Here you go :
ComboFix 11-04-03.03 - Thomas 04/04/2011 17:01:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1070 [GMT 1:00]
Running from: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas gander.User-PC\Sword_2_20100806.exe.downloading
c:\users\Thomas\AppData\Roaming\Adobe\plugs
c:\users\Thomas\AppData\Roaming\Adobe\shed
c:\users\Thomas\AppData\Roaming\cacaoweb
c:\users\Thomas\AppData\Roaming\cacaoweb\adstorage.db
c:\users\Thomas\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Thomas\AppData\Roaming\cacaoweb\storage.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-04 16:08 . 2011-04-04 16:08 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2011-04-04 16:08 . 2011-04-04 16:08 -------- d-----w- c:\users\THOMAS~1~USE\AppData\Local\temp
2011-04-04 16:08 . 2011-04-04 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 16:08 . 2011-04-04 16:08 -------- d-----w- c:\users\Daddy\AppData\Local\temp
2011-04-04 15:53 . 2011-04-04 15:53 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE4B3D03-76DC-4804-9191-D5F2BA536917}\MpKslad3fa2cd.sys
2011-04-04 15:53 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE4B3D03-76DC-4804-9191-D5F2BA536917}\mpengine.dll
2011-04-01 20:22 . 2011-04-01 20:22 -------- d-----w- C:\_OTL
2011-04-01 20:11 . 2011-04-01 20:11 -------- d-----w- c:\program files\ERUNT
2011-03-31 19:04 . 2011-03-31 19:13 -------- d-----w- c:\users\Thomas\AppData\Roaming\Ventrilo
2011-03-31 19:03 . 2011-03-31 19:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-03-30 17:42 . 2011-03-30 17:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-29 17:40 . 2011-03-29 17:45 -------- d-----w- c:\program files\Game_Maker8
2011-03-27 10:41 . 2011-03-27 10:41 388096 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-27 10:41 . 2011-03-27 10:41 -------- d-----w- c:\program files\Trend Micro
2011-03-26 15:51 . 2011-03-26 15:51 -------- d-----w- c:\users\Thomas\AppData\Roaming\MotioninJoy
2011-03-26 15:51 . 2010-08-19 19:24 255496 ----a-w- c:\windows\system32\MijFrc.dll
2011-03-26 15:51 . 2011-03-26 15:51 -------- d-----w- c:\program files\MotioninJoy
2011-03-26 15:37 . 2011-03-26 15:37 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2011-03-26 15:37 . 2005-03-09 20:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2011-03-26 15:37 . 2005-03-09 20:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2011-03-26 15:37 . 2005-03-09 20:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-03-26 15:37 . 2005-03-09 20:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2011-03-26 13:49 . 2011-03-26 13:49 0 ----a-w- c:\users\Thomas\AppData\Local\Qlalofum.bin
2011-03-25 16:41 . 2011-03-04 20:13 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 16:41 . 2011-03-04 20:13 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3B366A5-B8DA-4E7D-9280-2599C4B44F6D}\gapaengine.dll
2011-03-24 19:21 . 2011-03-24 19:21 -------- d-----w- c:\users\Thomas\AppData\Roaming\FlashGet
2011-03-24 19:21 . 2011-03-25 19:02 -------- d-----w- c:\program files\FlashGet
2011-03-22 19:00 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 19:00 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 19:00 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-16 22:09 . 2011-03-16 22:09 -------- d-----w- C:\Bri'2000
2011-03-13 13:06 . 2011-03-13 13:06 -------- d-----w- c:\users\Daddy\AppData\Local\Apple
2011-03-09 19:38 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:38 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:38 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 19:38 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:38 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:38 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 19:32 . 2011-03-08 19:32 -------- d-----w- c:\users\Thomas\AppData\Roaming\OpenCandy
2011-03-08 19:32 . 2010-07-27 16:13 27136 ----a-w- c:\temp\npijjiautoinstallpluginff.dll
2011-03-08 19:32 . 2010-03-24 16:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2011-03-08 19:32 . 2010-03-24 16:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2011-03-08 16:57 . 2011-03-08 16:57 -------- d-----w- C:\ijji
2011-03-06 13:31 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-06 13:31 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-06 13:31 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-06 13:31 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-06 13:31 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-06 13:31 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-06 13:31 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-06 13:31 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-06 13:31 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-06 13:31 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-06 13:29 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-06 13:28 . 2011-01-20 16:07 586240 ----a-w- c:\windows\system32\stobject.dll
2011-03-06 13:28 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-03-06 13:28 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-03-06 13:28 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-03-06 13:28 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2011-03-04 20:14 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-17 21:31 . 2011-02-17 21:31 459616 ----a-w- c:\windows\system32\drivers\EagleXNt.sys
2011-02-14 21:07 . 2011-02-05 21:04 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-02-14 21:07 . 2011-02-05 21:04 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-29 19:29 . 2011-01-29 17:48 214592 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-19 18:00 . 2011-01-19 18:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-08 08:47 . 2011-02-09 16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 16:37 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27 . 2011-01-19 23:47 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-19 23:47 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-01-19 23:47 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-19 23:47 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-01-19 23:47 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-19 23:47 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-19 23:47 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-19 23:47 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-01-19 23:47 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-01-19 23:47 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-19 23:47 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-07-10 05:37 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-07-10 05:37 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 21:06 . 2011-01-07 21:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 21:06 . 2011-01-07 21:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 21:06 . 2011-01-07 21:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 21:06 . 2011-01-07 21:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 21:06 . 2011-01-07 21:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 21:06 . 2011-01-07 21:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-03-18 17:57 . 2011-03-25 18:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-02-14 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 13:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 15:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 18:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 13:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
2004-08-10 16:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-11-30 15:13 9914984 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R1 MpKsl91392050;MpKsl91392050;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05255DED-F74C-43F4-B9AA-88521F0FAD71}\MpKsl91392050.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [2011-02-17 459616]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-26 4060752]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S1 MpKslad3fa2cd;MpKslad3fa2cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE4B3D03-76DC-4804-9191-D5F2BA536917}\MpKslad3fa2cd.sys [2011-04-04 28752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 798208]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAD3FA2CD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 15:00]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 15:00]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.skip-search.com/?cfg=2-82-0- ... country=GBuInternet Settings,ProxyOverride = *.local
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\l8iw4m3r.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.co.uk/FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-cacaoweb - c:\users\Thomas\AppData\Roaming\cacaoweb\cacaoweb.exe
MSConfigStartUp-lxdxmon - (no file)
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-04 17:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\users\Thomas\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?ng???P????u??????????P???P???????????P???????P?tz?u`??u????????????r???????Service Pack 2??????????????????????????????????????????????????????????????????????????????????Q??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.0.6002 Disk: SAMSUNG_ rev.1AJ1 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x852D7ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xab82f879; SUB DWORD [EBP-0x4], 0xab82f135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x82057912] -> \Device\Harddisk0\DR0[0x861A0398]
3 CLASSPNP[0x883A48B3] -> ntkrnlpa!IofCallDriver[0x82057912] -> [0x8488B2A0]
5 acpi[0x806956BC] -> ntkrnlpa!IofCallDriver[0x82057912] -> [0x8447A630]
[0x86BEC4A8] -> IRP_MJ_CREATE -> 0x852D7ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005d -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD502HJ#4&358dcf36&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-04-04 17:09:56
ComboFix-quarantined-files.txt 2011-04-04 16:09
.
Pre-Run: 293,336,244,224 bytes free
Post-Run: 295,565,160,448 bytes free
.
- - End Of File - - 5F4AA218A63B73106519AAF31FC8B526