ComboFix 10-08-18.05 - JIM 08/20/2010   6:53.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.767.464 [GMT -4:00]
Running from: c:\documents and settings\JIM\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected 
Restored copy from - c:\windows\$NtServicePackUninstall$\ws2_32.dll 

.
(((((((((((((((((((((((((   Files Created from 2010-07-20 to 2010-08-20  )))))))))))))))))))))))))))))))
.

2010-08-20 09:44 . 2010-08-20 09:44	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-20 09:42 . 2010-08-20 10:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-19 09:18 . 2010-08-19 09:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-01 22:25 . 2010-08-01 22:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\TEMP
2010-08-01 21:55 . 2010-08-01 21:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLAC to MP3
2010-08-01 14:10 . 2010-08-01 14:10	--------	d-----w-	c:\documents and settings\JIM\Application Data\SystemRequirementsLab
2010-07-21 12:49 . 2010-08-03 18:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATTYToolbar

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 10:17 . 2010-01-26 14:20	--------	d-----w-	c:\program files\Google
2010-08-20 10:11 . 2010-08-20 10:11	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-08-20 09:42 . 2010-08-20 09:42	--------	d-----w-	c:\program files\Lavasoft
2010-08-19 19:01 . 2008-12-16 19:23	--------	d-----w-	c:\program files\McAfee
2010-08-19 16:31 . 2009-01-04 18:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-19 11:49 . 2010-08-19 11:39	--------	d-----w-	c:\program files\PCPitstop
2010-08-19 11:39 . 2010-07-15 11:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\PCPitstop
2010-08-18 14:01 . 2010-06-29 16:43	--------	d-----w-	c:\program files\FileHippo.com
2010-08-18 09:30 . 2010-03-12 16:00	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-08-12 12:16 . 2010-08-20 09:44	2979848	-c--a-w-	c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-12 12:15 . 2010-08-20 10:11	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-08-12 10:55 . 2008-12-16 18:10	--------	d-----w-	c:\program files\Analog Devices
2010-08-10 22:56 . 2010-03-24 19:22	--------	d-----w-	c:\program files\Real Environment Xtreme FS2004
2010-08-10 18:44 . 2010-06-10 10:13	16968	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2010-08-09 15:40 . 2008-12-28 23:03	--------	d-----w-	c:\program files\Glary Utilities
2010-08-09 13:35 . 2008-12-17 11:59	--------	d-----w-	c:\program files\Common Files\Logitech
2010-08-09 13:35 . 2008-12-17 11:41	--------	d-----w-	c:\program files\Logitech
2010-08-08 17:33 . 2008-12-16 22:52	--------	d-----w-	c:\program files\Microsoft Games
2010-08-03 18:16 . 2009-09-21 00:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-02 09:58 . 2009-08-26 19:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple
2010-08-02 08:53 . 2009-01-07 09:45	--------	d-----w-	c:\documents and settings\JIM\Application Data\WinPatrol
2010-08-02 08:38 . 2010-08-02 08:38	109864	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-01 22:02 . 2010-08-01 21:54	--------	d-----w-	c:\program files\Flac to MP3
2010-08-01 14:10 . 2010-08-01 14:10	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-08-01 14:10 . 2010-08-01 14:10	84480	----a-w-	c:\documents and settings\JIM\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-07-31 17:55 . 2010-07-31 17:55	133440	----a-w-	c:\windows\system32\LnkProtect.dll
2010-07-30 18:02 . 2009-03-20 12:15	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-07-28 12:10 . 2009-05-17 08:33	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-07-28 12:09 . 2010-06-22 09:22	--------	d-----w-	c:\program files\CDBurnerXP
2010-07-28 12:03 . 2008-12-22 10:39	--------	d-----w-	c:\program files\CCleaner
2010-07-28 11:53 . 2008-12-17 11:41	--------	d-----w-	c:\program files\Common Files\Logishrd
2010-07-28 11:51 . 2010-03-12 15:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Logishrd
2010-07-27 11:28 . 2009-01-07 17:03	--------	d-----w-	c:\program files\MSECache
2010-07-21 22:37 . 2008-12-16 19:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 21:40 . 2008-12-16 19:24	--------	d-----w-	c:\program files\Common Files\McAfee
2010-07-21 21:40 . 2010-07-21 21:39	--------	d-----w-	c:\program files\McAfee.com
2010-07-18 09:27 . 2009-01-23 21:37	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-07-17 09:57 . 2010-07-17 09:57	503808	----a-w-	c:\documents and settings\ROBERTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64df6bf2-n\msvcp71.dll
2010-07-17 09:57 . 2010-07-17 09:57	499712	----a-w-	c:\documents and settings\ROBERTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64df6bf2-n\jmc.dll
2010-07-17 09:57 . 2010-07-17 09:57	348160	----a-w-	c:\documents and settings\ROBERTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64df6bf2-n\msvcr71.dll
2010-07-17 09:57 . 2010-07-17 09:57	61440	----a-w-	c:\documents and settings\ROBERTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11ed1716-n\decora-sse.dll
2010-07-17 09:57 . 2010-07-17 09:57	12800	----a-w-	c:\documents and settings\ROBERTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11ed1716-n\decora-d3d.dll
2010-07-15 19:18 . 2010-07-21 21:40	120136	----a-w-	c:\windows\system32\drivers\Mpfp.sys
2010-07-12 13:28 . 2010-07-12 13:28	503808	----a-w-	c:\documents and settings\KITTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3343e5ed-n\msvcp71.dll
2010-07-12 13:28 . 2010-07-12 13:28	499712	----a-w-	c:\documents and settings\KITTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3343e5ed-n\jmc.dll
2010-07-12 13:28 . 2010-07-12 13:28	348160	----a-w-	c:\documents and settings\KITTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3343e5ed-n\msvcr71.dll
2010-07-12 13:28 . 2010-07-12 13:28	61440	----a-w-	c:\documents and settings\KITTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d195a7f-n\decora-sse.dll
2010-07-12 13:28 . 2010-07-12 13:28	12800	----a-w-	c:\documents and settings\KITTY\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d195a7f-n\decora-d3d.dll
2010-07-11 13:00 . 2010-07-11 13:00	--------	d-----w-	c:\program files\Common Files\Java
2010-07-11 12:59 . 2010-05-21 22:23	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-11 12:58 . 2010-07-11 12:58	--------	d-----w-	c:\program files\Java
2010-07-10 12:51 . 2010-07-10 12:51	--------	d-----w-	c:\documents and settings\LocalService\Application Data\McAfee
2010-07-10 10:53 . 2010-07-10 10:53	90	--sh--w-	c:\windows\cnerolf.dat
2010-07-09 18:42 . 2009-01-04 21:51	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-01 07:51 . 2010-07-01 07:51	--------	d-----w-	c:\program files\ESET
2010-07-01 02:16 . 2009-02-01 17:31	--------	d-----w-	c:\documents and settings\KITTY\Application Data\WinPatrol
2010-07-01 02:15 . 2010-07-01 02:15	--------	d-----w-	c:\documents and settings\KITTY\Application Data\Creative
2010-06-30 12:31 . 2002-09-03 16:58	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-30 11:55 . 2009-02-02 00:17	--------	d-----w-	c:\documents and settings\ROBERTY\Application Data\WinPatrol
2010-06-30 11:55 . 2010-06-30 11:55	--------	d-----w-	c:\documents and settings\ROBERTY\Application Data\Creative
2010-06-29 16:30 . 2010-06-29 15:03	--------	d-----w-	c:\documents and settings\JIM\Application Data\FreeFixer
2010-06-29 15:02 . 2010-06-29 15:02	--------	d-----w-	c:\program files\FreeFixer
2010-06-29 12:32 . 2010-06-29 12:32	--------	d-----w-	c:\documents and settings\JIM\Application Data\Creative
2010-06-29 01:55 . 2010-06-29 01:53	--------	d-----w-	c:\program files\Microsoft Fix it Center
2010-06-29 01:10 . 2010-06-29 01:10	520	----a-w-	c:\windows\system32\drivers\kgpcpy.cfg
2010-06-29 00:57 . 2010-06-29 00:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\SITEguard
2010-06-29 00:56 . 2010-06-29 00:56	--------	d-----w-	c:\program files\Common Files\iS3
2010-06-29 00:46 . 2009-05-13 18:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\ParetoLogic
2010-06-28 21:14 . 2010-06-28 21:14	49152	----a-w-	c:\documents and settings\JIM\Application Data\Mozilla\Firefox\Profiles\fri2e1fl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2010-06-24 12:22 . 2002-09-03 17:12	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-09-03 17:11	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-22 09:23 . 2010-06-22 09:23	--------	d-----w-	c:\documents and settings\JIM\Application Data\Canneverbe Limited
2010-06-22 09:23 . 2010-06-22 09:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-06-21 15:27 . 2002-09-03 17:04	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-09-03 16:34	80384	------w-	c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2002-09-03 16:46	1172480	----a-w-	c:\windows\system32\msxml3.dll
2010-06-10 10:31 . 2010-06-10 10:31	12872	----a-w-	c:\windows\system32\bootdelete.exe
2010-06-01 00:32 . 2008-12-16 19:24	385880	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2010-05-25 22:44 . 2008-12-17 01:51	45832	----a-w-	c:\documents and settings\KITTY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-23 17:25 . 2009-08-26 10:45	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
2004-03-17 22:13 . 2004-03-17 22:13	1028368	----a-w-	c:\program files\vbrun60sp6.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe" [2003-06-11 122880]
"UpdReg"="c:\windows\Updreg.EXE" [2000-05-11 90112]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MilShieldSlave

