Here is log from ComboFix:
omboFix 13-11-22.01 - Administrator 27.11.2013 11:35:39.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.503.297 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: \uninistall
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-10-27 to 2013-11-27 )))))))))))))))))))))))))))))))
.
.
2013-11-26 12:40 . 2013-11-26 13:10 -------- d-----w- C:\AdwCleaner
2013-11-25 10:01 . 2013-11-25 10:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-11-25 10:00 . 2013-11-25 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-11-25 10:00 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-25 10:00 . 2013-11-25 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-22 14:26 . 2013-11-22 14:26 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2013-11-22 00:38 . 2013-11-22 14:26 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-11-22 00:38 . 2013-11-22 00:38 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2013-11-22 00:24 . 2013-11-22 00:24 -------- d-----w- c:\windows\system32\drivers\SEP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 14:26 . 2009-02-26 13:08 241584 ----a-w- c:\windows\system32\SymVPN.dll
2013-11-22 14:26 . 2009-06-05 11:49 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-11-22 00:38 . 2009-02-26 13:08 380848 ----a-w- c:\windows\system32\sysfer.dll
2013-10-13 07:25 . 2004-08-03 22:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-03 22:56 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-03 22:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-03 20:59 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-03 22:56 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-03 22:56 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-03 22:56 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-05-29 06:35 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-30 06:57 . 2011-06-10 13:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 11:38 . 2013-09-20 11:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-20 11:27 . 2013-09-20 11:43 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-20 11:25 . 2012-07-24 06:44 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-20 11:25 . 2010-07-09 11:02 790440 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoMovingBands"= 1 (0x1)
"NoCommonGroups"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22.11.2013 1:29 108120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25.11.2013 11:00 22856]
R4 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20131126.001\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20131126.001\IDSxpx86.sys [?]
R4 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMDS.SYS --> c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMDS.SYS [?]
R4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMEFA.SYS --> c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMEFA.SYS [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [25.11.2013 11:00 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25.11.2013 11:00 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 7:52 162672]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S4 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20131101.011\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20131101.011\BHDrvx86.sys [?]
S4 SyDvCtrl;SyDvCtrl;\??\c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SyDvCtrl32.sys --> c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SyDvCtrl32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSCHEDULER
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{C5D310EF-90DE-4763-BDE8-91E3B518E0FF}: NameServer = 194.247.192.33,194.247.192.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-27 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2938991480-4257124890-3260343356-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,d7,c4,a4,28,63,06,48,b0,9b,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,d7,c4,a4,28,63,06,48,b0,9b,20,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-11-27 11:50:41
ComboFix-quarantined-files.txt 2013-11-27 10:50
ComboFix2.txt 2013-11-27 10:10
.
Pre-Run: 20.931.964.928 bytes free
Post-Run: 20.913.250.304 bytes free
.
- - End Of File - - 3577BF72E11B61DD23933C8E7ECA4EC3
E5FA06ACA0D60BA9C870D0EF3D9898C9