RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : brian [Administrator] Mode : Scan -- Date : 11/16/2014 12:58:20 ¤¤¤ Processes : 1 ¤¤¤ [Suspicious.Path] (SVC) A2DDA -- \??\C:\USERS\BRIAN\DESKTOP\VIRUS SCANNER'S\ALTIJD\EMSISOFT\RUN\a2ddax64.sys[7] -> Stopped ¤¤¤ Registry : 29 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\A2DDA (\??\C:\USERS\BRIAN\DESKTOP\VIRUS SCANNER'S\ALTIJD\EMSISOFT\RUN\a2ddax64.sys) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cleanhlp (\??\C:\Users\brian\Desktop\virus scanner's\Altijd\emsisoft\Run\cleanhlp64.sys) -> Found [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FontCache3.0.0.0 (%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SASDIFSV (\??\C:\Users\brian\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SASKUTIL (\??\C:\Users\brian\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A2DDA (\??\C:\USERS\BRIAN\DESKTOP\VIRUS SCANNER'S\ALTIJD\EMSISOFT\RUN\a2ddax64.sys) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cleanhlp (\??\C:\Users\brian\Desktop\virus scanner's\Altijd\emsisoft\Run\cleanhlp64.sys) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV (\??\C:\Users\brian\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL (\??\C:\Users\brian\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\A2DDA (\??\C:\USERS\BRIAN\DESKTOP\VIRUS SCANNER'S\ALTIJD\EMSISOFT\RUN\a2ddax64.sys) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cleanhlp (\??\C:\Users\brian\Desktop\virus scanner's\Altijd\emsisoft\Run\cleanhlp64.sys) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASDIFSV (\??\C:\Users\brian\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASKUTIL (\??\C:\Users\brian\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS) -> Found [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1012701413-1853892315-1459238543-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1012701413-1853892315-1459238543-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1012701413-1853892315-1459238543-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1012701413-1853892315-1459238543-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤ [IAT:Inl] (firefox.exe @ WININET.dll) ntdll.dll - NtCreateFile : Unknown @ 0x140004 (jmp 0xffffffff88f0ff50) ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] mieuypfa.default-1415534195062 : user_pref("browser.startup.homepage", "www.google.nl"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ATA Samsung SSD 840 SCSI Disk Device +++++ --- User --- [MBR] 7f5783e60449becfb844798b7254d35b [BSP] c39d9362dca093785d2af41ace02bb2e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238471 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ATA ST1000DM003-1CH1 SCSI Disk Device +++++ --- User --- [MBR] b885646c95f450716676d568754101f3 [BSP] 4cf44662bede545d730a633d98659251 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 553865 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1134317568 | Size: 100000 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1339119616 | Size: 300000 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: ATA ST3320311CS SCSI Disk Device +++++ --- User --- [MBR] 3d4947421cdab2c749a02c6ffc8ad3b3 [BSP] b9e02b50a6e81ecaaa30e04202de18d7 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305242 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] Het apparaat is niet klaar. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. ) +++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] Het apparaat is niet klaar. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. ) +++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] Het apparaat is niet klaar. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. ) +++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] Het apparaat is niet klaar. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. ) ============================================ RKreport_SCN_11162014_125244.log - RKreport_DEL_11162014_125542.log