ComboFix 10-05-15.01 - Administrator 05/15/2010  18:53:13.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.100 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((((((((   Files Created from 2010-04-15 to 2010-05-15  )))))))))))))))))))))))))))))))
.

2010-05-14 23:04 . 2010-05-14 23:04	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-05-14 23:03 . 2010-05-14 23:03	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\eSupport.com
2010-05-14 23:03 . 2010-05-14 23:03	--------	d-----w-	C:\DECCHECK
2010-05-14 11:59 . 2010-05-14 23:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\dvdcss
2010-05-14 11:58 . 2010-05-14 23:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\vlc
2010-05-14 11:56 . 2010-05-14 11:56	--------	d-----w-	c:\program files\VideoLAN
2010-05-13 23:08 . 2010-05-13 23:08	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-05-09 11:10 . 2010-05-09 11:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-09 11:10 . 2010-05-09 11:10	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2010-05-08 23:14 . 2010-05-08 23:14	0	----a-w-	c:\windows\nsreg.dat
2010-05-08 23:13 . 2010-05-08 23:13	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-05-08 23:02 . 2010-05-08 23:03	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
2010-05-08 23:01 . 2010-05-08 23:02	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Yahoo!
2010-05-08 23:01 . 2010-05-08 23:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-08 23:01 . 2010-04-20 20:45	607472	----a-w-	c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-05-08 22:59 . 2010-05-09 01:46	--------	d-----w-	c:\program files\Yahoo!
2010-05-08 22:54 . 2008-04-14 09:41	21504	-c--a-w-	c:\windows\system32\dllcache\hidserv.dll
2010-05-08 22:54 . 2008-04-14 09:41	21504	----a-w-	c:\windows\system32\hidserv.dll
2010-05-08 22:54 . 2008-04-14 04:09	14592	-c--a-w-	c:\windows\system32\dllcache\kbdhid.sys
2010-05-08 22:54 . 2008-04-14 04:09	14592	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2010-05-08 22:53 . 2008-04-14 04:15	32128	-c--a-w-	c:\windows\system32\dllcache\usbccgp.sys
2010-05-08 22:53 . 2008-04-14 04:15	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2010-04-28 22:21 . 2001-08-17 17:48	12160	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2010-04-28 22:21 . 2001-08-17 17:48	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2010-04-28 22:21 . 2008-04-14 04:15	10368	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys
2010-04-28 22:21 . 2008-04-14 04:15	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 11:46 . 2010-04-04 01:17	64368	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 14:36 . 2010-04-04 01:14	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-04-28 23:22 . 2010-04-04 12:30	--------	d-----w-	c:\program files\Microsoft Works
2010-04-04 12:32 . 2010-04-04 12:32	--------	d-----w-	c:\program files\Common Files\L&H
2010-04-04 12:31 . 2010-04-04 12:31	--------	d-----w-	c:\program files\Microsoft.NET
2010-04-04 12:31 . 2010-04-04 12:31	--------	d-----w-	c:\program files\Microsoft ActiveSync
2010-04-04 03:09 . 2010-04-04 03:09	--------	d-----w-	c:\program files\CONEXANT
2010-04-04 01:22 . 2010-04-04 01:22	--------	d-----w-	c:\program files\Broadcom
2010-04-04 01:10 . 2010-04-04 01:10	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-04-04 01:03 . 2010-04-03 22:51	86327	----a-w-	c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-04 00:23 . 2010-04-04 01:22	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-04 00:23 . 2010-04-04 00:23	--------	d-----w-	c:\program files\Analog Devices
2010-04-04 00:23 . 2010-04-04 01:21	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-04-03 22:52 . 2010-04-03 22:52	--------	d-----w-	c:\program files\microsoft frontpage
2010-04-03 22:52 . 2010-04-03 22:52	558142	----a-w-	c:\windows\java\Packages\3TFZZ57F.ZIP
2010-04-03 22:52 . 2010-04-03 22:52	2678	----a-w-	c:\windows\java\Packages\Data\DVDJ13TB.DAT
2010-04-03 22:52 . 2010-04-03 22:52	2678	----a-w-	c:\windows\java\Packages\Data\735JP71B.DAT
2010-04-03 22:52 . 2010-04-03 22:52	155995	----a-w-	c:\windows\java\Packages\AODRJRNV.ZIP
2010-04-03 22:52 . 2010-04-03 22:52	2678	----a-w-	c:\windows\java\Packages\Data\SHBJB3JN.DAT
2010-04-03 22:52 . 2010-04-03 22:52	2678	----a-w-	c:\windows\java\Packages\Data\3RF9ZL3L.DAT
2010-04-03 22:52 . 2010-04-03 22:52	2678	----a-w-	c:\windows\java\Packages\Data\0I4I8BP7.DAT
2010-04-03 22:49 . 2010-04-03 22:49	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2002-08-29 07:41	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2010-02-26 05:43	81920	------w-	c:\windows\system32\ieencode.dll
2010-02-25 06:24 . 2002-08-29 07:41	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 05:59	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2002-08-29 06:03	2189952	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04	2066816	----a-w-	c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 13:42	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 12:59	126976	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 12:59	155648	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 20:59	5248312	----a-w-	c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 13:03	1093208	----a-w-	c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 22:42	1404928	----a-w-	c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02]

2010-05-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g97w9vux.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 18:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-682003330-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,dd,52,24,f2,e1,cd,42,87,77,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,dd,52,24,f2,e1,cd,42,87,77,7a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,dd,52,24,f2,e1,cd,42,87,77,7a,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,dd,52,24,f2,e1,cd,42,87,77,7a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,dd,52,24,f2,e1,cd,42,87,77,7a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-05-15  18:58:27
ComboFix-quarantined-files.txt  2010-05-15 22:58

Pre-Run: 52,247,461,888 bytes free
Post-Run: 52,222,636,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D9BDA4F2C655C84D975FF6FEC9F83CD6