Dear Ralphie,
First of all, thank you very much for offering me your help.
I'm very happy to announce that my system now looks clean after following your advice and doesn't show the malicious symptoms as previously. But, I'm aware that there might be corruptions or parts that should be cleaned up afterwards. Therefore, I will explain the procedure I have taken and paste the ComboFix.txt log.
I have downloaded and started ComboFix.exe from my desktop. After a couple of minutes, ComboFix showed a dialog box saying there is a presence of a rootkit activity on my system and should be rebooted. I did reboot and ComboFix started automatically before Vista. It completed all stages and reported deletion of several files. Then, Vista started normally.
I tried to search Google for "windowsupdate" and "windows update" and the searches passed successfully. Then, I ran Windows Update and completed with download and installation of updates successfully. Obviously, the previous symptoms didn't appear anymore :)
Now my system looks normal and clean. However, I'm pasting the ComboFix.txt to check if everything is ok. Also, I'm interested what sort of virus/worm/trojan my system was infected with.
Again, thank you for your precise advice.
ComboFix 10-04-20.04 - Zlatko 04/21/2010 17:47:17.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1251.389.1033.18.3327.2240 [GMT 2:00]
Running from: c:\users\Zlatko\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2550326204-3790776232-2029245963-1000
c:\$recycle.bin\S-1-5-21-2550326204-3790776232-2029245963-1001
c:\recycler\S-1-5-21-7868272681-4902878910-501906979-1225
c:\windows\system32\97dc0401.dat
c:\windows\system32\ad6d7648.dll
c:\windows\system32\F44DC6626D.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\uninstall.exe
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 16:00 . 2010-04-21 16:00 -------- d-----w- c:\users\Zlatko\AppData\Local\temp
2010-04-20 22:34 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-20 22:34 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-20 22:34 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-20 22:34 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-20 22:34 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-20 22:34 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-20 22:34 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-20 22:34 . 2010-04-20 22:34 -------- d-----w- c:\programdata\Alwil Software
2010-04-20 22:34 . 2010-04-20 22:34 -------- d-----w- c:\program files\Alwil Software
2010-04-20 17:11 . 2010-04-20 17:11 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-20 16:31 . 2008-03-02 01:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-04-20 16:31 . 2010-04-20 16:31 -------- d-----w- c:\program files\Trend Micro
2010-04-20 15:48 . 2010-04-20 15:48 388096 ----a-r- c:\users\Zlatko\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-20 15:48 . 2010-04-20 15:48 -------- d-----w- c:\program files\TrendMicro
2010-04-19 22:51 . 2010-04-19 22:51 -------- d-----w- c:\users\Zlatko\AppData\Roaming\Wireshark
2010-04-19 21:28 . 2010-04-19 21:28 -------- d-----w- c:\program files\WinPcap
2010-04-19 20:31 . 2010-04-19 20:31 -------- d-----w- c:\program files\Sophos
2010-04-19 19:56 . 2010-04-19 19:56 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-04-19 00:28 . 2010-04-19 00:28 -------- d-----w- C:\$AVG
2010-04-18 23:50 . 2010-04-18 23:50 -------- d-----w- c:\program files\AVG
2010-04-18 22:13 . 2010-04-18 23:02 -------- d-----w- c:\program files\Exterminate It!
2010-04-18 10:47 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-18 10:46 . 2010-04-18 20:41 -------- d-----w- c:\windows\system32\catroot2
2010-04-18 10:46 . 2010-04-18 10:51 -------- d-----w- c:\windows\system32\catroot2(750)
2010-04-17 00:28 . 2010-04-21 15:45 -------- d-----w- c:\windows\system32\wbem\repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 15:44 . 2010-01-06 16:45 52782 ----a-w- c:\programdata\nvModes.dat
2010-04-21 15:43 . 2008-10-12 00:28 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-21 15:43 . 2008-11-16 16:15 -------- d-----w- c:\users\Zlatko\AppData\Roaming\BitTorrent
2010-04-21 15:43 . 2008-11-16 16:15 -------- d-----w- c:\users\Zlatko\AppData\Roaming\DNA
2010-04-21 15:25 . 2009-01-07 16:34 -------- d-----w- c:\users\Zlatko\AppData\Roaming\VoozieMaker
2010-04-21 15:24 . 2008-11-16 16:15 -------- d-----w- c:\program files\DNA
2010-04-20 23:22 . 2008-10-13 22:27 -------- d-----w- c:\program files\LogMeIn
2010-04-20 16:31 . 2008-10-11 16:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 22:30 . 2008-10-11 20:49 -------- d-----w- c:\users\Zlatko\AppData\Roaming\Skype
2010-04-19 22:08 . 2008-10-11 21:11 -------- d-----w- c:\users\Zlatko\AppData\Roaming\skypePM
2010-04-19 21:28 . 2009-10-04 22:22 -------- d-----w- c:\program files\Wireshark
2010-04-18 20:36 . 2009-09-21 14:10 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-18 20:36 . 2008-10-11 21:30 -------- d-----w- c:\users\Zlatko\AppData\Roaming\Winamp
2010-04-18 20:36 . 2009-11-29 03:19 -------- d-----w- c:\users\Zlatko\AppData\Roaming\Luxology
2010-04-18 20:36 . 2008-10-11 21:42 -------- d-----w- c:\users\Zlatko\AppData\Roaming\GHISLER
2010-04-18 20:36 . 2010-02-18 20:45 -------- d-----w- c:\program files\Real
2010-04-18 20:36 . 2009-01-07 16:33 -------- d-----w- c:\programdata\Make A Voozie
2010-04-18 20:36 . 2008-11-30 16:14 -------- d-----w- c:\programdata\FLEXnet
2010-04-18 20:36 . 2008-10-11 21:30 -------- d-----w- c:\program files\Winamp
2010-04-18 20:36 . 2008-10-16 18:42 -------- d-----w- c:\program files\QuickTime
2010-04-18 20:36 . 2010-02-18 20:45 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-18 20:36 . 2008-10-11 20:58 -------- d-----w- c:\program files\Google
2010-04-18 20:36 . 2009-09-06 01:39 -------- d-----w- c:\program files\BitTorrent
2010-04-18 19:58 . 2008-10-11 20:49 -------- d-----w- c:\program files\Opera
2010-04-16 20:49 . 2010-04-08 17:06 112 ----a-w- c:\programdata\vBEtX6H8D.dat
2010-04-05 20:35 . 2009-09-15 21:06 -------- d-----w- c:\program files\Common Files\Real
2010-03-20 01:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-13 19:42 . 2008-10-18 20:46 64 ----a-w- c:\windows\msocreg32.dat
2010-03-07 12:49 . 2010-03-09 21:17 3862528 ----a-w- c:\users\Zlatko\AppData\Roaming\Mozilla\Firefox\Profiles\ieiyf5wk.default\extensions\
[email protected]\plugins\npRACtrl.dll
2010-02-28 17:11 . 2009-05-06 16:12 -------- d-----w- c:\users\Goran\AppData\Roaming\DNA
2010-02-28 15:51 . 2010-02-28 15:50 58000 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-28 15:51 . 2009-05-06 16:12 -------- d-----w- c:\users\Goran\AppData\Roaming\VoozieMaker
2010-02-28 15:49 . 2008-10-12 00:03 8224 ----a-w- c:\users\Goran\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 09:39 . 2008-10-11 18:44 58000 ----a-w- c:\users\Zlatko\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 12:36 181632 ----a-w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-19 22:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-19 22:56 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-19 22:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 20:45 . 2010-02-18 20:45 325216 ----a-w- c:\programdata\Real\RealPlayer\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-02-18 20:45 . 2010-02-18 20:45 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-02-18 20:45 . 2010-02-18 20:45 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-02-18 20:45 . 2010-02-18 20:45 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-02-18 20:45 . 2010-02-18 20:45 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-02-18 20:45 . 2010-02-18 20:45 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-02-18 20:45 . 2010-02-18 20:45 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-02-18 20:45 . 2010-02-18 20:45 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-02-18 20:45 . 2010-02-18 20:45 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-01-25 12:00 . 2010-02-25 21:07 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-25 21:07 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-25 21:07 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-25 21:07 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-25 21:07 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 10:58 . 2010-03-09 21:17 462848 ----a-w- c:\users\Zlatko\AppData\Roaming\Mozilla\Firefox\Profiles\ieiyf5wk.default\extensions\
[email protected]\plugins\ractrlkeyhook.dll
2010-01-25 08:21 . 2010-02-25 21:07 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-25 21:07 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-25 21:07 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-25 21:07 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-25 21:07 2048 ----a-w- c:\windows\system32\tzres.dll
2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-11 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2009-08-14 653104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2007-06-29 212992]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2007-06-29 49152]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"Make A Voozie"="c:\programdata\Make A Voozie\VoozieMaker.exe" [2008-02-20 64000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-18 202256]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):8b,83,d1,24,ca,3a,ca,01
R0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\DRIVERS\royal.sys [2008-10-26 240128]
R2 atrace32;Async Trace DLL;c:\windows\system32\rundll32.exe atrace32.dll,oruw [x]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;i:\graphics\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R2 TimerStop;TimerStop;c:\windows\system32\TimerStop.sys [2006-12-17 3584]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-20 98328]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-03-20 171032]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-20 171032]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-03-20 528920]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-20 528920]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [2008-03-20 163352]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-20 163352]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [2008-03-20 259096]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-20 259096]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [2008-03-20 134168]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-20 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [2008-03-20 309784]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-20 309784]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-03-20 99352]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-20 99352]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-03-20 1324056]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-20 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-03-20 72728]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-20 72728]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-03-20 534040]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-20 534040]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\261.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 Tomcat6;Apache Tomcat;i:\software development\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2008-07-22 57344]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 ZIFZB;ZIFZB;c:\users\Zlatko\AppData\Local\Temp\ZIFZB.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-04-19 26624]
S1 aswSP;aswSP; [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-03-20 98328]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2006-08-08 476672]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys [2007-01-04 260096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{42A20B92-5325-4094-9328-A3B5EFC253C5}.job
- c:\windows\system32\msfeedssync.exe [2010-01-24 04:56]
2010-04-19 c:\windows\Tasks\User_Feed_Synchronization-{6D22FF44-A1A1-4572-97EE-223AF122B2A6}.job
- c:\windows\system32\msfeedssync.exe [2010-01-24 04:56]
2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{DBB97EE1-986F-4EA1-8839-A829C6A65498}.job
- c:\windows\system32\msfeedssync.exe [2010-01-24 04:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://nemo.optier.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {9D5461FC-3FBC-4180-8CB2-C4D806FB684B} - hxxps://ebank.stb.com.mk/ActiveX/ubisecuresignctl.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://nemo.optier.com/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Zlatko\AppData\Roaming\Mozilla\Firefox\Profiles\ieiyf5wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.logmein.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Zlatko\AppData\Roaming\Mozilla\Firefox\Profiles\ieiyf5wk.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Zlatko\AppData\Roaming\Mozilla\Firefox\Profiles\ieiyf5wk.default\extensions\
[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\users\Zlatko\AppData\Roaming\Mozilla\Firefox\Profiles\ieiyf5wk.default\extensions\
[email protected]\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{891538CA-582E-3AE7-BC98-E4754662B833} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-CmUsbSound - cmcnfgu.cpl
AddRemove-Linplug SaxLab v1.0.2 - i:\audio\VSTPLU~1\LINPLU~1\SAXLAB~1\UNWISE.EXE
AddRemove-MigrateEasy - c:\program files\Acronis\MigrateEasy\MediaBuilder.exe
AddRemove-Princeton Digital 2016 Stereo Room v1.1 - i:\audio\VSTPLU~1\PRINCE~1\2016ST~1\2016ST~1\UNWISE.EXE
AddRemove-Steinberg Virtual Bassist v1.0.0.504 - i:\audio\VSTPLU~1\VIRTUA~2\UNWISE.EXE
AddRemove-TwinsenUninstallKey - a:\x_old\maxtor\games\Uninst.isu
AddRemove-Virtual Guitarist - i:\audio\VSTPLU~1\VIRTUA~1\UNINST~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-21 18:00
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\261.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"i:\software development\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"i:\software development\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\Ґ[1*юяяя9\]wхтwћB[w©п~w|э*Pю*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-04-21 18:04:00
ComboFix-quarantined-files.txt 2010-04-21 16:03
Pre-Run: 10,980,601,856 bytes free
Post-Run: 26,083,594,240 bytes free
- - End Of File - - 5B4CA027564A7982D68F671205058E20