ComboFix 11-11-09.02 - Zoltan 09/11/2011 20:31:07.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2047.1254 [GMT -8:00] Running from: c:\users\Zoltan\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 ))))))))))))))))))))))))))))))) . . 2011-11-10 04:34 . 2011-11-10 04:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-10 04:16 . 2011-11-10 04:16 -------- d-----w- c:\programdata\Malwarebytes 2011-11-10 04:16 . 2011-11-10 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-10 04:16 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-09 16:14 . 2011-11-09 17:13 -------- d-----w- c:\programdata\SecTaskMan 2011-11-09 16:14 . 2011-11-09 16:14 -------- d-----w- c:\program files\Security Task Manager 2011-11-08 18:56 . 2011-11-08 18:56 378368 ----a-w- c:\windows\system32\winhttp.dll 2011-11-08 18:54 . 2011-11-08 18:54 268800 ----a-w- c:\windows\system32\es.dll 2011-11-08 18:45 . 2011-11-08 18:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-08 18:45 . 2011-11-08 18:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-08 18:42 . 2011-11-09 15:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-11-08 18:42 . 2011-11-08 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-11-08 18:33 . 2011-11-08 18:34 -------- d-----w- c:\program files\AVG Secure Search 2011-11-08 18:33 . 2011-11-08 18:33 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2011-11-08 18:33 . 2011-11-08 18:33 -------- d--h--w- c:\programdata\Common Files 2011-11-08 18:32 . 2011-11-10 01:21 -------- d-----w- c:\windows\system32\drivers\AVG 2011-11-08 18:32 . 2011-11-08 18:48 -------- d-----w- c:\programdata\AVG2012 2011-11-08 18:31 . 2011-11-08 18:31 -------- d-----w- c:\program files\AVG 2011-11-08 18:28 . 2011-11-10 01:21 -------- d-----w- c:\programdata\MFAData 2011-11-08 12:55 . 2011-11-08 12:55 156672 ----a-w- c:\windows\system32\t2embed.dll 2011-11-08 12:55 . 2011-11-08 12:55 72704 ----a-w- c:\windows\system32\fontsub.dll 2011-11-08 12:55 . 2011-11-08 12:55 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-11-08 12:55 . 2011-11-08 12:55 289792 ----a-w- c:\windows\system32\atmfd.dll 2011-11-08 12:55 . 2011-11-08 12:55 24064 ----a-w- c:\windows\system32\lpk.dll 2011-11-08 12:55 . 2011-11-08 12:55 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-11-08 12:51 . 2011-11-08 12:51 61440 ----a-w- c:\windows\system32\winipsec.dll 2011-11-08 12:50 . 2011-11-08 12:50 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-11-08 12:50 . 2011-11-08 12:50 306688 ----a-w- c:\windows\system32\drivers\srv.sys 2011-11-08 12:49 . 2011-11-08 12:49 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2011-11-08 12:49 . 2011-11-08 12:49 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-11-08 12:49 . 2011-11-08 12:49 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2011-11-08 12:48 . 2011-11-08 12:48 15360 ----a-w- c:\windows\system32\netevent.dll 2011-11-08 12:48 . 2011-11-08 12:48 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-11-08 12:48 . 2011-11-08 12:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-11-08 12:48 . 2011-11-08 12:48 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-11-08 12:48 . 2011-11-08 12:48 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-11-08 12:48 . 2011-11-08 12:48 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-11-08 12:48 . 2011-11-08 12:48 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-11-08 12:48 . 2011-11-08 12:48 103936 ----a-w- c:\windows\system32\netiohlp.dll 2011-11-08 12:48 . 2011-11-08 12:48 10240 ----a-w- c:\windows\system32\finger.exe 2011-11-08 12:46 . 2011-11-08 12:46 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr 2011-11-08 12:46 . 2011-11-08 12:46 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll 2011-11-08 12:46 . 2011-11-08 12:46 24064 ----a-w- c:\windows\system32\wtsapi32.dll 2011-11-08 12:46 . 2011-11-08 12:46 258232 ----a-w- c:\windows\system32\drivers\acpi.sys 2011-11-08 12:46 . 2011-11-08 12:46 542720 ----a-w- c:\windows\system32\sysmain.dll 2011-11-08 12:46 . 2011-11-08 12:46 194560 ----a-w- c:\windows\system32\WebClnt.dll 2011-11-08 12:46 . 2011-11-08 12:46 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2011-11-08 12:45 . 2011-11-08 12:45 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2011-11-08 12:45 . 2011-11-08 12:45 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2011-11-08 12:45 . 2011-11-08 12:45 502272 ----a-w- c:\windows\system32\wlansvc.dll 2011-11-08 12:45 . 2011-11-08 12:45 47104 ----a-w- c:\windows\system32\wlanapi.dll 2011-11-08 12:45 . 2011-11-08 12:45 297984 ----a-w- c:\windows\system32\wlansec.dll 2011-11-08 12:45 . 