RogueKiller V10.6.5.0 [May 20 2015] by Adlice Software
mail :
https://www.adlice.com/contact/
Feedback :
https://forum.adlice.com
Website :
https://www.adlice.com/softwares/roguekiller/
Blog :
https://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ethan [Administrator]
Started from : C:\Users\Ethan\Desktop\Antivirus-PC Cleaning\RogueKiller.exe
Mode : Scan -- Date : 05/24/2015 16:59:42
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] MFUSNM~1.EXE(3284) -- C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE[7] -> Killed [TermProc]
¤¤¤ Registry : 11 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3805462314-2989857978-3840800272-1001\Software\Microsoft\Windows\CurrentVersion\Run | MediaFire Tray : C:\Users\Ethan\AppData\Local\MediaFire Desktop\mf_watch.exe [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3805462314-2989857978-3840800272-1001\Software\Microsoft\Windows\CurrentVersion\Run | MediaFire Tray : C:\Users\Ethan\AppData\Local\MediaFire Desktop\mf_watch.exe [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MF NTFS Monitor (C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MF NTFS Monitor (C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MF NTFS Monitor (C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] The Hunger Games 2012 [1080p].lnk -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Hunger Games 2012 [1080p].lnk [LNK@] C:\ProgramData\{74d13242-98cb-b9b9-74d1-1324298cc90a}\The Hunger Games 2012 [1080p].exe --startup=1 -> Found
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SCSI Disk Device +++++
--- User ---
[MBR] 0bed2b2a032f28097d40f1259a4f69cd
[BSP] 88a583cae3b52f6036f01058005aa79e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 931418 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1907953664 | Size: 22148 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 0bed2b2a032f28097d40f1259a4f69cd
[BSP] 88a583cae3b52f6036f01058005aa79e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 931418 MB [Error reading VBR! ([1] Incorrect function. )]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1907953664 | Size: 22148 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB