Please help, I have a problem!

Status
Not open for further replies.
J

johnnyboyski

Beta member
Messages
4
Hi, First time I've been "done in" by malware. Really thankful if you could help with this one. Here is my log, I'd like to know what is wrong and how to get rid of it! Kind regards johnnyboyski

My HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:11, on 12-April-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\VodBurner\vodburner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncingOLWatchService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKCU\..\Run: [AppVodBurner] C:\Program Files\VodBurner\vodburner.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: avgtray.exe
O4 - Startup: avgui.exe
O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8DB6F92-D155-4026-911A-EF786B9A21D7}: NameServer = 10.176.66.71 10.188.66.103
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 3024 bytes
 
Hi, Here is the malware report:

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Database version: 3979

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18813

13-April-2010 11:09:37
mbam-log-2010-04-13 (11-09-37).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 244198
Time elapsed: 1 hour(s), 34 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks for your input. Regards John
 
Hi, I'm really thankful for your help!

It started last week. I have a homepage (www.jnls.com.au) with 3 email accounts attached. I have made the page myself. All of a sudden I started receiving the below kinds of messages back when I sent emails. Receiving emails is not a problem at all. I must mention that I also have 5 other webpages which we frequently email through (eg. www.workpants.com.au, or Johnd.se, which I have made myself) and these email accounts all work fine. I send everything through MS Outlook 2007 on my laptop.

The people who host the pagejnls.com.au have been great and helped me by doing something at their end, and all of a sudden a few nights ago I could send a few emails again. That only lasted for 5 or 6 emails before the problem was back. I've never had malware, I haven't done anything that would/could really give me malware, and all scans with HJT, malwarebytes, Spybot, AVG and a few others are returning results that I believe show nothing going on. So I'm stuck.

Here is what I get back, really thankful for your help! Cheers, /John




Mail delivery failed: returning message to sender

Mail Delivery System [Mailer-Daemon@sky.host-care.com]

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

linnea@johnd.se
SMTP error from remote mail server after initial connection:
host mx-cluster-a2.one.com [195.47.247.193]: 554 5.7.1 Service unavailable; Client host [72.29.89.15] blocked using zen.dnsbl; http://www.spamhaus.org/query/bl?ip=72.29.89.15

------ This is a copy of the message, including all the headers. ------

Return-path: <info@jnls.com.au>
Received: from [202.124.72.97] (helo=JnLs)
by sky.host-care.com with esmtpa (Exim 4.69)
(envelope-from <info@jnls.com.au>)
id 1O1uet-00017E-Ed
for linnea@johnd.se; Wed, 14 Apr 2010 00:57:15 -0400
From: <info@jnls.com.au>
To: <linnea@johnd.se>
References: <000001cadb52$b931cb90$2b9562b0$@se>
In-Reply-To: <000001cadb52$b931cb90$2b9562b0$@se>
Subject: RE: bok...
Date: Wed, 14 Apr 2010 14:56:53 +1000
Message-ID: <000a01cadb8e$eb123b40$c136b1c0$@com.au>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000B_01CADBE2.BCBE4B40"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcrbUraZu/zulhW+Raqva19n0teDgAAPCoOQ
Content-Language: en-au

This is a multi-part message in MIME format.

------=_NextPart_000_000B_01CADBE2.BCBE4B40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Jo jag fixar, vi h=F6rs lite senare om det. Puss!

=20

JnL's Property Maintenance

+61 43 204 29 72

+61 2 4017 0377

info@jnls.com.au

www.jnls.com.au

=20

From: linnea@johnd.se [mailto:linnea@johnd.se]=20
Sent: Wednesday, 14 April 2010 07:46
To: info@jnls.com.au
Subject: bok...

=20

Hej bubbis! Kan du kolla =94min stora plastl=E5da=94, =F6verst i h=F6gra = delen av svarta garderoben och se om den d=E4r anteckningsboken med nalle puh = ligger d=E4r som =E4r f=E5n n=E4r Jack var liten och s=E5.

=20

Jag skulle vilja veta det imorgon

godnatt

Checked by AVG - AVG Antivirus and Security Software - Virus Protection | Home and Business
Version: 8.5.437 / Virus Database: 271.1.1/2804 - Release Date: 04/11/10 06:32:00


------=_NextPart_000_000B_01CADBE2.BCBE4B40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:eek:=3D"urn:schemas-microsoft-com:eek:ffice:eek:ffice" = xmlns:w=3D"urn:schemas-microsoft-com:eek:ffice:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
 
I'm going to chime in on here too, if you both don't mind...but from what I saw, regardless of the actual problem is, you seem to have two antivirus programs in your system. If both are activated and running, they could potentially cause problems.

I'd suggest to either choose to stick with Trend Micro if you have a current subscription or stick with AVG as it's free.

--Edit--

Okay, I just stupidly realized that the Trend Micro entry I was seeing was the Hijack this files. If you're not using Trend Micro as your antivirus, you're good. *blushes* Sorry!
 
