[check it as soon as possible]

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : iamnoob [Admin rights]

Mode : Scan -- Date : 12/03/2012 16:45:11

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] ouc.exe -- C:\ProgramData\Broadband\OnlineUpdate\ouc.exe -> KILLED [TermProc]

[sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]

[sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++

--- User ---

[MBR] 3d3494d314718fa29b77a3b995c031da

[bSP] bf1a441159fc0e25446037daca2178a1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80303 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164667392 | Size: 80000 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 328507392 | Size: 144840 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_S_12032012_02d1645.txt >>

RKreport[1]_S_12022012_02d0056.txt ; RKreport[2]_S_12032012_02d1645.txt

[check it as soon as possible]

i am sorry but i don't know where is the report of online eset but after scaning zero detection with eset online scanner.

ComboFix.txt

[check it as soon as possible]

its says on every program i run

illegal operation attempt on registry key that has been marked for deletion

what to do should i restart my computer or what

[check it as soon as possible]

when i open combofix.txt

says

illegal operation attempt on registry key that has been marked for deletion

[check it as soon as possible]

ComboFix 12-12-01.02 - iamnoob 12/02/2012 1:20.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1371 [GMT 5:00]

Running from: c:\users\iamnoob\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 12 bytes in 1 streams.

.

((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))

.

.

2012-12-01 20:31 . 2012-12-01 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-01 19:56 . 2012-12-01 19:56 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-12-01 19:55 . 2012-12-01 19:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD732E4B-D13F-4D53-8442-0DB68E28E5C9}\offreg.dll

2012-12-01 18:27 . 2012-12-01 18:27 -------- d-----w- c:\programdata\TamoSoft

2012-12-01 18:27 . 2012-12-01 18:27 -------- d-----w- c:\program files\CommView

2012-11-30 21:30 . 2012-12-01 10:18 -------- d-----w- c:\program files\Exterminate It!

2012-11-29 21:28 . 2012-11-30 19:44 -------- d-----w- c:\program files\Paint.NET

2012-11-29 13:53 . 2012-11-29 13:53 -------- d-----w- c:\program files\Pixlr

2012-11-29 13:53 . 2012-11-29 13:53 -------- d-----w- c:\program files\Common Files\Adobe AIR

2012-11-26 10:05 . 2012-11-26 10:05 -------- d-----w- c:\programdata\Broadband

2012-11-26 10:04 . 2012-11-27 20:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-11-26 10:04 . 2012-11-27 20:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll

2012-11-26 10:02 . 2012-11-27 21:00 -------- d-----w- c:\programdata\DatacardService

2012-11-25 05:57 . 2012-11-25 06:01 -------- d-----w- c:\program files\FDRLab

2012-11-25 05:46 . 2012-11-25 05:46 -------- d-----w- c:\windows\Sun

2012-11-25 05:34 . 2012-11-25 05:56 -------- d-----w- c:\program files\Stealth Keyword Competition Analyzer

2012-11-24 09:26 . 2012-11-24 09:26 -------- d-----w- c:\users\Public\DesktopSuper-AlexaBooster V1.10

2012-11-24 09:26 . 2012-11-24 09:26 -------- d-----w- c:\users\Public\DesktopSuper Alexa Booster

2012-11-24 09:26 . 2012-11-24 09:26 -------- d-----w- c:\program files\Super AlexaBooster

2012-11-24 05:54 . 2012-11-25 06:36 -------- d-----w- c:\programdata\Keyword Sniper Pro

2012-11-24 05:54 . 2008-04-13 21:12 506368 ----a-w- c:\windows\system32\msxml.dll

2012-11-24 05:54 . 2012-11-25 06:36 -------- d-----w- c:\program files\Keyword Sniper Pro

2012-11-24 05:54 . 2008-05-14 17:48 28672 ----a-w- c:\windows\system32\lgpi32.dll

2012-11-24 05:54 . 1997-01-24 11:29 1334032 ----a-w- c:\windows\system32\msvbvm50.dll

2012-11-21 08:15 . 2012-11-21 08:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

2012-11-20 06:00 . 2012-11-20 06:00 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2012-11-20 06:00 . 2012-11-20 06:00 -------- d-----w- c:\programdata\Caphyon

2012-11-20 05:59 . 2012-11-20 11:12 -------- d-----w- c:\program files\spotflux

2012-11-20 05:58 . 2012-11-20 05:58 -------- d-----w- c:\program files\Common Files\Java

2012-11-20 05:57 . 2012-11-20 05:57 -------- d-----w- c:\program files\Oracle

2012-11-20 05:57 . 2012-05-04 14:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-20 05:57 . 2012-05-04 14:29 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-20 05:56 . 2012-11-20 05:56 -------- d-----w- c:\program files\Java

2012-11-14 00:43 . 2012-11-14 00:43 -------- d-----w- c:\program files\Foxit Software

2012-11-14 00:17 . 2012-11-14 00:17 32000 ----a-w- c:\windows\system32\drivers\stppp.sys

2012-11-14 00:17 . 2012-11-14 00:17 30464 ----a-w- c:\windows\system32\drivers\st330.sys

2012-11-14 00:17 . 2012-11-14 00:17 16128 ----a-w- c:\windows\system32\drivers\lpwdm.sys

2012-11-14 00:17 . 2012-11-14 00:17 12672 ----a-w- c:\windows\system32\drivers\stbus.sys

2012-11-14 00:13 . 2012-11-14 00:13 -------- d-----w- c:\program files\Thomson SpeedTouch

2012-11-12 15:08 . 2012-11-12 15:08 -------- d-----w- c:\program files\Microsoft Works

2012-11-12 15:07 . 2012-11-24 21:08 -------- d-----w- c:\program files\Microsoft.NET

2012-11-12 15:07 . 2012-11-12 15:07 -------- d-----w- c:\windows\PCHEALTH

2012-11-12 15:06 . 2012-11-12 15:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-11-12 15:05 . 2012-11-12 15:10 -------- d-----w- c:\programdata\Microsoft Help

2012-11-12 15:04 . 2012-11-12 15:04 -------- d-----r- C:\MSOCache

2012-11-12 10:09 . 2012-11-12 10:09 -------- d-----w- c:\program files\TheBestSpinner3

2012-11-11 22:15 . 2012-11-11 22:15 -------- d-----w- c:\program files\Notepad++

2012-11-11 21:04 . 2012-11-11 21:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-11 21:04 . 2012-11-11 21:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-11 21:04 . 2012-11-11 21:04 -------- d-----w- c:\windows\system32\Macromed

2012-11-11 17:52 . 2012-11-11 17:52 -------- d-----w- c:\program files\VaudiX

2012-11-11 17:51 . 2012-11-11 17:52 -------- d-----w- c:\programdata\Premium

2012-11-11 00:03 . 2012-11-11 00:03 -------- d-----w- c:\programdata\Persist

2012-11-10 19:26 . 2012-11-11 17:52 -------- d-----w- c:\programdata\InstallMate

2012-11-08 18:27 . 2012-11-22 11:51 -------- d-----r- c:\program files\Skype

2012-11-08 18:27 . 2012-11-08 18:27 -------- d-----w- c:\program files\Common Files\Skype

2012-11-08 18:27 . 2012-11-22 11:51 -------- d-----w- c:\programdata\Skype

2012-11-08 17:51 . 2012-11-08 17:51 -------- d-----w- c:\program files\Acer

2012-11-08 17:51 . 2012-11-08 17:50 206208 ----a-w- c:\windows\PLFSetI.exe

2012-11-08 17:51 . 2009-12-16 10:13 113264 ----a-w- c:\windows\FixUVC.exe

2012-11-08 17:42 . 2009-12-02 14:52 24576 ----a-w- c:\windows\snuvcdsm.exe

2012-11-08 17:42 . 2009-09-10 14:18 239616 ----a-w- c:\windows\system32\rsnp2uvc.dll

