Hi, Again, many thanks! Here is the combofix log:
ComboFix 10-04-14.01 - John de Hosson 5-Apr-2010 14:28:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1053.18.2006.1040 [GMT 10:00]
Running from: c:\users\John de Hosson\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 04:35 . 2010-04-15 04:35 -------- d-----w- c:\users\John de Hosson\AppData\Local\temp
2010-04-15 04:35 . 2010-04-15 04:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-15 04:35 . 2010-04-15 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 06:17 . 2010-04-12 06:17 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\Malwarebytes
2010-04-12 06:17 . 2010-03-29 14:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 06:17 . 2010-04-12 06:17 -------- d-----w- c:\programdata\Malwarebytes
2010-04-12 06:17 . 2010-04-12 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 06:17 . 2010-03-29 14:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 11:25 . 2010-04-09 20:11 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-08 11:13 . 2010-04-09 20:11 -------- d-----w- c:\programdata\Lavasoft
2010-04-08 09:57 . 2010-04-09 20:15 -------- d-----w- c:\program files\TweakNow RegCleaner Pro
2010-04-08 09:52 . 2010-04-10 13:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 09:52 . 2010-04-08 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 15:38 . 2010-04-07 15:38 -------- d-----w- c:\program files\VodBurner
2010-04-06 23:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-04-06 23:34 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-06 23:34 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-06 23:34 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-06 23:34 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-06 23:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-04-06 23:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-04-06 23:34 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-06 23:25 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-06 23:24 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-04-06 23:24 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-06 23:24 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-06 23:24 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-06 23:24 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-06 23:24 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-06 23:24 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-04-06 23:23 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-06 23:23 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-06 23:23 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-06 23:18 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-06 23:18 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-06 23:18 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-06 23:18 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-06 23:18 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-06 23:18 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-06 23:18 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-06 23:18 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-06 23:18 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-06 23:04 . 2010-02-24 00:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 22:56 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-06 05:31 . 2010-04-06 05:31 -------- d-----w- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 04:31 . 2009-03-17 09:39 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\Skype
2010-04-15 04:03 . 2008-01-21 06:21 605434 ----a-w- c:\windows\system32\perfh01D.dat
2010-04-15 04:03 . 2008-01-21 06:21 122762 ----a-w- c:\windows\system32\perfc01D.dat
2010-04-14 10:20 . 2009-03-27 06:45 2140 ----a-w- c:\windows\bthservsdp.dat
2010-04-11 20:50 . 2009-07-06 12:58 -------- d-----r- c:\program files\Skype
2010-04-07 08:40 . 2009-03-17 09:06 104256 ----a-w- c:\users\John de Hosson\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-07 06:27 . 2009-03-23 10:20 -------- d-----w- c:\programdata\Microsoft Help
2010-04-06 03:35 . 2009-05-17 05:01 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\FileZilla
2010-04-03 19:44 . 2009-05-09 04:42 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\VSO
2010-03-31 10:08 . 2009-03-22 05:30 -------- d-----w- c:\users\John de Hosson\AppData\Roaming\BitTorrent
2010-03-18 22:02 . 2009-11-26 19:25 3535200 ----a-w- c:\users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgui.exe
2010-03-18 22:02 . 2009-11-26 19:25 2046816 ----a-w- c:\users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgtray.exe
2010-02-26 00:25 . 2009-04-05 04:36 -------- d-----w- c:\program files\Alfons
2010-02-14 08:46 . 2009-05-23 23:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-02-11 18:18 . 2009-02-11 18:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1SYNCING.NET Unread]
@="{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}"
[HKEY_CLASSES_ROOT\CLSID\{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2SYNCING.NET Shared Folder]
@="{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}"
[HKEY_CLASSES_ROOT\CLSID\{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3SYNCING.NET CheckedOutByTeammate]
@="{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}"
[HKEY_CLASSES_ROOT\CLSID\{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SYNCING.NET CheckedOutByMe]
@="{B133F3E9-124C-4669-BFFF-1B74508B5A84}"
[HKEY_CLASSES_ROOT\CLSID\{B133F3E9-124C-4669-BFFF-1B74508B5A84}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SYNCING.NET DownArrow]
@="{0B914147-F836-4cfa-893A-ECE90B815982}"
[HKEY_CLASSES_ROOT\CLSID\{0B914147-F836-4cfa-893A-ECE90B815982}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppVodBurner"="c:\program files\VodBurner\vodburner.exe" [2010-04-02 4903936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
c:\users\John de Hosson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avgtray.exe [2010-3-19 2046816]
avgui.exe [2010-3-19 3535200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7B0E5486-E11D-437f-AC8B-7901C7D3FCCB}"= "c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll" [2009-07-20 832904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6c,95,69,48,1a,34,ca,01
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
R2 SUNLITE;SIUDI OUT;c:\windows\system32\Drivers\siudi.sys [2009-07-28 17680]
R3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\INQ1usbser.sys [2008-03-20 103680]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R4 0165201237432381mcinstcleanup;McAfee Application Installer Cleanup (0165201237432381);c:\windows\TEMP\016520~1.EXE [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-26 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-26 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-11-26 297752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-05 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 10:22]
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 10:22]
2010-04-15 c:\windows\Tasks\User_Feed_Synchronization-{D5EF0643-2C09-4A1D-A1A6-B2045DDF6B66}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uLocal Page =
uStart Page = hxxp://www.google.com.au/
mLocal Page =
IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-15 14:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3620)
c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
.
Completion time: 2010-04-15 14:37:50
ComboFix-quarantined-files.txt 2010-04-15 04:37
ComboFix2.txt 2010-04-15 03:53
Pre-Run: 78,038,986,752 byte ledigt
Post-Run: 77,892,931,584 byte ledigt
- - End Of File - - B76E8FA4A3B3AF864BE288938BE9F626