Here ya go!
ComboFix 10-07-07.02 - Robert 07/08/2010 22:51:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.592 [GMT -4:00]
Running from: c:\documents and settings\Robert\Desktop\Combo-Fix.exe
Command switches used :: C:\CFScript.txt
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
FILE ::
"c:\windows\system32\drivers\$sys$cor.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\$sys$filesystem
c:\windows\system32\$sys$filesystem\$sys$parking
c:\windows\system32\$sys$filesystem\DbgHelp.dll
c:\windows\system32\$sys$filesystem\lim.sys
c:\windows\system32\$sys$filesystem\oct.sys
c:\windows\system32\$sys$filesystem\Unicows.dll
c:\windows\system32\drivers\$sys$cor.sys
c:\windows\system32\msapps
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_COMSERVER
-------\Legacy_O1394BUL
-------\Service_$sys$cor
-------\Service_$sys$crater
-------\Service_COMServer
-------\Service_o1394bul
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-06-27 01:29 . 2010-06-27 01:29 -------- d-----w- c:\documents and settings\Robert\Application Data\Facebook
2010-06-26 21:10 . 2010-06-26 21:10 -------- d-----w- C:\_OTL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 03:04 . 2010-04-01 02:01 -------- d-----w- c:\program files\PeerBlock
2010-07-09 03:03 . 2006-08-16 16:31 -------- d-----w- c:\documents and settings\Robert\Application Data\OpenOffice.org2
2010-06-27 01:29 . 2010-06-27 01:29 50354 ----a-w- c:\documents and settings\Robert\Application Data\Facebook\uninstall.exe
2010-06-26 20:14 . 2007-12-31 23:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 21:26 . 2010-04-17 21:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-15 21:48 . 2010-03-30 02:52 -------- d-----w- c:\documents and settings\Robert\Application Data\Skype
2010-06-15 21:37 . 2010-04-17 21:44 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-15 21:36 . 2008-03-23 19:09 -------- d-----w- c:\documents and settings\Robert\Application Data\skypePM
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Robert\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-08 06:22 . 2008-11-04 03:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 05:22 . 2010-05-23 05:22 503808 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\msvcp71.dll
2010-05-23 05:22 . 2010-05-23 05:22 499712 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\jmc.dll
2010-05-23 05:22 . 2010-05-23 05:22 348160 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4834b000-n\msvcr71.dll
2010-05-23 05:22 . 2010-05-23 05:22 61440 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36dc4867-n\decora-sse.dll
2010-05-23 05:22 . 2010-05-23 05:22 12800 ----a-w- c:\documents and settings\Robert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-36dc4867-n\decora-d3d.dll
2010-05-21 00:29 . 2010-03-31 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 04:28 . 2010-05-18 04:28 -------- d-----w- c:\documents and settings\Robert\Application Data\Unity
2010-05-04 17:20 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-31 23:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-31 23:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 21:29 . 2010-04-29 23:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2006-08-16 16:27 . 2006-08-16 16:27 96793015 -c--a-w- c:\program files\OOo_2.0.3_Win32Intel_install.exe
2006-08-11 06:54 . 2006-08-11 06:54 2855080 -c--a-w- c:\program files\aawsepersonal.exe
2008-04-23 21:40 . 2008-04-23 21:40 22 -csha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-08 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HostManager"="c:\program files\Common Files\AOL\1148531195\ee\AOLSoftware.exe" [2005-11-03 50792]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
c:\documents and settings\Robert\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WRNotifier]
[BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148531195\\ee\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1148531195\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 4:17 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4/29/2007 5:00 AM 33792]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/31/2010 10:01 PM 14424]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2010 8:30 PM 135664]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 00:30]
2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 00:30]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006Core.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 20:10]
2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500152745-3418190402-2306375663-1006UA.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\deqhc1xf.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-08 22:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2010-07-08 23:10:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 03:10
ComboFix2.txt 2010-07-06 06:15
Pre-Run: 13,861,339,136 bytes free
Post-Run: 13,855,145,984 bytes free
- - End Of File - - A819C16F1B46C2CD7C9789582F4C6EA2