I came across this topic which had the same problem as mine: http://www.geekstogo...us-t258535.html
As advised in that topic, I downloaded and ran ComboFix. As the scan initiated, it said that it found Rootkit activity in my computer.
Anyways, the scan finished and produced a log report which I am pasting below. I don't understand what the log report is saying or whether it solved anything at all. Any guidance will be much appreciated. Thank you.
ComboFix 09-12-20.08 - Asif Chowdhury 12/22/2009 10:26:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.189 [GMT 0:00]
Running from: d:\documents and settings\Asif Chowdhury\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
D:\Autorun.inf
d:\documents and settings\Asif Chowdhury\Application Data\inst.exe
d:\program files\WinPCap
d:\program files\WinPCap\daemon_mgm.exe
d:\program files\WinPCap\INSTALL.LOG
d:\program files\WinPCap\npf_mgm.exe
d:\program files\WinPCap\rpcapd.exe
d:\program files\WinPCap\Uninstall.exe
d:\recycler\S-1-5-21-4106738976-42288212-2389834452-1006
d:\windows\msacm32.drv
d:\windows\prefetch\explorer.exe
d:\windows\rasqervy.dll
d:\windows\sdfinacs.dll
d:\windows\sdfixwcs.dll
d:\windows\system32\_000006_.tmp.dll
d:\windows\system32\drivers\npf.sys
d:\windows\system32\Packet.dll
d:\windows\system32\pthreadVC.dll
d:\windows\system32\wpcap.dll
d:\windows\wuasirvy.dll
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_msqpdxserv.sys
-------\Legacy_NPF
-------\Service_msqpdxserv.sys
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.
2009-12-21 11:46 . 2009-06-18 12:55 18816 ------w- d:\windows\system32\SAVRKBootTasks.sys
2009-12-21 10:31 . 2009-12-21 10:31 -------- d-----w- d:\program files\Sophos
2009-12-21 09:52 . 2009-12-21 09:52 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-21 09:51 . 2009-12-21 09:52 -------- d-----w- d:\program files\SUPERAntiSpyware
2009-12-21 09:51 . 2009-12-21 09:51 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\SUPERAntiSpyware.com
2009-12-21 09:50 . 2009-12-21 09:50 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-12-20 21:49 . 2009-12-21 12:09 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-20 21:49 . 2009-03-30 09:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-12-20 21:49 . 2009-02-13 11:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-12-20 21:49 . 2009-02-13 11:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-12-20 21:49 . 2009-12-20 21:49 -------- d-----w- d:\program files\Avira
2009-12-20 21:49 . 2009-12-20 21:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2009-12-20 20:32 . 2009-12-20 20:32 -------- d-----w- d:\program files\ERUNT
2009-12-19 10:39 . 2009-12-19 10:39 -------- d-----w- d:\program files\iPod
2009-12-19 10:32 . 2009-12-19 10:33 -------- d-----w- d:\program files\QuickTime
2009-12-18 16:03 . 2009-12-18 16:03 -------- d-----w- d:\documents and settings\HelpAssistant\WINDOWS
2009-12-18 16:03 . 2009-12-18 16:03 -------- d-----w- d:\documents and settings\HelpAssistant\UserData
2009-12-18 16:03 . 2009-12-18 16:03 -------- d-----w- d:\documents and settings\HelpAssistant\Tracing
2009-12-18 15:55 . 2009-12-18 15:55 -------- d-----w- d:\documents and settings\HelpAssistant\Contacts
2009-11-23 18:58 . 2009-11-23 18:58 -------- d-----w- d:\program files\DoremiSoft
2009-11-23 18:55 . 2009-11-23 18:55 -------- d-----w- d:\documents and settings\All Users\Application Data\TEMP
2009-11-23 18:55 . 2009-11-23 18:57 -------- d-----w- d:\program files\AimOne_AlltoMP3
2009-11-22 17:46 . 2009-08-06 19:23 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-11-22 17:46 . 2009-08-06 19:23 215920 ----a-w- d:\windows\system32\muweb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-01-01 00:00 . 2008-01-08 00:50 9096 ----a-w- d:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2098-01-01 00:00 . 2007-08-25 03:51 9584 ----a-w- d:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll
2098-01-01 00:00 . 2007-08-25 03:51 9584 ----a-w- d:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2098-01-01 00:00 . 2007-08-22 21:45 9048 ----a-w- d:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-12-22 10:17 . 2009-12-18 18:11 24576 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Macromedia\Common\89b3601419.exe
2009-12-22 09:53 . 2007-09-14 16:40 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-12-22 00:18 . 2008-02-23 09:19 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\uTorrent
2009-12-21 23:59 . 2009-07-28 13:56 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\vlc
2009-12-21 21:57 . 2009-12-18 22:03 24576 ----a-w- d:\documents and settings\NetworkService\Application Data\Macromedia\Common\89b3601419.exe
2009-12-21 11:38 . 2009-12-20 22:14 24576 ----a-w- d:\documents and settings\LocalService\Application Data\Macromedia\Common\89b3601419.exe
2009-12-21 09:56 . 2009-12-21 09:56 117760 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-20 18:01 . 2007-09-14 14:39 1033216 ----a-w- d:\windows\explorer.exe
2009-12-20 15:24 . 2009-02-06 14:19 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-12-20 15:24 . 2009-12-20 15:22 4844295 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-19 23:48 . 2009-12-18 18:11 113664 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Macromedia\Common\89b360141.dll
2009-12-19 10:40 . 2007-09-14 15:39 -------- d-----w- d:\program files\iTunes
2009-12-19 10:39 . 2008-03-21 12:13 -------- d-----w- d:\program files\Common Files\Apple
2009-12-19 10:22 . 2009-12-19 10:22 79144 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-18 16:14 . 2009-11-14 22:12 24576 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Macromedia\Common\89c2a01419.exe
2009-12-16 22:21 . 2009-11-14 22:12 113664 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Macromedia\Common\89c2a0141.dll
2009-12-05 00:30 . 2008-01-24 15:33 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\dvdcss
2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-03 16:14 . 2009-02-06 14:19 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-02-06 14:19 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-12-01 13:59 . 2007-09-27 21:56 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\Skype
2009-11-23 19:14 . 2009-10-09 09:44 57632 ---ha-w- d:\windows\system32\mlfcache.dat
2009-11-22 01:57 . 2007-09-14 14:37 55496 ----a-w- d:\documents and settings\Asif Chowdhury\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-22 01:56 . 2007-09-25 16:31 -------- d-----w- d:\program files\MSN Messenger
2009-11-22 01:55 . 2009-11-22 01:55 -------- d-----w- d:\program files\Microsoft
2009-11-22 01:55 . 2009-11-22 01:53 -------- d-----w- d:\program files\Windows Live
2009-11-22 01:54 . 2009-11-22 01:54 -------- d-----w- d:\program files\Windows Live SkyDrive
2009-11-22 01:39 . 2009-11-22 01:39 -------- d-----w- d:\program files\Common Files\Windows Live
2009-11-17 16:08 . 2008-11-14 17:09 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\skypePM
2009-11-15 10:40 . 2009-11-15 10:40 -------- d-----w- d:\program files\Common Files\Skype
2009-11-15 10:40 . 2007-09-27 21:55 -------- d-----r- d:\program files\Skype
2009-11-15 10:40 . 2007-09-27 21:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-11-14 10:47 . 2009-11-14 10:45 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\Vso
2009-11-14 10:45 . 2009-11-14 10:45 47360 ----a-w- d:\windows\system32\drivers\pcouffin.sys
2009-11-14 10:45 . 2009-11-14 10:45 47360 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\pcouffin.sys
2009-11-14 10:45 . 2009-11-14 10:45 47360 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\pcouffin.sys
2009-11-14 10:45 . 2009-11-14 10:44 -------- d-----w- d:\program files\DVDFab 6
2009-11-07 14:32 . 2007-09-14 15:31 -------- d-----w- d:\program files\MediaCoder
2009-11-02 11:23 . 2009-11-02 11:20 -------- d-----w- d:\program files\Stata10
2009-10-29 05:48 . 2007-09-14 14:40 662016 ----a-w- d:\windows\system32\wininet.dll
2009-10-25 13:46 . 2007-09-22 12:50 -------- d-----w- d:\documents and settings\Asif Chowdhury\Application Data\AdobeUM
2009-10-21 06:00 . 2007-09-14 14:40 75776 ----a-w- d:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2007-09-14 14:39 25088 ----a-w- d:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- d:\windows\system32\drivers\http.sys
2009-10-13 21:26 . 2009-10-13 21:22 17208816 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-10-13 21:22 . 2009-10-13 21:21 8406648 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-10-13 21:19 . 2009-10-13 21:19 10309448 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-10-13 21:17 . 2009-10-13 21:17 52288 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-10-13 21:17 . 2009-10-13 21:17 64000 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-10-13 21:17 . 2009-10-13 21:17 50688 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-10-13 21:17 . 2009-10-13 21:17 114688 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-10-13 21:15 . 2008-08-11 07:21 488968 ----a-w- d:\documents and settings\Asif Chowdhury\Application Data\Real\Update\setup\setup.exe
2009-10-13 10:53 . 2007-09-14 14:40 266752 ----a-w- d:\windows\system32\oakley.dll
2009-10-12 13:54 . 2007-09-14 14:40 69632 ----a-w- d:\windows\system32\raschap.dll
2009-10-12 13:54 . 2007-09-14 14:40 112128 ----a-w- d:\windows\system32\rastls.dll
2009-09-25 05:56 . 2007-09-14 14:39 81920 ----a-w- d:\windows\system32\ieencode.dll
2007-08-25 03:52 . 2008-04-17 20:31 300400 ----a-w- d:\program files\mozilla firefox\components\coFFPlgn.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avro Keyboard"="d:\program files\Avro Keyboard\Avro Keyboard.exe" [2007-07-02 1658880]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="d:\documents and settings\Asif Chowdhury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-15 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"osCheck"="d:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"Apoint"="d:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"HWSetup"="d:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"CeEKEY"="d:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 51048]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
d:\documents and settings\Asif Chowdhury\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - d:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\documents and settings\Asif Chowdhury\Application Data\iolo\
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bijoy Classic Pro.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Bijoy Classic Pro.lnk
backup=d:\windows\pss\Bijoy Classic Pro.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
backup=d:\windows\pss\Bluetooth Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SANTIS USB and PC Card Utility.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\SANTIS USB and PC Card Utility.lnk
backup=d:\windows\pss\SANTIS USB and PC Card Utility.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Asif Chowdhury^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=d:\documents and settings\Asif Chowdhury\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=d:\windows\pss\DesktopVideoPlayer.LNKStartup
[HKLM\~\startupfolder\D:^Documents and Settings^Asif Chowdhury^Start Menu^Programs^Startup^FIFA 09 Registration.lnk]
path=d:\documents and settings\Asif Chowdhury\Start Menu\Programs\Startup\FIFA 09 Registration.lnk
backup=d:\windows\pss\FIFA 09 Registration.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^Asif Chowdhury^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=d:\documents and settings\Asif Chowdhury\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=d:\windows\pss\VirtuaGirl HD.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2007-04-23 11:23 1032640 ----a-w- d:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-04-12 13:23 88358 ----a-w- d:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-15 16:15 133104 ----atw- d:\documents and settings\Asif Chowdhury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2007-04-23 11:23 1032640 ----a-w- d:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-04-12 13:24 184320 ------w- d:\program files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2007-09-25 16:32 190024 ----a-w- d:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-11-17 08:56 1077327 ----a-w- d:\program files\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-09-14 15:44 180269 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-04-05 16:25 73728 ----a-w- d:\program files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 17:43 4670704 ----a-w- d:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"KService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Kontiki\\KService.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Documents and Settings\\Asif Chowdhury\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Asif Chowdhury\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6293:TCP"= 6293:TCP:Services
"4356:TCP"= 4356:TCP:Services
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;d:\windows\system32\SAVRKBootTasks.sys [12/21/2009 11:46 AM 18816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [12/20/2009 9:49 PM 108289]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/9/2008 8:42 PM 99376]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;d:\windows\system32\drivers\ManyCam.sys [3/22/2007 12:17 PM 21632]
S3 ASPI;Advanced SCSI Programming Interface Driver;d:\windows\system32\drivers\ASPI32.SYS [4/1/2008 6:47 PM 16512]
S3 ATMEL FVNETusbASKEY (AR)®;ATMEL FVNETusbASKEY (AR)® Service for SANTIS WLAN USB Adapter;d:\windows\system32\drivers\vnetusbk.sys [2/20/2003 4:15 PM 93184]
S3 ATMEL WinXP PCMCIAFVNETR (2ARC)®;ATMEL WinXP PCMCIAFVNETR (2ARC)® Service for SANTIS WLAN PC Card;d:\windows\system32\drivers\fvnetr51.sys [1/14/2003 10:44 AM 91648]
S3 COH_Mon;COH_Mon;d:\windows\system32\drivers\COH_Mon.sys [5/29/2007 8:55 PM 23888]
S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\29.tmp --> d:\windows\system32\29.tmp [?]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S4 LiveUpdate Notice;LiveUpdate Notice;d:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 5:07 AM 149864]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [12/19/2007 10:44 PM 715248]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &WordWeb... - d:\windows\system32\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Asif Chowdhury\Application Data\Mozilla\Firefox\Profiles\417j4vdy.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 4
FF - component: d:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: d:\documents and settings\Asif Chowdhury\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\Asif Chowdhury\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-userini - d:\windows\system32\userini.exe
HKCU-Run-rundll32.exe - (no file)
HKLM-Run-userini - d:\windows\system32\userini.exe
HKLM-Explorer_Run-userini - d:\windows\system32\userini.exe
HKCU-Explorer_Run-userini - d:\windows\system32\userini.exe
ShellExecuteHooks-{BD344AF4-67AB-4E19-A630-7435587D320B} - d:\windows\system32\ahndoor0.dll
ShellExecuteHooks-{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} - d:\windows\SYSTEM32\SOFTQQ0.DLL
MSConfigStartUp-msnmsgr - d:\program files\MSN Messenger\msnmsgr.exe
AddRemove-AVI Codec Pack - d:\program files\AVI Codec Pack\uninstall.exe
AddRemove-WinPcapInst - d:\program files\WinPcap\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 10:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\d:\windows\system32\29.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1148)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1304)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\program files\Apoint2K\Apntex.exe
d:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-12-22 10:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 10:51
Pre-Run: 24,984,473,600 bytes free
Post-Run: 24,878,018,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect
- - End Of File - - E76AE0EC10C7AA285507D16A4568A72D
Edited by Anti-Everything, 22 December 2009 - 06:11 AM.
Sign In
Create Account
