[Resolved] Antivirus Not Running Options

[nips]

I cant run Avira or install MBAM or SAS. This is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:11 PM, on 12/23/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users\Nipuna\Desktop\Log-Analyzer.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfreeflashgames.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6064 bytes


Any idea why?

Thanks

[HKEd]

Hi nips...nothing showing in the log, although you should fix this line:

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Let's see if RSIT shows anything. Download RSIT to the desktop and run it there. Post the main log it generates (Log.txt).

[nips]

Thanks HKed

Deleted the line.

RSIT Log: I did 1 month ago as it happened today.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nipuna at 2009-12-23 17:18:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 39 GB (13%) free of 305 GB
Total RAM: 2045 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:21 PM, on 12/23/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nipuna\Downloads\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Nipuna\Desktop\Nipuna.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfreeflashgames.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6030 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{BA43CEDA-377C-49D8-BE68-EB28272E823D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-25 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-04-14 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-04-14 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2009-04-14 641568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Nipuna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2009-05-23 139776]

C:\Users\Nipuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2009-01-29 70960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3f111c-eb50-11de-8f11-0019d1738d86}]
shell\AutoRun\command - G:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-23 17:18:19 ----D---- C:\rsit
2009-12-23 16:39:43 ----D---- C:\Program Files\ESET
2009-12-23 16:32:01 ----D---- C:\Users\Nipuna\AppData\Roaming\QuickScan
2009-12-23 16:10:54 ----A---- C:\Windows\ntbtlog.txt
2009-12-23 16:05:22 ----D---- C:\Windows\Minidump
2009-12-23 15:31:16 ----A---- C:\Windows\system32\krl32mainweq.dll
2009-12-23 15:29:41 ----A---- C:\ProgramData\sysReserve.ini
2009-12-18 11:35:17 ----D---- C:\Program Files\MagicDisc
2009-12-18 11:33:21 ----D---- C:\Program Files\MagicISO
2009-12-16 12:02:39 ----A---- C:\Windows\Runservice.exe
2009-12-16 12:02:39 ----A---- C:\Windows\mmfs.dll
2009-12-16 12:01:27 ----D---- C:\Program Files\Cricket Coach 2009
2009-12-16 11:54:57 ----D---- C:\Users\Nipuna\AppData\Roaming\HandBrake
2009-12-16 11:54:53 ----D---- C:\Program Files\Handbrake
2009-12-12 03:04:37 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 03:04:35 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 17:31:23 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 17:31:22 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 17:31:21 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 17:31:21 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 17:31:21 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\occache.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-10 17:31:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-10 17:31:20 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iesetup.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iernonce.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iepeers.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-10 17:30:54 ----A---- C:\Windows\system32\rastls.dll
2009-11-28 11:40:10 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-11-28 11:39:30 ----D---- C:\Program Files\DAEMON Tools Lite
2009-11-28 11:39:25 ----D---- C:\Users\Nipuna\AppData\Roaming\DAEMON Tools Lite
2009-11-28 11:38:16 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-11-28 08:41:01 ----D---- C:\Program Files\EA GAMES
2009-11-28 08:41:00 ----RA---- C:\Windows\system32\vp6vfw.dll
2009-11-27 19:10:23 ----A---- C:\Windows\mp3recorder.INI
2009-11-27 19:10:12 ----D---- C:\Program Files\Sound Recorder Pro
2009-11-26 06:53:43 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:13:36 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:13:35 ----A---- C:\Windows\system32\msxml3.dll

======List of files/folders modified in the last 1 months======

2009-12-23 17:17:45 ----D---- C:\Windows\Temp
2009-12-23 16:49:00 ----D---- C:\Program Files\Mozilla Firefox
2009-12-23 16:40:07 ----D---- C:\Windows\Prefetch
2009-12-23 16:39:43 ----RD---- C:\Program Files
2009-12-23 16:33:42 ----D---- C:\Windows\System32
2009-12-23 16:33:42 ----D---- C:\Windows\inf
2009-12-23 16:33:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-23 16:10:54 ----D---- C:\Windows
2009-12-23 15:30:11 ----D---- C:\Windows\system32\drivers
2009-12-23 15:29:41 ----HD---- C:\ProgramData
2009-12-23 12:26:02 ----SHD---- C:\System Volume Information
2009-12-22 12:33:19 ----D---- C:\Program Files\Messenger Plus! Live
2009-12-18 12:26:59 ----D---- C:\Users\Nipuna\AppData\Roaming\uTorrent
2009-12-18 09:18:49 ----D---- C:\Windows\system32\WDI
2009-12-17 23:05:22 ----D---- C:\Program Files\TurboIRC 7
2009-12-16 12:01:41 ----SHD---- C:\Windows\Installer
2009-12-16 11:59:11 ----SD---- C:\Users\Nipuna\AppData\Roaming\Microsoft
2009-12-16 09:21:07 ----D---- C:\Windows\system32\catroot2
2009-12-12 03:05:24 ----D---- C:\Windows\winsxs
2009-12-12 03:05:12 ----D---- C:\Windows\system32\catroot
2009-12-12 03:03:59 ----D---- C:\ProgramData\Microsoft Help
2009-12-11 23:30:35 ----D---- C:\Windows\rescache
2009-12-11 23:13:26 ----D---- C:\Windows\system32\migration
2009-12-11 23:13:24 ----D---- C:\Windows\system32\en-US
2009-12-11 23:13:24 ----D---- C:\Program Files\Internet Explorer
2009-12-11 18:56:31 ----D---- C:\Windows\Debug
2009-12-11 14:53:38 ----D---- C:\Program Files\Windows Mail
2009-12-06 08:09:20 ----D---- C:\ProgramData\NVIDIA
2009-12-03 12:52:39 ----A---- C:\Windows\NeroDigital.ini
2009-12-02 07:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-27 21:17:55 ----D---- C:\Users\Nipuna\AppData\Roaming\ImgBurn
2009-11-26 17:23:41 ----D---- C:\Users\Nipuna\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-07-28 28520]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-14 7766464]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 ax45oppa;ax45oppa; C:\Windows\system32\drivers\ax45oppa.sys []
S3 axwgtinh;axwgtinh; C:\Windows\system32\drivers\axwgtinh.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2009-12-16 2560]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-04-14 207392]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-20 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-28 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-18 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-20 361216]

-----------------EOF-----------------

[HKEd]

Hi nips...sorry for the delay in replying. My computer's power supply died yesterday.

Read the instructions for using Combofix. Post the log when done.

[nips]

It's ok, umm it says that "ComboFix.exe stopped working". The same thing happens with Avira. MBAM doesnt even start the installation. Just to let you know there are 2 "iexplorer.exe" in Windows Task manager and I havent even opened it. After i end it, it reappears in like 5 seconds.

Nipuna

[HKEd]

I suspect one of the files showing in RSIT is running invisibly, stopping Combofix from running..

Download The Avenger to your desktop and unzip it to there.

Run it and copy/paste the contents of the code box to the section under 'Input script here':

CODE

Files todelete:
C:\Windows\system32\krl32mainweq.dll
C:\ProgramData\sysReserve.ini

Click on Execute and reboot when prompted. See if Combofix will run.

Post the Avenger log and a fresh RSIT log.

[nips]

Still not running mate.

Logs:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Thu Dec 24 15:57:45 2009

15:57:45: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTevxxfrncdx.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\Windows\system32\krl32mainweq.dll" deleted successfully.
File "C:\ProgramData\sysReserve.ini" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nipuna at 2009-12-24 16:01:06
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 38 GB (13%) free of 305 GB
Total RAM: 2045 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:35 PM, on 12/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nipuna\Downloads\RSIT(2).exe
C:\Users\Nipuna\Desktop\Nipuna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfreeflashgames.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6121 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{BA43CEDA-377C-49D8-BE68-EB28272E823D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-25 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-04-14 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-04-14 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-12-24 2749984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2009-04-14 641568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Nipuna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2009-05-23 139776]

C:\Users\Nipuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2009-01-29 70960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3f111c-eb50-11de-8f11-0019d1738d86}]
shell\AutoRun\command - G:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-24 15:58:26 ----D---- C:\Avenger
2009-12-24 15:57:45 ----A---- C:\avenger.txt
2009-12-24 13:20:16 ----D---- C:\ProgramData\Hagel Technologies
2009-12-24 13:20:15 ----D---- C:\Program Files\DU Meter
2009-12-24 12:28:10 ----A---- C:\Windows\ntbtlog.txt
2009-12-23 17:18:19 ----D---- C:\rsit
2009-12-23 16:39:43 ----D---- C:\Program Files\ESET
2009-12-23 16:32:01 ----D---- C:\Users\Nipuna\AppData\Roaming\QuickScan
2009-12-23 16:05:22 ----D---- C:\Windows\Minidump
2009-12-18 11:35:17 ----D---- C:\Program Files\MagicDisc
2009-12-18 11:33:21 ----D---- C:\Program Files\MagicISO
2009-12-16 12:02:39 ----A---- C:\Windows\Runservice.exe
2009-12-16 12:02:39 ----A---- C:\Windows\mmfs.dll
2009-12-16 12:01:27 ----D---- C:\Program Files\Cricket Coach 2009
2009-12-16 11:54:57 ----D---- C:\Users\Nipuna\AppData\Roaming\HandBrake
2009-12-16 11:54:53 ----D---- C:\Program Files\Handbrake
2009-12-12 03:04:37 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 03:04:35 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 17:31:23 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 17:31:22 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 17:31:21 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 17:31:21 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 17:31:21 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\occache.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-10 17:31:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-10 17:31:20 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iesetup.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iernonce.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iepeers.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-10 17:31:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-10 17:30:54 ----A---- C:\Windows\system32\rastls.dll
2009-11-28 11:40:10 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-11-28 11:39:30 ----D---- C:\Program Files\DAEMON Tools Lite
2009-11-28 11:39:25 ----D---- C:\Users\Nipuna\AppData\Roaming\DAEMON Tools Lite
2009-11-28 11:38:16 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-11-28 08:41:01 ----D---- C:\Program Files\EA GAMES
2009-11-28 08:41:00 ----RA---- C:\Windows\system32\vp6vfw.dll
2009-11-27 19:10:23 ----A---- C:\Windows\mp3recorder.INI
2009-11-27 19:10:12 ----D---- C:\Program Files\Sound Recorder Pro
2009-11-26 06:53:43 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:13:36 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:13:35 ----A---- C:\Windows\system32\msxml3.dll

======List of files/folders modified in the last 1 months======

2009-12-24 16:01:15 ----D---- C:\Windows\Prefetch
2009-12-24 16:01:07 ----D---- C:\Windows\Temp
2009-12-24 15:59:51 ----D---- C:\Program Files\Mozilla Firefox
2009-12-24 15:59:42 ----D---- C:\Windows\System32
2009-12-24 15:58:26 ----RD---- C:\Program Files
2009-12-24 15:58:26 ----HD---- C:\ProgramData
2009-12-24 15:58:26 ----D---- C:\Windows\system32\drivers
2009-12-24 13:45:07 ----D---- C:\Users\Nipuna\AppData\Roaming\uTorrent
2009-12-24 13:20:15 ----D---- C:\Program Files\Windows Sidebar
2009-12-24 12:37:08 ----D---- C:\Windows\inf
2009-12-24 12:37:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-24 12:28:10 ----D---- C:\Windows
2009-12-23 12:26:02 ----SHD---- C:\System Volume Information
2009-12-22 12:33:19 ----D---- C:\Program Files\Messenger Plus! Live
2009-12-18 09:18:49 ----D---- C:\Windows\system32\WDI
2009-12-17 23:05:22 ----D---- C:\Program Files\TurboIRC 7
2009-12-16 12:01:41 ----SHD---- C:\Windows\Installer
2009-12-16 11:59:11 ----SD---- C:\Users\Nipuna\AppData\Roaming\Microsoft
2009-12-16 09:21:07 ----D---- C:\Windows\system32\catroot2
2009-12-12 03:05:24 ----D---- C:\Windows\winsxs
2009-12-12 03:05:12 ----D---- C:\Windows\system32\catroot
2009-12-12 03:03:59 ----D---- C:\ProgramData\Microsoft Help
2009-12-11 23:30:35 ----D---- C:\Windows\rescache
2009-12-11 23:13:26 ----D---- C:\Windows\system32\migration
2009-12-11 23:13:24 ----D---- C:\Windows\system32\en-US
2009-12-11 23:13:24 ----D---- C:\Program Files\Internet Explorer
2009-12-11 18:56:31 ----D---- C:\Windows\Debug
2009-12-11 14:53:38 ----D---- C:\Program Files\Windows Mail
2009-12-06 08:09:20 ----D---- C:\ProgramData\NVIDIA
2009-12-03 12:52:39 ----A---- C:\Windows\NeroDigital.ini
2009-12-02 07:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-27 21:17:55 ----D---- C:\Users\Nipuna\AppData\Roaming\ImgBurn
2009-11-26 17:23:41 ----D---- C:\Users\Nipuna\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-07-28 28520]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-14 7766464]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 a2nnzb8u;a2nnzb8u; C:\Windows\system32\drivers\a2nnzb8u.sys []
S3 aqht0xvf;aqht0xvf; C:\Windows\system32\drivers\aqht0xvf.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-09-04 1391136]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2009-12-16 2560]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-04-14 207392]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-20 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-28 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-18 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-20 361216]

-----------------EOF-----------------

[HKEd]

Nasty rootkit. You should know better than to get one of those!

Download GMER to the desktop. It will arrive as a randomly-named file. Run GMER and let it do an initial scan. Do not click the Scan button if it finds the rootkit - just click on the Copy button, then Save and post the log file.

If the rootkit is not flagged in the initial scan, click the Scan button, then Copy and Save after the scan completes.

I'll try to check back later, but have lots of Christmassy things to do (and no computer).

[nips]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-24 18:04:17
Windows 6.0.6002 Service Pack 2
Running: 6iylu4d5.exe; Driver: C:\Users\Nipuna\AppData\Local\Temp\awryqpog.sys


---- System - GMER 1.0.15 ----

Code 86B402D8 ZwEnumerateKey
Code 85B6BD10 ZwFlushInstructionCache
Code 8634A045 IofCallDriver
Code 86D30A9E IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8501C1F8

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\H8SRTevxxfrncdx.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


Thanks mate, and have a merry Christmas.

[nips]

I also have abit of good news, iexplorer doesnt show up in Windows task manager anymore.

[HKEd]

Run Avenger and use this code:

CODE

Drivers to delete:
H8SRTd.sys

Files to delete:
C:\Windows\system32\drivers\H8SRTevxxfrncdx.sys

Roboot when prompted, then see if you can run MBAM or Combofix. Post the logs (including Avenger).

[nips]

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTevxxfrncdx.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "H8SRTd.sys" deleted successfully.
File "C:\Windows\system32\drivers\H8SRTevxxfrncdx.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

I am running Combofix, and then I'll run MBAM, I'll post there logs later.

[nips]

ComboFix 09-12-23.02 - Nipuna 12/24/2009 18:39:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1334 [GMT 11:00]
Running from: c:\users\Nipuna\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Cheat Engine\dbk32.sys
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\users\Nipuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\system32\H8SRTnmxpfbupni.dat
c:\windows\system32\H8SRTosndopowix.dll
c:\windows\system32\H8SRTrmoypjbmbm.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 02:20 . 2009-12-24 02:20 -------- d-----w- c:\programdata\Hagel Technologies
2009-12-24 02:20 . 2009-12-24 02:20 -------- d-----w- c:\program files\DU Meter
2009-12-23 06:18 . 2009-12-24 05:01 -------- d-----w- C:\rsit
2009-12-23 05:39 . 2009-12-23 05:39 -------- d-----w- c:\program files\ESET
2009-12-23 05:32 . 2009-12-23 05:33 -------- d-----w- c:\users\Nipuna\AppData\Roaming\QuickScan
2009-12-23 05:31 . 2009-12-18 07:33 684032 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-23 05:31 . 2009-12-18 07:32 776704 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-23 04:59 . 2009-12-24 01:29 680 ----a-w- c:\users\Nipuna\AppData\Local\d3d9caps.dat
2009-12-18 00:35 . 2009-02-24 07:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-12-18 00:35 . 2009-12-18 00:36 -------- d-----w- c:\program files\MagicDisc
2009-12-18 00:33 . 2009-12-18 00:33 -------- d-----w- c:\program files\MagicISO
2009-12-16 01:02 . 2009-12-24 07:35 1385 --sha-w- c:\windows\system32\mmf.sys
2009-12-16 01:02 . 2009-12-16 01:02 48640 ----a-w- c:\windows\mmfs.dll
2009-12-16 01:02 . 2009-12-16 01:02 2560 ----a-w- c:\windows\Runservice.exe
2009-12-16 01:01 . 2009-12-16 08:53 -------- d-----w- c:\program files\Cricket Coach 2009
2009-12-16 00:55 . 2009-12-16 00:55 -------- d-----w- c:\users\Nipuna\AppData\Local\HandBrake
2009-12-16 00:54 . 2009-12-16 00:55 -------- d-----w- c:\users\Nipuna\AppData\Roaming\HandBrake
2009-12-16 00:54 . 2009-12-16 00:54 -------- d-----w- c:\program files\Handbrake
2009-12-11 16:04 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 16:04 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 16:04 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 06:30 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-28 00:40 . 2009-11-28 00:40 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-28 00:39 . 2009-11-28 00:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-28 00:39 . 2009-11-28 00:43 -------- d-----w- c:\users\Nipuna\AppData\Roaming\DAEMON Tools Lite
2009-11-28 00:38 . 2009-11-28 00:39 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-27 21:41 . 2009-12-18 00:37 -------- d-----w- c:\program files\EA GAMES
2009-11-27 21:41 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-11-27 08:10 . 2009-11-27 08:34 -------- d-----w- c:\program files\Sound Recorder Pro
2009-11-25 19:53 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 06:13 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 06:13 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 07:46 . 2009-10-27 09:41 -------- d-----w- c:\program files\Cheat Engine
2009-12-24 02:45 . 2009-06-19 08:18 -------- d-----w- c:\users\Nipuna\AppData\Roaming\uTorrent
2009-12-24 02:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-22 01:33 . 2009-08-17 11:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-17 12:05 . 2009-11-16 06:58 -------- d-----w- c:\program files\TurboIRC 7
2009-12-11 16:03 . 2009-06-17 08:56 -------- d-----w- c:\programdata\Microsoft Help
2009-12-11 03:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 06:09 . 2009-07-28 08:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-05 21:09 . 2009-06-14 10:23 -------- d-----w- c:\programdata\NVIDIA
2009-11-28 00:39 . 2009-06-24 00:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-27 10:17 . 2009-06-16 10:29 -------- d-----w- c:\users\Nipuna\AppData\Roaming\ImgBurn
2009-11-26 06:23 . 2009-06-14 09:11 -------- d-----w- c:\users\Nipuna\AppData\Roaming\Apple Computer
2009-11-21 06:40 . 2009-12-10 06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 06:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 06:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 06:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 20:30 . 2009-11-15 00:57 -------- d-----w- c:\program files\Virtual PDF Printer
2009-11-20 10:00 . 2009-07-14 06:32 -------- d-----w- c:\users\Nipuna\AppData\Roaming\dvdcss
2009-11-18 10:48 . 2009-11-18 10:48 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 10:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 10:48 . 2009-11-18 10:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 10:48 . 2009-11-18 10:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 07:00 . 2009-11-16 07:00 -------- d-----w- c:\programdata\TurboIRC 7
2009-11-16 07:00 . 2009-11-16 07:00 -------- d-----w- c:\users\Nipuna\AppData\Roaming\TurboIRC 7
2009-11-05 00:14 . 2009-11-05 00:14 -------- d-----w- c:\program files\Motherload