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)
"MilShieldCleaner"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/20/2010 6:11 AM 64288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/6/2009 6:09 PM 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/21/2010 5:43 PM 203280]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [8/28/2005 10:04 PM 44032]
S2 0158771279847427mcinstcleanup;McAfee Application Installer Cleanup (0158771279847427);c:\windows\TEMP\015877~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\015877~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355416]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/30/2009 8:28 AM 16512]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/19/2010 7:39 AM 90296]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-07-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-21 16:22]

2010-07-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-21 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = 
Trusted Zone: 0.0.0.0
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: myloweslife.com\pmf
Trusted Zone: yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\JIM\Application Data\Mozilla\Firefox\Profiles\fri2e1fl.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-spt_gen&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\JIM\Application Data\Mozilla\Firefox\Profiles\fri2e1fl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
user_pref(places.frecency.bookmarkVisitBonus,0);
user_pref(places.frecency.unvisitedBookmarkBonus,0);
user_pref(browser.startup.homepage,about:blank);
user_pref(browser.startup.page,1);
user_pref(browser.search.defaultenginename,Google);
user_pref(browser.download.lastDir,c:\\Documents and Settings\\JIM\\Desktop\\);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 07:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-484763869-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\System32\dllhost.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\System32\msdtc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\BCMSMMSG.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-08-20  07:20:17 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-20 11:20

Pre-Run: 16,271,773,696 bytes free
Post-Run: 16,250,753,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 15EE418B62CA4FC5637C7A24EC073B73