ComboFix 15-06-18.01 - Dharmesh 06/19/2015  20:04:31.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.767.429 [GMT 1:00]
Running from: c:\documents and settings\Dharmesh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dharmesh\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_fpuyruv
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-19 to 2015-06-19  )))))))))))))))))))))))))))))))
.
.
2015-06-19 18:41 . 2015-06-19 18:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\F-Secure
2015-06-19 14:48 . 2015-06-19 17:51	--------	d-----w-	C:\FRST
2015-06-13 13:40 . 2001-08-17 21:36	5632	----a-w-	c:\windows\system32\ptpusb.dll
2015-06-13 13:40 . 2004-08-03 23:56	159232	----a-w-	c:\windows\system32\ptpusd.dll
2015-06-13 13:40 . 2004-08-03 21:58	15104	-c--a-w-	c:\windows\system32\dllcache\usbscan.sys
2015-06-13 13:40 . 2004-08-03 21:58	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2015-06-04 16:12 . 2004-08-03 16:56	25600	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SkyTel"="SkyTel.EXE" [2007-04-20 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-20 16125440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"EPSON Stylus C66 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" [2003-11-26 99840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-19 14:08	986440	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-15 c:\windows\Tasks\ExpressZipSevenDays.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2014-06-15 05:49]
.
2015-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-19 14:07]
.
2015-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-19 14:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.co.uk\www
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-06-19 20:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2015-06-19  20:08:56 - machine was rebooted
ComboFix-quarantined-files.txt  2015-06-19 19:08
ComboFix2.txt  2015-06-19 18:11
.
Pre-Run: 71,545,454,592 bytes free
Post-Run: 71,555,403,776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D920CD4DE6A629F07B73E1A47D9C9FE4
8F558EB6672622401DA993E1E865C861