2012-11-08 17:42 . 2009-09-10 13:29 1761280 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2012-11-08 17:42 . 2008-12-29 12:13 28544 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2012-11-08 17:42 . 2012-11-08 17:42 -------- d-----w- c:\program files\Common Files\SNP2UVC

2012-11-08 17:42 . 2012-11-08 17:42 -------- d-----w- c:\windows\SUYIN NB Cam

2012-11-08 17:42 . 2009-11-20 10:36 94208 ----a-w- c:\windows\PLFSetL.exe

2012-11-08 17:42 . 2012-11-08 17:51 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-11-08 12:52 . 2012-11-08 12:52 -------- d-----w- c:\programdata\Malwarebytes

2012-11-08 12:52 . 2012-11-08 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-08 12:52 . 2012-09-29 14:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-08 12:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-11-08 12:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-11-08 12:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-11-07 04:22 . 2012-11-06 15:34 -------- d-----w- c:\windows\Panther

2012-11-07 01:05 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-07 01:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-11-07 01:04 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-11-07 01:04 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-11-07 01:04 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-11-07 01:04 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-11-07 01:04 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-11-07 01:04 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll

2012-11-07 01:04 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-11-07 01:04 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-11-07 01:04 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2012-11-07 01:04 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-11-07 00:48 . 2012-10-15 15:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-07 00:48 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-07 00:32 . 2012-11-07 00:42 -------- d-----w- c:\program files\Google

2012-11-06 17:59 . 2012-11-06 17:59 -------- d-----w- c:\program files\Intel

2012-11-06 17:59 . 2012-11-06 17:59 -------- d-----w- C:\Intel

2012-11-06 17:56 . 2012-10-16 20:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD732E4B-D13F-4D53-8442-0DB68E28E5C9}\mpengine.dll

2012-11-06 17:56 . 2012-05-31 06:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-06 17:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-11-06 17:20 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-11-06 17:20 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-11-06 17:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-11-06 17:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-11-06 17:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-11-06 17:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-11-06 17:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-11-06 17:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-11-06 17:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-11-06 17:12 . 2012-06-02 10:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-06 17:12 . 2012-06-02 10:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-11-06 17:07 . 2010-04-21 13:47 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys

2012-11-06 17:07 . 2012-11-06 17:07 -------- d-----w- c:\program files\EVDO BROADBAND PTCL

2012-11-06 17:06 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-11-06 17:06 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-11-06 17:06 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-11-06 17:06 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-11-06 17:06 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-11-06 17:06 . 2012-11-29 13:53 -------- d-sh--w- c:\windows\Installer

2012-11-06 17:05 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-11-06 17:05 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-11-06 17:05 . 2012-11-06 17:05 -------- d-----w- c:\programdata\Alwil Software

2012-11-06 17:05 . 2012-11-06 17:05 -------- d-----w- c:\program files\Alwil Software

2012-11-06 15:34 . 2012-11-30 19:45 -------- d-----w- c:\users\iamnoob

2012-11-06 15:34 . 2012-11-06 15:34 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-06 18:26 . 2009-07-20 10:30 5958656 ----a-w- c:\windows\system32\drivers\NETw1v32.sys

2012-11-06 18:26 . 2009-07-20 09:13 2756608 ----a-w- c:\windows\system32\NETw1r32.dll

2012-11-06 18:26 . 2009-07-20 09:11 675840 ----a-w- c:\windows\system32\NETw1c32.dll

2012-10-28 11:09 . 2012-10-28 11:09 34016 ----a-w- c:\windows\system32\drivers\tap0901.sys

