B-881F-C6FEA3A7137B} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Replaced () [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {276BF38C-68FE-4B5F-8000-BC42C734538E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\fadi\AppData\Local\Temp\recinstalldl\RecInst.exe|Name=??????| [x] -> Deleted [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E7994156-F469-4AD2-8BDB-B597A7234B84} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\fadi\AppData\Local\Temp\recinstalldl\RecInst.exe|Name=??????| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B342B3E6-D54B-4384-9484-14644598FFDC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QQPlayer.exe|Name=QQPlayer| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {024FDEDD-DAFF-400D-B512-3D5A8193A46F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QQPlayer.exe|Name=QQPlayer| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {473D7771-9174-49E5-8524-1EEF933318C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QPUp.exe|Name=QPUpdate| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87762DDD-1B93-4A05-B02C-E2663C39028E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QPUp.exe|Name=QPUpdate| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {15B72D70-0A1E-4F81-9498-F1472338CBB2} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Tencent\QQPlayer\QPToolbox.exe|Name=QPToolBox|Desc=QPToolBox|EmbedCtxt=QPToolBox| [x] -> Deleted [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {276BF38C-68FE-4B5F-8000-BC42C734538E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\fadi\AppData\Local\Temp\recinstalldl\RecInst.exe|Name=??????| [x] -> Deleted [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E7994156-F469-4AD2-8BDB-B597A7234B84} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\fadi\AppData\Local\Temp\recinstalldl\RecInst.exe|Name=??????| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B342B3E6-D54B-4384-9484-14644598FFDC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QQPlayer.exe|Name=QQPlayer| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {024FDEDD-DAFF-400D-B512-3D5A8193A46F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QQPlayer.exe|Name=QQPlayer| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {473D7771-9174-49E5-8524-1EEF933318C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QPUp.exe|Name=QPUpdate| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87762DDD-1B93-4A05-B02C-E2663C39028E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Tencent\QQPlayer\QPUp.exe|Name=QPUpdate| [x] -> Deleted [PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {15B72D70-0A1E-4F81-9498-F1472338CBB2} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Tencent\QQPlayer\QPToolbox.exe|Name=QPToolBox|Desc=QPToolBox|EmbedCtxt=QPToolBox| [x] -> Deleted ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 4 ¤¤¤ [PUP.Gen1][Folder] C:\ProgramData\simplitec -> Deleted [Tr.Gen0][File] C:\Users\fadi\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted [Tr.Gen0][File] C:\Users\fadi\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted [PUP.Gen1][Folder] C:\ProgramData\simplitec -> ERROR [3] ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BVVT-63A26Y0 ATA Device +++++ --- User --- [MBR] 3ebc683fce5c936c3c47a2e2842a9cf7 [BSP] 100b9487c665ba537576e042e0cee537 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204800000 | Size: 205244 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK