Hello,
thank you for replying. I did what you told me to do, here's the report. I don't know why it says F-Secure (="Saunalahti Turvapaketti") is enabled as I did disable it, the icon had the red cross etc.
ComboFix 09-10-08.04 - merkku 10.10.2009 16:09.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1791.985 [GMT 3:00]
Running from: c:\users\merkku\desktop\ComboFix.exe
FW: Saunalahti Turvapaketti 7.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3987257784-22570265-891074465-500
c:\windows\Installer\22a5b5.msi
.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.
2009-10-10 13:17 . 2009-10-10 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-07 02:17 . 2009-10-07 09:53 -------- d-----w- c:\program files\ERUNT
2009-10-04 22:19 . 2009-10-04 22:19 680 ----a-w- c:\users\merkku\AppData\Local\d3d9caps.dat
2009-10-04 22:19 . 2009-10-04 22:19 -------- d-----w- c:\windows\Sun
2009-10-02 22:44 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 12:43 . 2007-06-23 21:36 88430 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-10 12:43 . 2007-06-23 21:36 450820 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-09 12:10 . 2007-09-11 11:44 -------- d-----w- c:\program files\Saunalahti Turvapaketti
2009-10-07 09:43 . 2008-08-03 12:17 -------- d-----w- c:\program files\Java
2009-09-28 23:51 . 2007-10-15 07:04 -------- d-----w- c:\users\merkku\AppData\Roaming\Canon
2009-09-16 15:09 . 2008-07-03 17:08 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-09-09 00:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 12:39 . 2009-09-02 20:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 20:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-18 00:55 . 2009-08-18 00:54 -------- d-----w- c:\program files\AllMusicConverter
2009-08-18 00:40 . 2009-08-18 00:40 -------- d-----w- c:\users\merkku\AppData\Roaming\Apple Computer
2009-08-18 00:39 . 2009-08-18 00:37 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-18 00:39 . 2009-08-18 00:37 -------- d-----w- c:\program files\iTunes
2009-08-18 00:38 . 2009-08-18 00:38 -------- d-----w- c:\program files\iPod
2009-08-18 00:37 . 2009-08-18 00:15 -------- d-----w- c:\program files\Common Files\Apple
2009-08-18 00:37 . 2009-08-18 00:30 -------- d-----w- c:\programdata\Apple Computer
2009-08-18 00:36 . 2009-08-18 00:36 -------- d-----w- c:\program files\Bonjour
2009-08-18 00:34 . 2009-08-18 00:30 -------- d-----w- c:\program files\QuickTime
2009-08-18 00:20 . 2009-08-18 00:20 -------- d-----w- c:\program files\Apple Software Update
2009-08-18 00:15 . 2009-08-18 00:15 -------- d-----w- c:\programdata\Apple
2009-08-14 17:07 . 2009-09-08 19:13 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-08 19:13 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-08 19:12 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-08 19:12 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-08 19:12 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-08 19:12 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-08 19:13 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-08 19:12 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-08 19:12 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16 . 2009-09-08 19:12 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 08:35 . 2009-08-18 00:54 10936 ----a-w- c:\windows\system32\MusCVideo.dll
2009-08-14 08:35 . 2009-08-18 00:54 3768 ----a-w- c:\windows\system32\MusCVideo.sys
2009-08-14 08:35 . 2009-08-18 00:54 23096 ----a-w- c:\windows\system32\MusCAudio.sys
2009-08-14 08:35 . 2009-08-18 00:54 23096 ----a-w- c:\windows\system32\drivers\MusCAudio.sys
2009-08-13 15:03 . 2009-08-18 00:54 245760 ----a-w- c:\windows\system32\snmvtsvc.exe
2009-07-25 02:23 . 2009-06-20 13:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:06 . 2009-07-29 13:32 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 13:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 20:26 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 20:25 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 20:25 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 20:25 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 20:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2008-09-24 01:00 . 2007-06-23 11:17 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-27 21:02 . 2007-07-27 21:02 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-07-27 21:02 . 2007-07-27 21:02 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2007-06-23 21:41 . 2007-06-23 21:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 3411968]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"F-Secure Manager"="c:\program files\Saunalahti Turvapaketti\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Saunalahti Turvapaketti\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\users\merkku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B1C6B758-729B-4831-B814-8D0B88273271}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{AC1A3EE6-1E9B-4AF4-83B6-43B183D03FE8}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{F83C4120-8162-4A27-9BFC-6FA9D8D4858D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A6A27418-ADF1-45C7-A049-164D7666FBEC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C72BADB7-9989-4FCC-BD06-949D21FD2AAA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5291BB78-5C6F-4654-90F5-F9D1CBBDEF6E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F9079D34-0319-4D9B-825D-DE2E2A5CA002}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{78914C48-11D9-48CD-8FC8-0B6D3069557E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"= c:\program files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe:*:Enabled:River Past Animated GIF Converter
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [28.7.2007 0:10 33920]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Saunalahti Turvapaketti\HIPS\drivers\fshs.sys [28.7.2007 0:09 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [11.9.2007 14:46 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [11.9.2007 14:46 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Saunalahti Turvapaketti\Anti-Virus\minifilter\fsvista.sys [11.9.2007 14:44 12384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Saunalahti Turvapaketti\Anti-Virus\minifilter\fsgk.sys [11.9.2007 14:44 100984]
R3 MusCAudio;MusCAudio;c:\windows\System32\drivers\MusCAudio.sys [18.8.2009 3:54 23096]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 14:42 64000]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Saunalahti Turvapaketti\ORSP Client\fsorsp.exe [28.7.2007 0:09 55904]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.6.2007 14:17 29744]
S3 SMServer;SMServer;c:\windows\System32\snmvtsvc.exe [18.8.2009 3:54 245760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Saunalahti Turvapaketti\Anti-Virus\win2k\fsfilter.sys [11.9.2007 14:44 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Saunalahti Turvapaketti\Anti-Virus\win2k\fsrec.sys [11.9.2007 14:44 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contents of the 'Scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\Laajennettu takuu.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-06-23 16:38]
2009-10-10 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fi/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Saunalahti Turvapaketti\FSPS\program\fslsp.dll
FF - ProfilePath - c:\users\merkku\AppData\Roaming\Mozilla\Firefox\Profiles\vy1rdj0l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-VidGIF_is1 - c:\program files\GeoVid\VidGIF\unins000.exe
AddRemove-{F5CE5428-B9ED-4A00-8EEE-7E672F381618}_is1 - c:\program files\bitsoft.net\123 AVI to GIF Converter\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-10 16:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
[0] 0x575C3A43
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\program files\Saunalahti Turvapaketti\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(648)
c:\program files\Saunalahti Turvapaketti\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(540)
c:\program files\Saunalahti Turvapaketti\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(592)
c:\program files\Saunalahti Turvapaketti\FWES\Program\fsdc32.dll
.
Completion time: 2009-10-10 16:21
ComboFix-quarantined-files.txt 2009-10-10 13:21
Pre-Run: 89 725 386 752 tavua vapaana
Post-Run: 90 144 247 808 tavua vapaana
207 --- E O F --- 2009-10-08 18:33