hciic

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : iamnoob [Admin rights] Mode : Scan -- Date : 12/03/2012 16:45:11 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] ouc.exe -- C:\ProgramData\Broadband\OnlineUpdate\ouc.exe -> KILLED [TermProc] [sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc] [sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 13 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++ --- User --- [MBR] 3d3494d314718fa29b77a3b995c031da [bSP] bf1a441159fc0e25446037daca2178a1 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80303 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164667392 | Size: 80000 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 328507392 | Size: 144840 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_S_12032012_02d1645.txt >> RKreport[1]_S_12022012_02d0056.txt ; RKreport[2]_S_12032012_02d1645.txt

i am sorry but i don't know where is the report of online eset but after scaning zero detection with eset online scanner. ComboFix.txt

its says on every program i run illegal operation attempt on registry key that has been marked for deletion what to do should i restart my computer or what

when i open combofix.txt says illegal operation attempt on registry key that has been marked for deletion

ComboFix 12-12-01.02 - iamnoob 12/02/2012 1:20.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1371 [GMT 5:00] Running from: c:\users\iamnoob\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - system32: deleted 12 bytes in 1 streams. . ((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 ))))))))))))))))))))))))))))))) . . 2012-12-01 20:31 . 2012-12-01 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-01 19:56 . 2012-12-01 19:56 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-12-01 19:55 . 2012-12-01 19:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD732E4B-D13F-4D53-8442-0DB68E28E5C9}\offreg.dll 2012-12-01 18:27 . 2012-12-01 18:27 -------- d-----w- c:\programdata\TamoSoft 2012-12-01 18:27 . 2012-12-01 18:27 -------- d-----w- c:\program files\CommView 2012-11-30 21:30 . 2012-12-01 10:18 -------- d-----w- c:\program files\Exterminate It! 2012-11-29 21:28 . 2012-11-30 19:44 -------- d-----w- c:\program files\Paint.NET 2012-11-29 13:53 . 2012-11-29 13:53 -------- d-----w- c:\program files\Pixlr 2012-11-29 13:53 . 2012-11-29 13:53 -------- d-----w- c:\program files\Common Files\Adobe AIR 2012-11-26 10:05 . 2012-11-26 10:05 -------- d-----w- c:\programdata\Broadband 2012-11-26 10:04 . 2012-11-27 20:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-11-26 10:04 . 2012-11-27 20:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2012-11-26 10:02 . 2012-11-27 21:00 -------- d-----w- c:\programdata\DatacardService 2012-11-25 05:57 . 2012-11-25 06:01 -------- d-----w- c:\program files\FDRLab 2012-11-25 05:46 . 2012-11-25 05:46 -------- d-----w- c:\windows\Sun 2012-11-25 05:34 . 2012-11-25 05:56 -------- d-----w- c:\program files\Stealth Keyword Competition Analyzer 2012-11-24 09:26 . 2012-11-24 09:26 -------- d-----w- c:\users\Public\DesktopSuper-AlexaBooster V1.10 2012-11-24 09:26 . 2012-11-24 09:26 -------- d-----w- c:\users\Public\DesktopSuper Alexa Booster 2012-11-24 09:26 . 2012-11-24 09:26 -------- d-----w- c:\program files\Super AlexaBooster 2012-11-24 05:54 . 2012-11-25 06:36 -------- d-----w- c:\programdata\Keyword Sniper Pro 2012-11-24 05:54 . 2008-04-13 21:12 506368 ----a-w- c:\windows\system32\msxml.dll 2012-11-24 05:54 . 2012-11-25 06:36 -------- d-----w- c:\program files\Keyword Sniper Pro 2012-11-24 05:54 . 2008-05-14 17:48 28672 ----a-w- c:\windows\system32\lgpi32.dll 2012-11-24 05:54 . 1997-01-24 11:29 1334032 ----a-w- c:\windows\system32\msvbvm50.dll 2012-11-21 08:15 . 2012-11-21 08:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-11-20 06:00 . 2012-11-20 06:00 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-11-20 06:00 . 2012-11-20 06:00 -------- d-----w- c:\programdata\Caphyon 2012-11-20 05:59 . 2012-11-20 11:12 -------- d-----w- c:\program files\spotflux 2012-11-20 05:58 . 2012-11-20 05:58 -------- d-----w- c:\program files\Common Files\Java 2012-11-20 05:57 . 2012-11-20 05:57 -------- d-----w- c:\program files\Oracle 2012-11-20 05:57 . 2012-05-04 14:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-20 05:57 . 2012-05-04 14:29 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-20 05:56 . 2012-11-20 05:56 -------- d-----w- c:\program files\Java 2012-11-14 00:43 . 2012-11-14 00:43 -------- d-----w- c:\program files\Foxit Software 2012-11-14 00:17 . 2012-11-14 00:17 32000 ----a-w- c:\windows\system32\drivers\stppp.sys 2012-11-14 00:17 . 2012-11-14 00:17 30464 ----a-w- c:\windows\system32\drivers\st330.sys 2012-11-14 00:17 . 2012-11-14 00:17 16128 ----a-w- c:\windows\system32\drivers\lpwdm.sys 2012-11-14 00:17 . 2012-11-14 00:17 12672 ----a-w- c:\windows\system32\drivers\stbus.sys 2012-11-14 00:13 . 2012-11-14 00:13 -------- d-----w- c:\program files\Thomson SpeedTouch 2012-11-12 15:08 . 2012-11-12 15:08 -------- d-----w- c:\program files\Microsoft Works 2012-11-12 15:07 . 2012-11-24 21:08 -------- d-----w- c:\program files\Microsoft.NET 2012-11-12 15:07 . 2012-11-12 15:07 -------- d-----w- c:\windows\PCHEALTH 2012-11-12 15:06 . 2012-11-12 15:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-11-12 15:05 . 2012-11-12 15:10 -------- d-----w- c:\programdata\Microsoft Help 2012-11-12 15:04 . 2012-11-12 15:04 -------- d-----r- C:\MSOCache 2012-11-12 10:09 . 2012-11-12 10:09 -------- d-----w- c:\program files\TheBestSpinner3 2012-11-11 22:15 . 2012-11-11 22:15 -------- d-----w- c:\program files\Notepad++ 2012-11-11 21:04 . 2012-11-11 21:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-11 21:04 . 2012-11-11 21:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-11 21:04 . 2012-11-11 21:04 -------- d-----w- c:\windows\system32\Macromed 2012-11-11 17:52 . 2012-11-11 17:52 -------- d-----w- c:\program files\VaudiX 2012-11-11 17:51 . 2012-11-11 17:52 -------- d-----w- c:\programdata\Premium 2012-11-11 00:03 . 2012-11-11 00:03 -------- d-----w- c:\programdata\Persist 2012-11-10 19:26 . 2012-11-11 17:52 -------- d-----w- c:\programdata\InstallMate 2012-11-08 18:27 . 2012-11-22 11:51 -------- d-----r- c:\program files\Skype 2012-11-08 18:27 . 2012-11-08 18:27 -------- d-----w- c:\program files\Common Files\Skype 2012-11-08 18:27 . 2012-11-22 11:51 -------- d-----w- c:\programdata\Skype 2012-11-08 17:51 . 2012-11-08 17:51 -------- d-----w- c:\program files\Acer 2012-11-08 17:51 . 2012-11-08 17:50 206208 ----a-w- c:\windows\PLFSetI.exe 2012-11-08 17:51 . 2009-12-16 10:13 113264 ----a-w- c:\windows\FixUVC.exe 2012-11-08 17:42 . 2009-12-02 14:52 24576 ----a-w- c:\windows\snuvcdsm.exe 2012-11-08 17:42 . 2009-09-10 14:18 239616 ----a-w- c:\windows\system32\rsnp2uvc.dll 2012-11-08 17:42 . 2009-09-10 13:29 1761280 ----a-w- c:\windows\system32\drivers\snp2uvc.sys 2012-11-08 17:42 . 2008-12-29 12:13 28544 ----a-w- c:\windows\system32\drivers\sncduvc.sys 2012-11-08 17:42 . 