2009-11-02 09:42 . 2009-10-03 01:35 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 02:33 . 2009-11-02 07:51 545280 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-10-20 02:33 . 2009-11-02 07:51 4716544 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-10-20 02:33 . 2009-11-02 07:51 344064 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-10-20 02:33 . 2009-11-02 07:51 153600 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-10-20 02:33 . 2009-11-02 07:51 103424 ----a-w- c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-10-08 21:08 . 2009-11-18 06:29 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 06:29 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 06:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-03 11:25 . 2009-09-28 08:50 183736 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-03 10:39 . 2009-06-14 07:29 116272 ----a-w- c:\users\Nipuna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-01 01:02 . 2009-11-18 06:31 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 06:31 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 06:31 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 06:31 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 06:31 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 06:31 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 06:31 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 06:31 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 06:31 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 06:31 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 06:31 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 06:31 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 06:31 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 06:31 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 06:31 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 06:31 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 08:01 . 2009-09-28 08:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-12-24 2749984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-13 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-13 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Nipuna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Nipuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 07:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 21:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 06:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-04-13 15:33 641568 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 15:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9b,21,8c,9a,bd,f3,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-23713497-2155628975-2567067773-1000]
"EnableNotificationsRef"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/28/2009 7:47 PM 108289]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [12/24/2009 1:20 PM 1391136]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 9:25 PM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 9:25 PM 251904]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6/24/2009 11:49 AM 691696]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [12/16/2009 12:02 PM 2560]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/3/2009 3:03 PM 1527900]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/16/2009 6:24 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.getfreeflashgames.com/search.html
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Nipuna\AppData\Roaming\Mozilla\Firefox\Profiles\ogsh8ibn.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
AddRemove-HijackThis - c:\users\Nipuna\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 18:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \C6F447273BC65EF0]
"1"=hex:af,49,68,4a,a1,03,67,91,19,71,84,cd,48,2c,98,f8,ee,08,c6,eb,cb,98,eb,
30,ad,8c,c5,8a,3e,53,91,13
"2"=hex:58,11,50,42,2e,f2,55,51,6f,f7,9a,ef,6b,f3,36,21,ec,a7,58,e2,e8,c3,4d,
78,80,c1,ec,38,21,d8,13,6c
"3"=hex:af,49,68,4a,a1,03,67,91,19,71,84,cd,48,2c,98,f8,e7,e9,9a,5d,76,44,f3,
e8,cb,fa,f8,8a,c7,df,0f,18,db,65,d2,ff,d4,73,8c,c0,e1,dd,91,71,a1,e6,83,ee,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \C6F447273BC65EF0\3B10FE43EE8F2AE67A30BA813D06F57B]
"1"=hex:8c,de,d0,aa,f8,58,db,1b,5a,48,bb,3c,bc,6d,16,45,21,43,6d,05,a3,3c,8f,
2b
"2"=hex:82,31,18,be,71,1b,7b,e3
"3"=hex:2e,45,f1,36,f4,ed,a1,8a,91,b7,7a,42,22,dd,c5,40,37,b6,3c,71,a0,f9,42,
af,b8,d3,cc,13,73,4b,e5,e0,4a,dc,05,23,9c,7b,9e,6f,bb,34,aa,73,ef,48,0c,d1,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6a,4d,32,af,9b,17,71,13,52,10,11,6f,ee,ee,e8,3f,c5,9b,ac,2f,78,86,37,
0e,3e,4d,65,e7,51,3f,ab,e5,6f,a6,24,2f,50,d1,35,8a,dd,60,ba,19,dd,bd,d0,a5,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,bf,0c,1a,52,a6,e7,1b,
f8,8f,ad,2f,ee,2b,2a,17,6b,cf,82,5e,36,77,6d,37,61,05,3a,e2,28,28,8a,de,7a,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:f8,fe,42,b7,de,5f,ba,f0
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-24 18:49:39
ComboFix-quarantined-files.txt 2009-12-24 07:49

Pre-Run: 39,925,264,384 bytes free
Post-Run: 39,898,669,056 bytes free

- - End Of File - - AC34E35C207D8152B56EAF29BB5923BB


Running MBAM right now, will post it after its done.

[nips]

Malwarebytes' Anti-Malware 1.42
Database version: 3423
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/24/2009 7:58:27 PM
mbam-log-2009-12-24 (19-58-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 289213
Time elapsed: 1 hour(s), 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\PlayMP3z\PlayMP3.exe.vir (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTosndopowix.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTrmoypjbmbm.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nipuna\Documents\Programs\Security Software\Malwarebytes\Keygen.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou\uninstall.exe (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.


Thanks HKEd, You helped alot, again. I'll be sure to watch out next time. MY computer is performing better now.

[HKEd]

Start > Run > combofix /u to uninstall CF.

Have a good Christmas, and be safe.

[nips]

Yup, done , Merry Christmas to you too!