got the scan done in safe mode
ComboFix 11-05-29.01 - mayank 05/29/2011 21:14:46.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1469 [GMT -5:00]
Running from: c:\users\mayank\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\jusched.exe
c:\windows\system32\Microsoft
c:\windows\system32\Microsoft\Protect\S-1-5-18\0d0096d5-9ede-4a19-bace-3aa0ba7157c9
c:\windows\system32\Microsoft\Protect\S-1-5-18\0f181f86-6d62-4794-9b05-16d158f7a9e2
c:\windows\system32\Microsoft\Protect\S-1-5-18\1e00adf8-8add-4902-a56b-9f2638596875
c:\windows\system32\Microsoft\Protect\S-1-5-18\4630b327-2b69-4f21-9428-bddff60677f2
c:\windows\system32\Microsoft\Protect\S-1-5-18\482595a7-03b1-49a4-aa4f-6095b67165c1
c:\windows\system32\Microsoft\Protect\S-1-5-18\4a7a6092-2dea-477a-806c-fc6ba5afbadc
c:\windows\system32\Microsoft\Protect\S-1-5-18\6629b5e2-a20f-4ba9-917a-2078f07de3aa
c:\windows\system32\Microsoft\Protect\S-1-5-18\7396c3f2-6268-4472-b4d5-210e1950aae4
c:\windows\system32\Microsoft\Protect\S-1-5-18\7e7bcd4b-9930-4dab-b195-b4259b18fcfb
c:\windows\system32\Microsoft\Protect\S-1-5-18\812b47ff-71b3-4da4-81be-e39cfd9becb2
c:\windows\system32\Microsoft\Protect\S-1-5-18\81f3ccaf-2c87-4e66-99dd-ca7e44c6bc06
c:\windows\system32\Microsoft\Protect\S-1-5-18\85c62699-56d3-43e9-abc5-72cef74e50a2
c:\windows\system32\Microsoft\Protect\S-1-5-18\866389ac-860f-4335-ae26-96f7b39b9405
c:\windows\system32\Microsoft\Protect\S-1-5-18\97f71106-ba49-40f2-b7a3-2ec246a7265c
c:\windows\system32\Microsoft\Protect\S-1-5-18\99a168d0-6213-4a61-8038-fb2e622d167d
c:\windows\system32\Microsoft\Protect\S-1-5-18\cf762110-105d-4ea7-b522-63b3a03cf955
c:\windows\system32\Microsoft\Protect\S-1-5-18\eb74a6c2-b4f7-43a0-9046-57da0f7c9b00
c:\windows\system32\Microsoft\Protect\S-1-5-18\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\1881eeba-dca8-4e6e-870e-3908813cb91b
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\3a73ce8c-0817-43b2-a3de-385da2bd86d5
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\42e511c7-5898-46b1-9a6d-d799be1e2ce5
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\6be6a5ea-f8ed-4920-b380-2380a6e5fe52
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\85e2fc3e-d29e-49ff-ab57-768d9f341d6f
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\bc84518f-24d5-4ab2-b04c-30737b74d02d
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\cc7dceb2-efac-4cdc-93ce-39165f2228ec
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\ce480948-583e-4ba6-88af-f374dd3fde1a
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\cfa006c9-d779-4471-86af-91cf9f129da4
c:\windows\system32\Microsoft\Protect\S-1-5-18\User\Preferred
c:\windows\system32\Microsoft\Protect\S-1-5-20\f13252fa-9940-4fe7-8994-53a83fd6e291
c:\windows\system32\Microsoft\Protect\S-1-5-20\Preferred
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-29 23:23 . 2011-05-29 23:24 -------- d-----w- c:\users\UpdatusUser
2011-05-29 23:19 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-29 23:19 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-29 23:19 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-29 23:19 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-29 23:19 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-29 23:19 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-29 23:19 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-29 22:58 . 2011-05-29 23:24 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-29 22:57 . 2011-05-29 22:57 -------- d-----w- C:\NVIDIA
2011-05-29 22:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 22:09 . 2011-05-29 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 22:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 22:04 . 2011-05-29 22:04 -------- d-----w- c:\program files\SystemRequirementsLab
2011-05-29 22:01 . 2011-05-29 22:01 -------- d-----w- c:\program files\Freemake
2011-05-13 16:15 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-12 21:55 . 2011-05-12 21:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 13:17 . 2011-02-04 16:24 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-08 05:14 . 2011-05-29 23:19 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2009-10-31 00:01 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2009-10-31 00:01 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2007-07-07 04:15 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2007-07-07 04:15 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 03:45 . 2011-04-08 03:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 03:45 . 2011-04-08 03:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 03:45 . 2011-04-08 03:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 03:44 . 2011-04-08 03:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 03:44 . 2011-04-08 03:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 15:46 . 2011-04-06 15:46 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 15:46 . 2011-04-06 15:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 15:46 . 2011-04-06 15:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 15:46 . 2011-04-06 15:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 15:46 . 2011-04-06 15:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 15:46 . 2011-04-06 15:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 15:46 . 2011-04-06 15:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 15:46 . 2011-04-06 15:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 15:46 . 2011-04-06 15:46 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 15:46 . 2011-04-06 15:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 15:46 . 2011-04-06 15:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 15:46 . 2011-04-06 15:46 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 15:46 . 2011-04-06 15:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 15:46 . 2011-04-06 15:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 15:46 . 2011-04-06 15:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 15:46 . 2011-04-06 15:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 15:46 . 2011-04-06 15:46 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 15:46 . 2011-04-06 15:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 15:46 . 2011-04-06 15:46 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 15:46 . 2011-04-06 15:46 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 15:46 . 2011-04-06 15:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-28 12:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 13:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 13:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 13:28 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 12:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 12:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 12:55 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 12:55 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 12:55 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 12:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-14 13:28 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 13:28 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-10-05 55072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"CPMonitor"="c:\users\mayank\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-31 14:13 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 25600]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-04-02 20376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-31 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 14:58]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-07 14:58]
.
2011-05-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-05-14 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2010-08-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://google.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-29 21:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1968)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
Completion time: 2011-05-29 21:23:59
ComboFix-quarantined-files.txt 2011-05-30 02:23
.
Pre-Run: 290,985,660,416 bytes free
Post-Run: 290,920,112,128 bytes free
.
- - End Of File - - 80DA876206014648769F4BC0EC68B0EF