ComboFix 12-02-24.02 - Acer 02/24/2012 16:45:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.336 [GMT -6:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-20 03:03 . 2012-02-20 03:03 -------- d-----w- c:\documents and settings\Administrator
2012-02-20 02:23 . 2012-02-20 02:23 11264 ----a-w- c:\windows\system32\drivers\uzixmzmz.sys
2012-02-15 20:30 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 20:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 01:12 . 2012-02-13 01:12 -------- d-----w- c:\program files\ESET
2012-02-13 00:28 . 2012-02-13 00:28 -------- d-----w- c:\documents and settings\Acer\Application Data\Malwarebytes
2012-02-13 00:28 . 2012-02-13 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 00:28 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 00:28 . 2012-02-13 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-10 05:45 . 2012-02-10 05:45 -------- d-----w- c:\documents and settings\Acer\Application Data\Auslogics
2012-02-10 05:44 . 2012-02-10 05:44 -------- d-----w- c:\program files\Auslogics
2012-02-04 01:26 . 2012-02-04 01:26 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 21:15 . 2011-06-27 23:41 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2010-07-22 07:37 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2010-07-22 07:37 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2010-07-22 07:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2010-07-22 07:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2010-07-22 07:37 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 00:37 . 2011-10-19 02:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-22 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-07-25 525752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_pro.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [7/22/2010 3:04 AM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [7/22/2010 3:04 AM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [7/22/2010 3:04 AM 58800]
R1 uzixmzmz;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzixmzmz.sys [2/19/2012 8:23 PM 11264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [7/19/2010 2:11 AM 321104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2012 6:28 PM 652360]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [7/25/2011 10:51 AM 1105848]
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe [6/1/2010 4:27 PM 2057560]
R2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [11/8/2010 12:09 AM 2647552]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 3:12 AM 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 2:56 AM 243232]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/30/2010 3:50 AM 61552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2012 6:28 PM 20464]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [5/26/2010 8:41 PM 305520]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [12/16/2010 6:55 PM 3221120]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [11/23/2011 2:36 AM 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2011 5:33 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 2:30 AM 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 1:03 AM 30944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2011 5:33 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 23:33]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-27 23:33]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-381150471-1547963291-1499398264-1006Core.job
- c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 23:24]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-381150471-1547963291-1499398264-1006UA.job
- c:\documents and settings\Acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-27 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1210k655l0414wu05w4722u197
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\to53ajy0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{1A706628-DEF5-4325-97E3-2FF5A6C0677D} - c:\documents and settings\Acer\Local Settings\Application Data\TLM Professional\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-02-24 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-24 17:16:55
ComboFix-quarantined-files.txt 2012-02-24 23:16
.
Pre-Run: 81,579,753,472 bytes free
Post-Run: 82,298,208,256 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C7C02550BE80C94C43D34D3DE9B9B3CA
Hi my computer still seems to be kind of slow but not as slow as when i first got the virus.