Here is the Combofix log.
ComboFix 12-10-23.01 - Admin 24/10/2012 13:41:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.767.455 [GMT 13:00]
Running from: c:\documents and settings\Admin.HOME-BF5F8D8B79\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-22 01:30 . 2012-10-22 01:30 -------- d-----w- c:\documents and settings\Admin.HOME-BF5F8D8B79\Application Data\Malwarebytes
2012-10-22 01:30 . 2012-10-22 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-10-22 01:30 . 2012-10-22 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-22 01:30 . 2012-09-29 06:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-22 01:06 . 2012-10-22 01:06 -------- d-----w- c:\program files\CCleaner
2012-10-20 05:41 . 2012-10-20 05:41 -------- d-----w- c:\documents and settings\Admin.HOME-BF5F8D8B79\Application Data\Avira
2012-10-20 04:27 . 2008-04-13 16:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-10-20 04:27 . 2008-04-13 16:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-10-20 04:27 . 2001-08-17 00:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-20 04:27 . 2001-08-17 00:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-10-20 04:27 . 2008-04-13 11:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-10-20 04:27 . 2008-04-13 11:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-10-20 04:26 . 2008-04-13 11:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-10-20 04:26 . 2008-04-13 11:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-10-20 04:26 . 2008-04-13 11:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-10-20 04:26 . 2008-04-13 11:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-10-05 03:54 . 2012-10-05 03:54 -------- d-----w- c:\documents and settings\Admin.HOME-BF5F8D8B79\Local Settings\Application Data\Mozilla
2012-10-05 03:19 . 2012-10-20 06:16 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-05 03:19 . 2012-10-20 06:16 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-05 03:19 . 2010-06-17 02:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2012-10-05 03:19 . 2010-06-17 02:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2012-10-05 03:19 . 2012-10-05 03:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 06:53 . 2012-10-20 06:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-26 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-26 761946]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/4/2012 1:45 PM 136360]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/22/2012 2:30 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/22/2012 2:30 PM 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/22/2012 2:30 PM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/4/2012 1:37 PM 115168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 58.28.5.2 58.28.6.2
FF - ProfilePath - c:\documents and settings\Admin.HOME-BF5F8D8B79\Application Data\Mozilla\Firefox\Profiles\ckmnnc06.default\
FF - ExtSQL: 2012-10-21 20:23; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Admin.HOME-BF5F8D8B79\Application Data\Mozilla\Firefox\Profiles\ckmnnc06.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-10-21 20:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Admin.HOME-BF5F8D8B79\Application Data\Mozilla\Firefox\Profiles\ckmnnc06.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-10-24 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-10-24 13:49:21
ComboFix-quarantined-files.txt 2012-10-24 00:49
.
Pre-Run: 19,177,746,432 bytes free
Post-Run: 19,236,704,256 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2DFF07A0227767E2BA8D4AF447413AF2