Hi, Again, many thanks! Here is the combofix log:

ComboFix 10-04-14.01 - John de Hosson 5-Apr-2010 14:28:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1053.18.2006.1040 [GMT 10:00]
Running from: c:\users\John de Hosson\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-15 04:35 . 2010-04-15 04:35 -------- d-----w- c:\users\John de Hosson\AppData\Local\temp
2010-04-15 04:35 . 2010-04-15 04:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-15 04:35 . 2010-04-15 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 06:17 . 2010-04-12 06:17 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\Malwarebytes
2010-04-12 06:17 . 2010-03-29 14:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 06:17 . 2010-04-12 06:17 -------- d-----w- c:\programdata\Malwarebytes
2010-04-12 06:17 . 2010-04-12 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 06:17 . 2010-03-29 14:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 11:25 . 2010-04-09 20:11 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-08 11:13 . 2010-04-09 20:11 -------- d-----w- c:\programdata\Lavasoft
2010-04-08 09:57 . 2010-04-09 20:15 -------- d-----w- c:\program files\TweakNow RegCleaner Pro
2010-04-08 09:52 . 2010-04-10 13:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 09:52 . 2010-04-08 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 15:38 . 2010-04-07 15:38 -------- d-----w- c:\program files\VodBurner
2010-04-06 23:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-04-06 23:34 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-06 23:34 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-06 23:34 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-06 23:34 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-06 23:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-04-06 23:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-04-06 23:34 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-06 23:25 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-06 23:24 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-04-06 23:24 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-06 23:24 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-06 23:24 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-06 23:24 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-06 23:24 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-06 23:24 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-04-06 23:23 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-06 23:23 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-06 23:23 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-06 23:18 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-06 23:18 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-06 23:18 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-06 23:18 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-06 23:18 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-06 23:18 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-06 23:18 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-06 23:18 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-06 23:18 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-06 23:04 . 2010-02-24 00:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 22:56 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-06 05:31 . 2010-04-06 05:31 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 04:31 . 2009-03-17 09:39 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\Skype
2010-04-15 04:03 . 2008-01-21 06:21 605434 ----a-w- c:\windows\system32\perfh01D.dat
2010-04-15 04:03 . 2008-01-21 06:21 122762 ----a-w- c:\windows\system32\perfc01D.dat
2010-04-14 10:20 . 2009-03-27 06:45 2140 ----a-w- c:\windows\bthservsdp.dat
2010-04-11 20:50 . 2009-07-06 12:58 -------- d-----r- c:\program files\Skype
2010-04-07 08:40 . 2009-03-17 09:06 104256 ----a-w- c:\users\John de Hosson\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-07 06:27 . 2009-03-23 10:20 -------- d-----w- c:\programdata\Microsoft Help
2010-04-06 03:35 . 2009-05-17 05:01 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\FileZilla
2010-04-03 19:44 . 2009-05-09 04:42 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\VSO
2010-03-31 10:08 . 2009-03-22 05:30 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\BitTorrent
2010-03-18 22:02 . 2009-11-26 19:25 3535200 ----a-w- c:\users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgui.exe
2010-03-18 22:02 . 2009-11-26 19:25 2046816 ----a-w- c:\users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgtray.exe
2010-02-26 00:25 . 2009-04-05 04:36 -------- d-----w- c:\program files\Alfons
2010-02-14 08:46 . 2009-05-23 23:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-02-11 18:18 . 2009-02-11 18:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1SYNCING.NET Unread]
@="{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}"
[HKEY_CLASSES_ROOT\CLSID\{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2SYNCING.NET Shared Folder]
@="{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}"
[HKEY_CLASSES_ROOT\CLSID\{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3SYNCING.NET CheckedOutByTeammate]
@="{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}"
[HKEY_CLASSES_ROOT\CLSID\{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SYNCING.NET CheckedOutByMe]
@="{B133F3E9-124C-4669-BFFF-1B74508B5A84}"
[HKEY_CLASSES_ROOT\CLSID\{B133F3E9-124C-4669-BFFF-1B74508B5A84}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SYNCING.NET DownArrow]
@="{0B914147-F836-4cfa-893A-ECE90B815982}"
[HKEY_CLASSES_ROOT\CLSID\{0B914147-F836-4cfa-893A-ECE90B815982}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppVodBurner"="c:\program files\VodBurner\vodburner.exe" [2010-04-02 4903936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

c:\users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avgtray.exe [2010-3-19 2046816]
avgui.exe [2010-3-19 3535200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7B0E5486-E11D-437f-AC8B-7901C7D3FCCB}"= "c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll" [2009-07-20 832904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6c,95,69,48,1a,34,ca,01

R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
R2 SUNLITE;SIUDI OUT;c:\windows\system32\Drivers\siudi.sys [2009-07-28 17680]
R3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\INQ1usbser.sys [2008-03-20 103680]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R4 0165201237432381mcinstcleanup;McAfee Application Installer Cleanup (0165201237432381);c:\windows\TEMP\016520~1.EXE [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-26 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-26 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-11-26 297752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-05 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 10:22]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 10:22]

2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{D5EF0643-2C09-4A1D-A1A6-B2045DDF6B66}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uLocal Page =
uStart Page = hxxp://www.google.com.au/
mLocal Page =
IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-15 14:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3620)
c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
.
Completion time: 2010-04-15 14:37:50
ComboFix-quarantined-files.txt 2010-04-15 04:37
ComboFix2.txt 2010-04-15 03:53

Pre-Run: 78,038,986,752 byte ledigt
Post-Run: 77,892,931,584 byte ledigt

- - End Of File - - B76E8FA4A3B3AF864BE288938BE9F626
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom