RogueKiller report: RogueKiller V9.2.11.0 (x64) [sep 9 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Thomas [Admin rights]Mode : Scan -- Date : 09/22/2014 08:39:59 ¤¤¤ Bad processes : 3 ¤¤¤[suspicious.Path] srptm.exe -- C:\Users\Thomas\AppData\Local\LPT\srptm.exe[7] -> KILLED [TermProc][suspicious.Path] SafeFinder.exe -- C:\Users\Thomas\AppData\Local\Smartbar\Application\SafeFinder.exe[7] -> KILLED [TermProc][suspicious.Path] Lrcnta.exe -- C:\Users\Thomas\AppData\Local\Smartbar\Application\Lrcnta.exe[7] -> KILLED [TermThr] ¤¤¤ Registry Entries : 19 ¤¤¤[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\Users\Thomas\AppData\Local\Smartbar\Application\SafeFinder.exe startup -> FOUND[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\Users\Thomas\AppData\Local\Smartbar\Application\SafeFinder.exe startup -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55B5A88F-A52D-405B-BC47-B756B916D2D9} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55B5A88F-A52D-405B-BC47-B756B916D2D9} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{55B5A88F-A52D-405B-BC47-B756B916D2D9} | DhcpNameServer : 172.20.10.1 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpXjhe_dNjBMtIxzLFXDegrSYyYC-e3RNNlEGmyGVisK9J_L0z9HZDOiv6P2hX5wLVQwte4BJDiQYTDwDBIPadzZM74C5nba4t12zmY-gTcWL23GgRwfbO-h1UEH5l7QVSJMQR0DH3n2K7oQmcl_hPEXSihBo6aJC9w, -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpXjhe_dNjBMtIxzLFXDegrSYyYC-e3RNNlEGmyGVisK9J_L0z9HZDOiv6P2hX5wLVQwte4BJDiQYTDwDBIPadzZM74C5nba4t12zmY-gTcWL23GgRwfbO-h1UEH5l7QVSJMQR0DH3n2K7oQmcl_hPEXSihBo6aJC9w, -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpXjhe_dNjBMtIxzLFXDegrSYyYC-e3RNNlEGmyGVisK9J_L0z9HZDOiv6P2hX5wLVQwte4BJDiQYTD8Sm1LXIJlRd8vPKEH2Bf_Em1S_Gj2GAqmcjN2H4D8a1KxLqHHt7clTPSxxBQ46hO84fwsb457UGTW2XFMqmg,&q={searchTerms} -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-688022932-218857659-4085766599-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpXjhe_dNjBMtIxzLFXDegrSYyYC-e3RNNlEGmyGVisK9J_L0z9HZDOiv6P2hX5wLVQwte4BJDiQYTD8Sm1LXIJlRd8vPKEH2Bf_Em1S_Gj2GAqmcjN2H4D8a1KxLqHHt7clTPSxxBQ46hO84fwsb457UGTW2XFMqmg,&q={searchTerms} -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 3 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost[C:\Windows\System32\drivers\etc\hosts] ::1 localhost[C:\Windows\System32\drivers\etc\hosts] 192.168.1.20 NPI3CE01F.home ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤[PUM.HomePage][FIREFX:Config] ct8l8g8a.default : user_pref("browser.startup.homepage", "http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpXjhe_dNjBMtIxzLFXDegrSYyYC-e3RNNlEGmyGVisK9J_L0z9HZDOiv6P2hX5wLVQwte4BJDiQYTDwDBIPadzZM74C5nba4t12zmY-gTcWL23GgRwfbO-h1UEH5l7QVSJMQR0DH3n2K7oQmcl_hPEXSihBo6aJC9w,"); -> FOUND ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] edc91375e1688e046a3145170dcefa05[bSP] a4940b9b36bc77f022e2c60876231236 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: WD 15EADS External USB Device +++++--- User ---[MBR] fef6f5e10ed0bd0c80b358dd210bc5d0[bSP] 40231720836cf22515030a6994b89106 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430798 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Multi-Card USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) ============================================RKreport_SCN_09212014_122051.log