2011-11-08 12:45 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2011-11-08 12:44 . 2011-11-08 12:44 2048 ----a-w- c:\windows\system32\msxml3r.dll 2011-11-08 12:44 . 2011-11-08 12:44 1260032 ----a-w- c:\windows\system32\msxml3.dll 2011-11-08 12:44 . 2011-11-08 12:44 2048 ----a-w- c:\windows\system32\msxml6r.dll 2011-11-08 12:44 . 2011-11-08 12:44 1406464 ----a-w- c:\windows\system32\msxml6.dll 2011-11-08 12:43 . 2011-11-08 12:43 216576 ----a-w- c:\windows\system32\msv1_0.dll 2011-11-08 12:42 . 2011-11-08 12:42 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-11-08 12:42 . 2011-11-08 12:42 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-11-08 12:42 . 2011-11-08 12:42 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-11-08 12:41 . 2011-11-08 12:41 98816 ----a-w- c:\windows\system32\mfps.dll 2011-11-08 12:41 . 2011-11-08 12:41 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2011-11-08 12:41 . 2011-11-08 12:41 2855424 ----a-w- c:\windows\system32\mf.dll 2011-11-08 12:41 . 2011-11-08 12:41 24576 ----a-w- c:\windows\system32\mfpmp.exe 2011-11-08 12:41 . 2011-11-08 12:41 2048 ----a-w- c:\windows\system32\mferror.dll 2011-11-08 12:40 . 2011-11-08 12:40 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-11-08 12:40 . 2011-11-08 12:40 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-11-08 12:37 . 2011-11-08 12:37 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-11-08 12:37 . 2011-11-08 12:37 71680 ----a-w- c:\windows\system32\atl.dll 2011-11-08 12:36 . 2011-11-08 12:36 297472 ----a-w- c:\windows\system32\gdi32.dll 2011-11-08 12:35 . 2011-11-08 12:35 41984 ----a-w- c:\windows\system32\drivers\monitor.sys 2011-11-08 12:35 . 2011-11-08 12:35 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-11-08 12:33 . 2011-11-08 12:33 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2011-11-08 12:32 . 2011-11-08 12:32 500736 ----a-w- c:\windows\system32\msdtcprx.dll 2011-11-08 12:32 . 2011-11-08 12:32 30208 ----a-w- c:\windows\system32\xolehlp.dll 2011-11-08 12:32 . 2011-11-08 12:32 156160 ----a-w- c:\windows\system32\wkssvc.dll 2011-11-08 12:31 . 2011-11-08 12:31 36352 ----a-w- c:\windows\system32\tsgqec.dll 2011-11-08 12:31 . 2011-11-08 12:31 1871872 ----a-w- c:\windows\system32\mstscax.dll 2011-11-08 12:31 . 2011-11-08 12:31 116736 ----a-w- c:\windows\system32\aaclient.dll 2011-11-08 12:30 . 2011-11-08 12:30 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2011-11-08 12:28 . 2011-11-08 12:28 713728 ----a-w- c:\windows\system32\timedate.cpl 2011-11-08 12:27 . 2011-11-08 12:27 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll 2011-11-08 12:27 . 2011-11-08 12:27 86016 ----a-w- c:\windows\system32\icfupgd.dll 2011-11-08 12:27 . 2011-11-08 12:27 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys 2011-11-08 12:27 . 2011-11-08 12:27 396800 ----a-w- c:\windows\system32\MPSSVC.dll 2011-11-08 12:27 . 2011-11-08 12:27 392192 ----a-w- c:\windows\system32\FirewallAPI.dll 2011-11-08 12:27 . 2011-11-08 12:27 16896 ----a-w- c:\windows\system32\wfapigp.dll 2011-11-08 12:27 . 2011-11-08 12:27 61952 ----a-w- c:\windows\system32\cmifw.dll 2011-11-08 12:25 . 2011-11-08 12:25 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll 2011-11-08 12:25 . 2011-11-08 12:25 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2011-11-08 12:25 . 2011-11-08 12:25 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2011-11-08 12:25 . 2011-11-08 12:25 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll 2011-11-08 12:23 . 2011-11-08 12:23 1244672 ----a-w- c:\windows\system32\mcmde.dll 2011-11-08 12:23 . 2011-11-08 12:23 80896 ----a-w- c:\windows\system32\MSNP.ax 2011-11-08 12:23 . 2011-11-08 12:23 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-11-08 12:23 . 2011-11-08 12:23 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-11-08 12:23 . 2011-11-08 12:23 428032 ----a-w- c:\windows\system32\EncDec.dll 2011-11-08 12:23 . 2011-11-08 12:23 292352 ----a-w- c:\windows\system32\psisdecd.dll 2011-11-08 12:23 . 2011-11-08 12:23 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-11-08 12:23 . 2011-11-08 12:23 177152 ----a-w- c:\windows\system32\mpg2splt.ax 2011-11-08 12:21 . 2011-11-08 12:21 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-08 12:20 . 2011-11-08 12:20 696832 ----a-w- c:\windows\system32\localspl.dll 2011-11-08 12:18 . 2011-11-08 12:18 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys 2011-11-08 12:18 . 2011-11-08 12:18 21560 ----a-w- c:\windows\system32\drivers\atapi.sys 2011-11-08 12:18 . 2011-11-08 12:18 109624 ----a-w- c:\windows\system32\drivers\ataport.sys 2011-11-08 12:18 . 2011-11-08 12:18 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-11-08 12:18 . 2011-11-08 12:18 17464 ----a-w- c:\windows\system32\drivers\intelide.sys 2011-11-08 12:18 . 2011-11-08 12:18 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys 2011-11-08 12:16 . 2011-11-08 12:16 2923520 ----a-w- c:\windows\explorer.exe 2011-11-08 12:15 . 2011-11-08 12:15 7680 ----a-w- c:\windows\system32\lsass.exe 2011-11-08 12:15 . 2011-11-08 12:15 72704 ----a-w- c:\windows\system32\secur32.dll 2011-11-08 12:15 . 2011-11-08 12:15 494592 ----a-w- c:\windows\system32\kerberos.dll 2011-11-08 12:15 . 2011-11-08 12:15 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-11-08 12:15 . 2011-11-08 12:15 175104 ----a-w- c:\windows\system32\wdigest.dll 2011-11-08 12:15 . 2011-11-08 12:15 272384 ----a-w- c:\windows\system32\schannel.dll 2011-11-08 12:15 . 2011-11-08 12:15 1233920 ----a-w- c:\windows\system32\lsasrv.dll 2011-11-08 12:14 . 2011-11-08 12:14 24064 ----a-w- c:\windows\system32\netcfg.exe 2011-11-08 12:10 . 2011-11-08 12:10 1585664 ----a-w- c:\windows\system32\setupapi.dll 2011-11-08 12:10 . 2011-11-08 12:10 40960 ----a-w- c:\windows\system32\srclient.dll 2011-11-08 12:08 . 2011-11-08 12:08 549888 ----a-w- c:\windows\system32\rpcss.dll 2011-11-08 12:08 . 2011-11-08 12:08 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-11-08 12:08 . 2011-11-08 12:08 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2011-11-08 12:08 . 2011-11-08 12:08 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2011-11-08 12:08 . 2011-11-08 12:08 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-08 18:52 . 2011-11-08 18:52 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui 2011-11-08 12:53 . 2011-11-08 12:53 52736 ----a-w- c:\windows\apppatch\iebrshim.dll 2011-11-08 12:10 . 2011-11-08 12:10 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui 2011-11-08 12:10 . 2011-11-08 12:10 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui 2011-11-08 12:10 . 2011-11-08 12:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui 2011-11-08 12:10 . 2011-11-08 12:10 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui 2011-11-08 12:10 . 2011-11-08 12:10 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui 2011-11-08 12:10 . 2011-11-08 12:10 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui 2011-11-08 12:04 . 2011-11-08 12:04 40960 ----a-w- c:\windows\apppatch\apihex86.dll 2011-11-08 11:26 . 2011-11-08 11:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2011-11-08 11:26 . 2011-11-08 11:26 537600 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-11-08 11:26 . 2011-11-08 11:26 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-11-08 11:26 . 2011-11-08 11:26 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-11-08 11:26 . 2011-11-08 11:26 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-11-08 09:59 . 2007-07-17 05:48 1254 ----a-w- c:\windows\CLEANUP.CMD 2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-10-04 14:21 . 2011-10-04 14:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys 2011-09-13 14:30 . 2011-09-13 14:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2011-11-08 18:33 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-08 1451336] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-11-08 1232896] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908] "Skytel"="Skytel.exe" [2007-06-15 1826816] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-14 178280] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-08 218464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-16 535336] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-03 13560] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-08 246624] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] . . Contents of the 'Scheduled Tasks' folder . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972722334-2917059483-2706909478-1000Core.job - c:\users\Zoltan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 15:34] . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972722334-2917059483-2706909478-1000UA.job - c:\users\Zoltan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 15:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://en.ca.acer.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.ca.acer.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd HKLM-Run-eRecoveryService - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-09 20:34 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(6124) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . Completion time: 2011-11-09 20:35:55 ComboFix-quarantined-files.txt 2011-11-10 04:35 . Pre-Run: 120,794,378,240 bytes free Post-Run: 120,805,150,720 bytes free . - - End Of File - - E35E5326342E736EA9ED8BA516FA081F