RogueKiller V8.4.3 [Jan 24 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Nicki [Admin rights] Mode : Scan -- Date : 01/25/2013 11:33:55 | ARK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Nicki\Application Data\sdlat.dll -> KILLED [TermProc] [DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Nicki\Application Data\apsas.dll -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][bLACKLISTDLL] HKLM\[...]\Run : bvuts (rundll32.exe ",HrCheckTridentMenu) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Run : sdlat ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Nicki\Application Data\sdlat.dll",Method_Fini) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Run : apsas ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Nicki\Application Data\apsas.dll",Module_GetDict) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHV2040BH +++++ --- User --- [MBR] 4089de0212d4b1babb74a1443923f31b [bSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 31918 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 65448810 | Size: 4753 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01252013_02d1133.txt >> RKreport[1]_S_01252013_02d1133.txt