I managed after all to run combofix.
These are the results :
ComboFix 13-01-14.01 - Administrator 01/14/2013 17:35:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1361 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFixx.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Microsoft\~DFK1184cfa2.tmp
c:\documents and settings\Administrator\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Administrator\Application Data\Microsoft\bass.dll
c:\documents and settings\Administrator\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\Administrator\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Administrator\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Administrator\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Administrator\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Administrator\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{F639E2A2-FE6B-4527-B8BE-C1C423B81844}\PostBuild.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-10 23:01 . 2012-11-22 21:02 175864 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2013-01-10 23:01 . 2012-11-22 21:02 261880 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2013-01-10 23:01 . 2013-01-10 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apowersoft
2013-01-10 23:01 . 2012-11-22 21:02 421624 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2013-01-10 23:00 . 2013-01-10 23:00 -------- d-----w- c:\program files\Apowersoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 22:20 . 2012-07-18 07:02 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\TorrentStream\\engine\\tsengine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\Streaming-Video-Recorder.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\StreamingVideoRecorder.exe"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\ApowersoftSrv.dll"=
"c:\\Program Files\\Apowersoft\\Streaming Video Recorder\\ApowersoftDump.dll"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15440:TCP"= 15440:TCP:BitComet 15440 TCP
"15440:UDP"= 15440:UDP:BitComet 15440 UDP
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/9/2012 3:35 PM 242240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [11/10/2011 12:49 AM 1677072]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/23/2012 11:31 AM 31920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/13/2009 7:45 PM 113536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/13/2009 6:35 PM 209464]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [11/15/2011 12:52 PM 73216]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [3/14/2011 4:27 PM 271712]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\Telenor Internet\UpdateDog\ouc.exe [11/15/2011 12:52 PM 239968]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [11/15/2011 12:52 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [11/15/2011 12:52 PM 235392]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [6/24/2012 3:20 PM 135584]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-03-23 10:33]
.
2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23 10:31]
.
2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-790525478-261478967-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-03-23 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE8A4DD6-BACA-4945-B441-540906D6D850}: NameServer = 93.188.163.182,93.188.166.182
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&source=hp&biw=1366&bih=578&btnG=Google+Search
FF - ExtSQL: 2012-12-13 01:15; jid1-m7xzZLMj29zzjA@jetpack; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
FF - ExtSQL: 2013-01-14 16:13;
[email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qc889uv.default\extensions\
[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-01-14 17:47
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40J -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A13DECC]<<
c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x879e0879; SUB DWORD [EBP-0x4], 0x879e0135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A325AB8]
3 CLASSPNP[0xBA0E905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\0000007b[0x8A2FD3B8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x8A2F2940]
[0x8A268360] -> IRP_MJ_CREATE -> 0x8A13DECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHitachi_HTS543232L9A300_________________FB4OC40J#393039303730424634433630454c47465638434a#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A13DAF1
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
Completion time: 2013-01-14 17:52:59
ComboFix-quarantined-files.txt 2013-01-14 16:52
.
Pre-Run: 15,977,263,104 bytes free
Post-Run: 19,212,804,096 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8E50D83A1E9A23E62A4F53BAD74DBE34