And here's the ComboFix log:
ComboFix 12-10-29.01 - Administrator 29/10/2012 9:28.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3017.2338 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\winnt\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-27 18:52 . 2012-10-27 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-27 18:52 . 2012-10-27 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-27 18:51 . 2012-10-27 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-27 18:51 . 2012-09-29 18:54 22856 ----a-w- c:\winnt\system32\drivers\mbam.sys
2012-10-27 18:50 . 2012-10-27 18:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-10-27 18:50 . 2012-10-27 18:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2012-10-27 18:50 . 2012-10-27 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2012-10-27 18:49 . 2012-10-27 18:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2012-10-27 18:49 . 2012-10-27 18:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-10-27 18:48 . 2012-10-27 18:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2012-10-26 18:26 . 2012-10-26 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-25 16:36 . 2012-10-25 16:36 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Norman Malware Cleaner
2012-10-24 11:23 . 2012-10-24 11:23 149272 ----a-w- c:\winnt\system32\drivers\dwprot.sys
2012-10-23 18:20 . 2012-10-23 18:20 -------- d-----w- c:\documents and settings\hmc05\DoctorWeb
2012-10-22 12:19 . 2012-10-22 12:19 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Temp
2012-10-22 12:19 . 2012-10-22 12:19 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Adobe
2012-10-19 18:01 . 2012-10-19 18:01 -------- d-----w- C:\Mozilla
2012-10-19 18:01 . 2012-10-19 18:01 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Mozilla
2012-10-19 17:08 . 2012-10-19 17:09 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Google
2012-10-19 17:06 . 2012-10-19 17:06 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Identities
2012-10-19 17:05 . 2012-10-19 17:05 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Symantec
2012-10-19 17:02 . 2012-10-19 17:02 -------- d-----w- C:\_OTL
2012-10-15 16:42 . 2012-10-15 16:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-10-10 08:16 . 2012-10-10 08:16 -------- d-----w- c:\winnt\ms
2012-10-09 19:51 . 2012-10-09 19:51 -------- d-----w- c:\program files\Tweaking.com
2012-10-09 19:41 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-09 19:39 . 2012-10-09 19:39 -------- d-----w- C:\RegBackup
2012-10-09 19:34 . 2008-04-14 04:42 116224 ----a-w- c:\winnt\system32\dllcache\xrxwiadr.dll
2012-10-09 19:34 . 2001-08-17 21:36 23040 ----a-w- c:\winnt\system32\dllcache\xrxwbtmp.dll
2012-10-09 19:34 . 2008-04-14 04:42 18944 ----a-w- c:\winnt\system32\dllcache\xrxscnui.dll
2012-10-09 19:34 . 2001-08-17 21:37 27648 ----a-w- c:\winnt\system32\dllcache\xrxftplt.exe
2012-10-09 19:34 . 2001-08-17 21:37 4608 ----a-w- c:\winnt\system32\dllcache\xrxflnch.exe
2012-10-09 19:32 . 2008-04-13 21:04 11807 ----a-w- c:\winnt\system32\dllcache\wadv07nt.sys
2012-10-09 19:31 . 2001-08-17 21:36 28160 ----a-w- c:\winnt\system32\dllcache\umaxu40.dll
2012-10-09 19:30 . 2001-08-17 11:10 28232 ----a-w- c:\winnt\system32\dllcache\tos4mo.sys
2012-10-09 19:29 . 2001-08-17 21:36 53248 ----a-w- c:\winnt\system32\dllcache\stlncoin.dll
2012-10-09 19:28 . 2001-08-17 21:36 33792 ----a-w- c:\winnt\system32\dllcache\smb0w.dll
2012-10-09 19:27 . 2008-04-13 23:15 11520 ----a-w- c:\winnt\system32\dllcache\scsiscan.sys
2012-10-09 19:26 . 2001-08-17 11:19 3840 ----a-w- c:\winnt\system32\dllcache\rpfun.sys
2012-10-09 19:25 . 2001-08-17 12:53 7168 ----a-w- c:\winnt\system32\dllcache\pnrmc.sys
2012-10-09 19:24 . 2001-08-17 13:05 25088 ----a-w- c:\winnt\system32\dllcache\ovca.sys
2012-10-09 19:23 . 2001-08-17 11:50 13664 ----a-w- c:\winnt\system32\dllcache\n9i128.sys
2012-10-09 19:22 . 2001-08-17 12:52 6528 ----a-w- c:\winnt\system32\dllcache\miniqic.sys
2012-10-09 19:21 . 2008-04-13 23:09 14592 ----a-w- c:\winnt\system32\dllcache\kbdhid.sys
2012-10-09 19:20 . 2001-08-17 11:49 58592 ----a-w- c:\winnt\system32\dllcache\i740nt5.sys
2012-10-09 19:19 . 2008-04-13 23:06 20352 ----a-w- c:\winnt\system32\dllcache\hidbatt.sys
2012-10-09 19:18 . 2001-08-17 12:28 595647 ----a-w- c:\winnt\system32\dllcache\es56cvmp.sys
2012-10-09 19:17 . 2001-08-17 11:11 29696 ----a-w- c:\winnt\system32\dllcache\dm9pci5.sys
2012-10-09 19:16 . 2001-08-17 11:11 39936 ----a-w- c:\winnt\system32\dllcache\cnxt1803.sys
2012-10-09 19:15 . 2008-04-14 04:41 377984 ----a-w- c:\winnt\system32\dllcache\ati2dvaa.dll
2012-10-09 19:00 . 2012-10-09 20:14 181064 ----a-w- c:\winnt\PSEXESVC.EXE
2012-10-09 18:59 . 2012-10-09 20:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-08 20:54 . 2012-10-08 20:54 -------- d-----w- c:\winnt\Application Data
2012-10-07 17:42 . 2012-10-07 17:42 -------- d-----w- c:\winnt\PIF
2012-10-07 16:23 . 2012-10-07 16:23 -------- d-----w- c:\winnt\Profiles
2012-10-05 17:13 . 2012-10-05 17:13 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 11:18 . 2012-04-27 14:50 696520 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-09-24 11:18 . 2011-06-09 07:30 73416 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 1980-01-01 00:00 916992 ----a-w- c:\winnt\system32\wininet.dll
2012-08-28 15:14 . 1980-01-01 00:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2012-08-28 15:14 . 1980-01-01 00:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2012-08-28 12:07 . 1980-01-01 00:00 385024 ----a-w- c:\winnt\system32\html.iec
2012-08-24 13:53 . 1980-01-01 00:00 177664 ----a-w- c:\winnt\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 00:54 2148864 ----a-w- c:\winnt\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\winnt\system32\ntkrnlpa.exe
2005-10-12 15:04 . 2005-10-12 15:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2012-04-21 01:18 . 2012-05-16 17:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-16 150040]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-16 178712]
"Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-16 150040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-08 1044480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-17 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-18 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\hmc05\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [N/A]
ICTprintservice.lnk -
\\ICADS3\netlogon\clusters\common\ICTprintservice.cmd [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto-sleep.lnk - c:\winnt\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico [2011-11-9 15086]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logoff\0\0]
"Script"=userlog_logoff_3.04.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logon\0\0]
"Script"=%logonserver%\netlogon\user4-GPO.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DwProt;DrWeb Protection;c:\winnt\system32\drivers\dwprot.sys [24/10/2012 11:23 149272]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\winnt\system32\drivers\sfaudio.sys [01/01/1980 24064]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [17/12/2009 23:14 691696]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [01/01/1980 144480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/09/2012 08:28 106656]
R3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [01/01/1980 36352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/04/2012 14:50 250568]
S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [03/07/2009 10:52 23888]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-29 c:\winnt\Tasks\Adobe Flash Player Updater.job
- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:18]
.
2012-10-29 c:\winnt\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-03-22 03:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
www.imperial.ac.uk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 155.198.142.7 155.198.142.8
DPF: {64A6114F-2976-4634-BE36-134BF84D369C} - hxxps://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab
DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} -
ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe
DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\knuehkda.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-10-29 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-507921405-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,73,79,a0,0d,21,93,42,a8,9d,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,73,79,a0,0d,21,93,42,a8,9d,fe,\
.
Completion time: 2012-10-29 09:39:45
ComboFix-quarantined-files.txt 2012-10-29 09:39
ComboFix2.txt 2012-10-19 01:05
ComboFix3.txt 2012-10-04 05:10
ComboFix4.txt 2012-10-03 03:36
ComboFix5.txt 2012-10-29 09:26
.
Pre-Run: 197,775,917,056 bytes free
Post-Run: 199,163,875,328 bytes free
.
- - End Of File - - 20A2BF5765F694CF06E3086D0ABFCDE8