Here is the latest results. Your probably right on GMER. It doesn't produce a scroll to get down to the scan, save etc. End result I can't get to the Save button to save.
ComboFix 10-06-27.06 - owner 06/28/2010 14:58:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2232 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\GEORGE.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.
2010-06-28 13:20 . 2010-06-28 13:32 -------- d-----w- C:\GEORGE8264G
2010-06-27 23:32 . 2010-06-27 23:32 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23acdbe0-n\msvcp71.dll
2010-06-27 23:32 . 2010-06-27 23:32 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23acdbe0-n\jmc.dll
2010-06-27 23:32 . 2010-06-27 23:32 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23acdbe0-n\msvcr71.dll
2010-06-27 23:32 . 2010-06-27 23:32 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-50e258a1-n\decora-sse.dll
2010-06-27 23:32 . 2010-06-27 23:32 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-50e258a1-n\decora-d3d.dll
2010-06-27 23:32 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 23:10 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-27 23:10 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-27 23:10 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-27 23:10 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-27 23:10 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-27 23:10 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-27 23:10 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-27 23:10 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-27 23:10 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-27 23:10 . 2010-06-27 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-27 22:59 . 2007-04-28 03:39 95 ----a-w- c:\documents and settings\owner\Application Data\WinPatrol\Autoexec.bat
2010-06-27 22:59 . 2007-04-28 02:41 0 ----a-w- c:\documents and settings\owner\Application Data\WinPatrol\Config.sys
2010-06-27 22:59 . 2010-06-27 22:59 -------- d-----w- c:\documents and settings\owner\Application Data\WinPatrol
2010-06-27 22:58 . 2010-06-27 22:58 -------- d-----w- c:\program files\BillP Studios
2010-06-27 21:19 . 2010-06-27 21:36 -------- d-----w- C:\GEORGE6970G
2010-06-27 17:48 . 2010-06-27 17:55 -------- d-----w- C:\GEORGE
2010-06-25 17:55 . 2010-06-25 17:55 -------- d-----w- C:\_OTL
2010-06-24 20:46 . 2010-06-24 21:27 -------- d-----w- C:\6C12BD23
2010-06-24 20:00 . 2010-06-24 20:00 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-06-24 20:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-24 20:00 . 2010-06-24 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-24 20:00 . 2010-06-24 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 20:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-21 18:07 . 2010-06-21 18:07 2812928 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-06-13 23:55 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-04 17:22 . 2010-06-04 17:22 -------- d-----w- c:\documents and settings\owner\Application Data\PandoraRecovery
2010-06-04 17:22 . 2010-06-04 18:20 -------- d-----w- c:\program files\Pandora Recovery
2010-06-04 15:42 . 2010-06-04 15:42 -------- d-----w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com
2010-06-04 15:42 . 2010-06-04 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 23:32 . 2008-05-16 20:16 -------- d-----w- c:\program files\Common Files\Java
2010-06-27 23:32 . 2008-05-16 20:17 -------- d-----w- c:\program files\Java
2010-06-27 23:10 . 2009-08-19 23:06 -------- d-----w- c:\program files\Alwil Software
2010-06-25 01:45 . 2009-12-08 18:11 -------- d-----w- c:\program files\CCleaner
2010-06-25 00:30 . 2008-05-17 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 21:50 . 2008-05-17 16:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-21 18:08 . 2010-03-31 17:56 -------- d-----w- c:\program files\Quicken
2010-06-21 18:07 . 2010-03-31 18:16 243032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-06-10 20:30 . 2008-11-11 00:59 -------- d-----w- c:\documents and settings\owner\Application Data\Canon
2010-05-27 17:30 . 2010-05-27 17:30 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-05-06 14:01 . 2008-11-10 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 18:17 . 2010-03-31 18:17 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-03-31 18:17 . 2010-03-31 18:17 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-03-31 18:17 . 2010-03-31 18:17 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-03-31 18:17 . 2010-03-31 18:17 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-03-31 18:17 . 2010-03-31 18:17 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-03-31 18:17 . 2010-03-31 18:17 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-03-31 18:16 . 2010-03-31 18:16 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-03-31 18:16 . 2010-03-31 18:16 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-03-31 04:16 . 2010-03-31 04:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-03-10 13:52 . 2009-01-30 01:38 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-10 13:52 . 2009-01-30 01:38 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-10 13:52 . 2009-02-02 21:23 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-01-30 01:38 . 2009-01-30 01:39 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-09-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList.exe" [2007-01-04 50712]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-7-1 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-16 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 20:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/27/2010 7:10 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/27/2010 7:10 PM 19024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/16/2009 4:14 PM 10384]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [4/27/2007 11:46 PM 203264]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11/26/2008 9:15 AM 13352]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [8/28/2006 11:54 PM 10664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 11:35 AM 50704]
.
Contents of the 'Scheduled Tasks' folder
2008-05-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-06-24 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/talkamerica.net
uInternet Settings,ProxyOverride = www.myantispyware.com;myantispyware.com;www.malwarebytes.org;go.trendmicro.com;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\w3cdljzz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{09AC5516-1D55-4CF9-8072-D6AB55C0AB6F} - (no file)
BHO-{1C0165E9-7758-4238-9D0B-E68F384EEC4A} - (no file)
BHO-{4788753c-eaf3-43fd-a342-84de2a4d7849} - (no file)
BHO-{9ADE2127-F831-404D-9A77-5D8C66158717} - (no file)
BHO-{B8047EE5-C42C-4044-B2F4-362D60D2C23D} - (no file)
BHO-{C19698EB-2FA2-4C44-8D47-99507B4A2EEC} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-28 15:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-796845957-1770027372-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-796845957-1770027372-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-796845957-1770027372-839522115-1003)
@Allowed: (Read) (S-1-5-21-796845957-1770027372-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2000)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-06-28 15:11:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-28 19:11
ComboFix2.txt 2010-06-28 13:32
ComboFix3.txt 2010-06-27 21:36
ComboFix4.txt 2010-06-27 17:55
Pre-Run: 70,958,497,792 bytes free
Post-Run: 70,936,772,608 bytes free
- - End Of File - - E8F794309FE6D4DF769ABB1716BF8B9A