2012-11-08 17:42 -------- d-----w- c:\program files\Common Files\SNP2UVC 2012-11-08 17:42 . 2012-11-08 17:42 -------- d-----w- c:\windows\SUYIN NB Cam 2012-11-08 17:42 . 2009-11-20 10:36 94208 ----a-w- c:\windows\PLFSetL.exe 2012-11-08 17:42 . 2012-11-08 17:51 -------- d--h--w- c:\program files\InstallShield Installation Information 2012-11-08 12:52 . 2012-11-08 12:52 -------- d-----w- c:\programdata\Malwarebytes 2012-11-08 12:52 . 2012-11-08 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-08 12:52 . 2012-09-29 14:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-08 12:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-11-08 12:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-11-08 12:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-11-07 04:22 . 2012-11-06 15:34 -------- d-----w- c:\windows\Panther 2012-11-07 01:05 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-07 01:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll 2012-11-07 01:04 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-11-07 01:04 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll 2012-11-07 01:04 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll 2012-11-07 01:04 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll 2012-11-07 01:04 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-11-07 01:04 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll 2012-11-07 01:04 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-11-07 01:04 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll 2012-11-07 01:04 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe 2012-11-07 01:04 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-11-07 00:48 . 2012-10-15 15:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-07 00:48 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-07 00:32 . 2012-11-07 00:42 -------- d-----w- c:\program files\Google 2012-11-06 17:59 . 2012-11-06 17:59 -------- d-----w- c:\program files\Intel 2012-11-06 17:59 . 2012-11-06 17:59 -------- d-----w- C:\Intel 2012-11-06 17:56 . 2012-10-16 20:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD732E4B-D13F-4D53-8442-0DB68E28E5C9}\mpengine.dll 2012-11-06 17:56 . 2012-05-31 06:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-11-06 17:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-11-06 17:20 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-11-06 17:20 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-11-06 17:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-11-06 17:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-11-06 17:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-11-06 17:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-11-06 17:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-11-06 17:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-11-06 17:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-11-06 17:12 . 2012-06-02 10:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-11-06 17:12 . 2012-06-02 10:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-11-06 17:07 . 2010-04-21 13:47 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys 2012-11-06 17:07 . 2012-11-06 17:07 -------- d-----w- c:\program files\EVDO BROADBAND PTCL 2012-11-06 17:06 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-06 17:06 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-06 17:06 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-11-06 17:06 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-06 17:06 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-06 17:06 . 2012-11-29 13:53 -------- d-sh--w- c:\windows\Installer 2012-11-06 17:05 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-06 17:05 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-06 17:05 . 2012-11-06 17:05 -------- d-----w- c:\programdata\Alwil Software 2012-11-06 17:05 . 2012-11-06 17:05 -------- d-----w- c:\program files\Alwil Software 2012-11-06 15:34 . 2012-11-30 19:45 -------- d-----w- c:\users\iamnoob 2012-11-06 15:34 . 2012-11-06 15:34 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-06 18:26 . 2009-07-20 10:30 5958656 ----a-w- c:\windows\system32\drivers\NETw1v32.sys 2012-11-06 18:26 . 2009-07-20 09:13 2756608 ----a-w- c:\windows\system32\NETw1r32.dll 2012-11-06 18:26 . 2009-07-20 09:11 675840 ----a-w- c:\windows\system32\NETw1c32.dll 2012-10-28 11:09 . 2012-10-28 11:09 34016 ----a-w- c:\windows\system32\drivers\tap0901.sys 2012-09-25 08:57 . 2010-04-01 08:30 19560 ----a-w- c:\windows\system32\drivers\cv2k1.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] . c:\users\iamnoob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\iamnoob\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-6 26619512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\VaudiX\sprotector.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics] 2012-11-14 00:17 557149 ----a-w- c:\program files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI] 2012-11-08 17:50 206208 ----a-w- c:\windows\PLFSetI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL] 2009-11-20 10:36 94208 ----a-w- c:\windows\PLFSetL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm] 2009-12-02 14:52 24576 ----a-w- c:\windows\snuvcdsm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 06:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x] R2 Broadband. RunOuc;Broadband. OUC;c:\program files\Broadband\UpdateDog\ouc.exe [x] R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 UDisk Monitor;UDisk Monitor;c:\program files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe [x] R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [x] R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [x] R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x] R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [x] S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - CV2K1 *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 00:32] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 00:32] . 2012-12-01 c:\windows\Tasks\VaudiXUpdaterTask{7DC5EE4F-4C00-487D-A34F-077B97CF1758}.job - c:\programdata\Premium\VaudiX\VaudiX.exe [2012-11-11 14:50] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 4.2.2.1 TCP: Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B}: NameServer = 119.159.255.36 8.8.8.8 TCP: Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4}: NameServer = 119.159.255.36 8.8.8.8 TCP: Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7}: NameServer = 119.159.255.36 TCP: Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF}: NameServer = 203.99.163.240,208.67.222.222 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-BaofengPlatform - c:\program files\Baofeng\StormPlayer\BaofengPlatform.exe MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\st330service] "ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5448) c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Completion time: 2012-12-02 01:35:49 ComboFix-quarantined-files.txt 2012-12-01 20:35 . Pre-Run: 62,497,198,080 bytes free Post-Run: 62,415,138,816 bytes free . - - End Of File - - 779A9C23FEE59B61A4EE576418B7943A

