All right, here is the new ComboFix Log
ComboFix 12-05-31.03 - Dad 01/06/2012 0:33.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1259 [GMT -6:00]
Running from: c:\users\Dad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dad\AppData\Roaming\.#
c:\users\Dad\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 06:45 . 2012-06-01 06:45 -------- d-----w- c:\users\Dad\AppData\Local\temp
2012-05-29 20:09 . 2012-05-29 20:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-27 03:34 . 2012-05-27 03:34 -------- d-----w- c:\users\Dad\AppData\Roaming\Oberon Media
2012-05-27 03:34 . 2012-05-27 03:59 -------- d-----w- c:\program files\Oberon Media SIDR
2012-05-27 03:17 . 2012-05-27 03:34 -------- d-----w- c:\programdata\Oberon Media
2012-05-27 00:55 . 2012-05-27 00:55 -------- d-----w- C:\TEMP
2012-05-17 01:02 . 2012-05-17 01:02 -------- d-----w- C:\_OTM
2012-05-05 17:08 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 17:08 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 16:48 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-05-05 16:47 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-05 16:47 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-05-05 16:47 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-05 16:47 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-05 16:47 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-05 16:47 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-05 16:47 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-05 16:47 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-05 16:47 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 20:58 . 2011-06-03 15:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 21:56 . 2011-12-17 07:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 03:59 . 2012-03-18 03:10 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-03-18 03:59 . 2012-03-18 03:59 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-03-18 03:59 . 2012-03-18 03:10 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-03-18 03:10 . 2012-03-18 03:10 138056 ----a-w- c:\users\Dad\AppData\Roaming\PnkBstrK.sys
2012-03-18 03:10 . 2012-03-18 03:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-03-11 21:13 . 2011-12-20 01:59 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-12-20 01:59 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-12-20 01:59 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-20 01:59 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-20 01:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-20 01:58 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-07 00:15 . 2011-07-16 05:08 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-07-16 05:08 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-07-16 05:10 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-07-16 05:10 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-07-16 05:10 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-07-16 05:10 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-07-16 05:10 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-07-16 05:10 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-26 17:05 . 2011-03-24 02:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-31 3905920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-10-01 323584]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2010-12-28 2392064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-09-06 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 20:58]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 19:41]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
www.google.com/ig?brand=ACAW&bmod=ACUS
uDefault_Search_URL = hxxp://
www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://
www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd2ebf0&I=23&tp=ab&nt=1&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-06-01 00:45
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(7276)
c:\windows\system32\guard32.dll
.
Completion time: 2012-06-01 00:49:18
ComboFix-quarantined-files.txt 2012-06-01 06:49
ComboFix2.txt 2012-05-27 00:20
.
Pre-Run: 23,176,925,184 bytes free
Post-Run: 22,962,647,040 bytes free
.
- - End Of File - - B7F97476547154F2B28F555897D47CBD