John, this is what popped up.
ComboFix 13-07-24.03 - g 07/24/2013 19:19:35.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2488 [GMT -7:00]
Running from: c:\documents and settings\g\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\g\Application Data\PriceGong
c:\documents and settings\g\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\g\WINDOWS
c:\windows\_detmp.2
c:\windows\_detmp.4
c:\windows\DXM18.tmp
c:\windows\DXM8.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 )))))))))))))))))))))))))))))))
.
.
2013-07-14 03:02 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBC3F6F4-C03B-43A1-ACF7-FDD05E187B77}\mpengine.dll
2013-07-13 01:28 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 22:14 . 2012-08-19 07:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 22:14 . 2012-01-16 01:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2009-12-18 03:42 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM for Windows]
2012-12-05 22:41 2930288 ----a-w- c:\documents and settings\g\Local Settings\Application Data\AOL\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 07:55 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-24 02:09 136176 ----atw- c:\documents and settings\g\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 18:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 11:51 442455 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-27 00:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-02-28 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2010-06-07 10:57 618496 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 21:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 22:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2008-08-06 23:31 233576 ------w- c:\program files\Creative\Volume Panel\VolPanlu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/8/2010 7:11 PM 20072]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/24/2011 12:59 PM 793048]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\g\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\g\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/15/2009 7:09 PM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 psa805;Aurilium Sound Agent 2 (WDM);c:\windows\system32\drivers\psa805.sys --> c:\windows\system32\drivers\psa805.sys [?]
S3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\DRIVERS\QsndEnum.sys --> c:\windows\system32\DRIVERS\QsndEnum.sys [?]
S3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [6/11/2009 6:04 PM 21392]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 22:14]
.
2013-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1004Core.job
- c:\documents and settings\g\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-24 02:09]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2111687655-725345543-1004UA.job
- c:\documents and settings\g\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-24 02:09]
.
2013-07-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2013-07-25 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119351&babsrc=HP_ss&mntrId=282E00123F7CF853
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*
http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 68.94.157.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\g\Application Data\Mozilla\Firefox\Profiles\pfehxcbq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=08-06-2010&tb_mrud=08-06-2010
FF - ExtSQL: !HIDDEN! 2009-11-07 20:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 282e616f00000000000000123f7cf853
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15866
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:28
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Trillian - c:\program files\Trillian\Trillian.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-07-24 19:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-2111687655-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ee,cc,37,b2,f8,65,b3,db,a9,1f,83,a0,66,3d,56,f3,3c,de,85,3a,42,
01,cf,46,d0,88,ee,35,bd,1e,db,54,ec,0a,8f,4a,61,21,ae,1d,aa,02,c9,9a,09,22,\
"rkeysecu"=hex:3c,a4,20,7f,1e,80,4b,0a,97,fe,51,b5,a2,01,1c,11
.
Completion time: 2013-07-24 19:26:54
ComboFix-quarantined-files.txt 2013-07-25 02:26
.
Pre-Run: 30,922,616,832 bytes free
Post-Run: 31,450,591,232 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - ACD534A390069496E931F5DF88578A94
8F558EB6672622401DA993E1E865C861