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : iamnoob [Admin rights] Mode : Scan -- Date : 12/02/2012 00:56:53 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] ouc.exe -- C:\ProgramData\Broadband\OnlineUpdate\ouc.exe -> KILLED [TermProc] [sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc] [sUSP PATH] VaudiX.exe -- C:\ProgramData\Premium\VaudiX\VaudiX.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 13 ¤¤¤ [TASK][sUSP PATH] VaudiXUpdaterTask{7DC5EE4F-4C00-487D-A34F-077B97CF1758}.job : C:\ProgramData\Premium\VaudiX\VaudiX.exe /schedule /profilepath "C:\ProgramData\Premium\VaudiX\profile.ini" -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36 8.8.8.8) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++ --- User --- [MBR] 3d3494d314718fa29b77a3b995c031da [bSP] bf1a441159fc0e25446037daca2178a1 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80303 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164667392 | Size: 80000 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 328507392 | Size: 144840 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12022012_02d0056.txt >> RKreport[1]_S_12022012_02d0056.txt

hi sir yesterday i download a file from my email. I know this was fud or what but remote administrative trojan. He wish to get access to my computer through that file. It was not detected by avast antivirus i scan my computer with malwarebytes and didn't detect any thing. but there is one thing i see malewarebyte detect some out going connection two times and block i am going to upload that pictures also. please need suggestion what to do.check the picture also malwarebyte detect dds.txt attach.txt