My mistake, my buddy gave me that today which was the first time i ran it.
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website :
http://tigzy.geekstogo.com/roguekiller.php
Blog :
http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : pamato [Admin rights]
Mode : Scan -- Date : 06/04/2013 21:58:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 3 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\pamato\AppData\Local\Widcomm\vwhsfohz.dll [x] -> UNLOADED
[SUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc]
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\pamato\AppData\Local\Widcomm\vwhsfohz.dll [x] -> UNLOADED
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Widcomm (REGSVR32.EXE C:\Users\pamato\AppData\Local\Widcomm\vwhsfohz.dll) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1417001333-1682526488-839522115-249927[...]\Run : Widcomm (REGSVR32.EXE C:\Users\pamato\AppData\Local\Widcomm\vwhsfohz.dll) [-] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (enpusfpkinf01:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{F39B21CE-17BD-4563-BC8F-26C93DDA032C} : NameServer (10.16.64.11,10.20.64.11) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{F39B21CE-17BD-4563-BC8F-26C93DDA032C} : NameServer (10.16.64.11,10.20.64.11) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82333DA5 -> HOOKED (Unknown @ 0x875EB9D8)
SSDT[14] : NtAlertThread @ 0x82286CC7 -> HOOKED (Unknown @ 0x875E96C0)
SSDT[19] : NtAllocateVirtualMemory @ 0x8227FCBC -> HOOKED (Unknown @ 0x875E7828)
SSDT[74] : NtCreateMutant @ 0x8226634C -> HOOKED (Unknown @ 0x875EB728)
SSDT[87] : NtCreateThread @ 0x82331FE2 -> HOOKED (Unknown @ 0x875E79B8)
SSDT[131] : NtFreeVirtualMemory @ 0x8210E81C -> HOOKED (Unknown @ 0x875E7688)
SSDT[145] : NtImpersonateAnonymousToken @ 0x8224B962 -> HOOKED (Unknown @ 0x875EB818)
SSDT[147] : NtImpersonateThread @ 0x822CF962 -> HOOKED (Unknown @ 0x875EB8F8)
SSDT[168] : NtMapViewOfSection @ 0x8229C5F1 -> HOOKED (Unknown @ 0x875E89B8)
SSDT[177] : NtOpenEvent @ 0x82265D48 -> HOOKED (Unknown @ 0x875EB648)
SSDT[191] : NtOpenProcessToken @ 0x822BA36F -> HOOKED (Unknown @ 0x875E78F8)
SSDT[199] : NtOpenThreadToken @ 0x822CE64B -> HOOKED (Unknown @ 0x875E8758)
SSDT[304] : NtResumeThread @ 0x822C66C2 -> HOOKED (Unknown @ 0x872C9B38)
SSDT[316] : NtSetContextThread @ 0x82333851 -> HOOKED (Unknown @ 0x875E8698)
SSDT[333] : NtSetInformationProcess @ 0x8228E875 -> HOOKED (Unknown @ 0x875E8828)
SSDT[335] : NtSetInformationThread @ 0x822BFE26 -> HOOKED (Unknown @ 0x875E99C8)
SSDT[366] : NtSuspendProcess @ 0x82333CDF -> HOOKED (Unknown @ 0x875ED978)
SSDT[367] : NtSuspendThread @ 0x822EB19B -> HOOKED (Unknown @ 0x875E9808)
SSDT[370] : NtTerminateProcess @ 0x822B0D86 -> HOOKED (Unknown @ 0x875EA6B8)
SSDT[371] : NtTerminateThread @ 0x822CE69B -> HOOKED (Unknown @ 0x875E98E8)
SSDT[385] : NtUnmapViewOfSection @ 0x822BA9AA -> HOOKED (Unknown @ 0x875E88F8)
SSDT[399] : NtWriteVirtualMemory @ 0x822B5A83 -> HOOKED (Unknown @ 0x875E7758)
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT0 +++++
--- User ---
[MBR] 4cd91750ce87a9415415c8b7bc2671ad
[BSP] 942f3df21fcddc7c67a0dc58e20f1548 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 119999 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245760000 | Size: 118473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_06042013_02d2158.txt >>
RKreport[1]_S_06042013_02d2158.txt