2012-09-25 08:57 . 2010-04-01 08:30 19560 ----a-w- c:\windows\system32\drivers\cv2k1.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-05 23:12 94208 ----a-w- c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]

.

c:\users\iamnoob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\iamnoob\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-6 26619512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\VaudiX\sprotector.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]

2012-11-14 00:17 557149 ----a-w- c:\program files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]

2012-11-08 17:50 206208 ----a-w- c:\windows\PLFSetI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]

2009-11-20 10:36 94208 ----a-w- c:\windows\PLFSetL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm]

2009-12-02 14:52 24576 ----a-w- c:\windows\snuvcdsm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 06:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]

R2 Broadband. RunOuc;Broadband. OUC;c:\program files\Broadband\UpdateDog\ouc.exe [x]

R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R2 UDisk Monitor;UDisk Monitor;c:\program files\EVDO BROADBAND PTCL\bin\MonServiceUDisk.exe [x]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]

R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [x]

R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [x]

R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [x]

S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - CV2K1

*NewlyCreated* - TRUESIGHT

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 00:32]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 00:32]

.

2012-12-01 c:\windows\Tasks\VaudiXUpdaterTask{7DC5EE4F-4C00-487D-A34F-077B97CF1758}.job

- c:\programdata\Premium\VaudiX\VaudiX.exe [2012-11-11 14:50]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 4.2.2.1

TCP: Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B}: NameServer = 119.159.255.36 8.8.8.8

TCP: Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4}: NameServer = 119.159.255.36 8.8.8.8

TCP: Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7}: NameServer = 119.159.255.36

TCP: Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF}: NameServer = 203.99.163.240,208.67.222.222

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-BaofengPlatform - c:\program files\Baofeng\StormPlayer\BaofengPlatform.exe

MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\st330service]

"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5448)

c:\users\iamnoob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Completion time: 2012-12-02 01:35:49

ComboFix-quarantined-files.txt 2012-12-01 20:35

.

Pre-Run: 62,497,198,080 bytes free

Post-Run: 62,415,138,816 bytes free

.

- - End Of File - - 779A9C23FEE59B61A4EE576418B7943A

[check it as soon as possible]

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : iamnoob [Admin rights]

Mode : Scan -- Date : 12/02/2012 00:56:53

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] ouc.exe -- C:\ProgramData\Broadband\OnlineUpdate\ouc.exe -> KILLED [TermProc]

[sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]

[sUSP PATH] VaudiX.exe -- C:\ProgramData\Premium\VaudiX\VaudiX.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[TASK][sUSP PATH] VaudiXUpdaterTask{7DC5EE4F-4C00-487D-A34F-077B97CF1758}.job : C:\ProgramData\Premium\VaudiX\VaudiX.exe /schedule /profilepath "C:\ProgramData\Premium\VaudiX\profile.ini" -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{25347A4F-DA88-49EA-9B2E-C2FBBEF62F3B} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3EF3295D-ADE4-4B0E-86F4-7719FBD610F4} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{71DC5600-291B-41DD-AFC4-AE2546950FB7} : NameServer (119.159.255.36 8.8.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A3AF4DD0-55AB-418C-9A51-6A1F3D8F6FAF} : NameServer (203.99.163.240,208.67.222.222) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++

--- User ---

[MBR] 3d3494d314718fa29b77a3b995c031da

[bSP] bf1a441159fc0e25446037daca2178a1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80303 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164667392 | Size: 80000 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 328507392 | Size: 144840 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12022012_02d0056.txt >>

RKreport[1]_S_12022012_02d0056.txt

[check it as soon as possible]

hi sir yesterday i download a file from my email. I know this was fud or what but remote administrative trojan.

He wish to get access to my computer through that file. It was not detected by avast antivirus i scan my computer with malwarebytes and didn't detect any thing. but there is one thing i see malewarebyte detect some out going connection two times and block i am going to upload that pictures also.

please need suggestion what to do.check the picture also malwarebyte detect

dds.txt

attach.txt