Ok I have done that. Combo fix log below.
One thing to note that might be important is that after the restart my Mozilla Icon on the desktop opened to IE Browser not Mozilla. The Mozilla icon on the start bar opens Mozilla ok. Just thought that might be important.
ComboFix 09-01-17.03 - ToNy 2009-01-18 15:42:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.720 [GMT 13:00]
Running from: c:\documents and settings\ToNy\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.0 [VPS 081219-0] *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\autorun.inf
G:\resycled
g:\resycled\boot.com
.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.
2009-01-17 17:38 . 2009-01-17 17:38 <DIR> d-------- C:\rsit
2009-01-17 17:38 . 2009-01-18 14:54 <DIR> d-------- c:\program files\trend micro
2009-01-16 21:36 . 2009-01-16 21:36 <DIR> d-------- c:\program files\CCleaner
2009-01-16 20:12 . 2009-01-16 20:12 <DIR> d-------- c:\program files\VS Revo Group
2009-01-16 19:52 . 2009-01-16 19:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-16 17:48 . 2009-01-16 23:10 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-16 17:48 . 2009-01-16 19:53 <DIR> d-------- c:\documents and settings\ToNy\Application Data\SUPERAntiSpyware.com
2009-01-16 17:48 . 2009-01-16 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-15 21:56 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 21:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 21:29 . 2009-01-15 21:29 <DIR> d-------- c:\documents and settings\ToNy\Application Data\Malwarebytes
2009-01-15 21:29 . 2009-01-15 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 21:28 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-15 21:28 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-15 21:27 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-15 21:27 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-01-05 18:04 . 2009-01-16 18:57 <DIR> d-------- c:\program files\DNA
2009-01-05 18:04 . 2009-01-16 19:10 <DIR> d-------- c:\documents and settings\ToNy\Application Data\DNA
2008-12-29 11:55 . 2008-12-30 12:14 582 --a------ c:\windows\wininit.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 02:32 --------- d-----w c:\documents and settings\ToNy\Application Data\OpenOffice.org2
2009-01-18 01:32 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-16 23:36 --------- d-----w c:\documents and settings\ToNy\Application Data\LimeWire
2009-01-16 07:18 --------- d-----w c:\program files\Spybot16- Search & Destroy
2009-01-16 07:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 04:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 01:44 34 ----a-w c:\documents and settings\ToNy\jagex_runescape_preferences.dat
2009-01-10 23:24 --------- d-----w c:\program files\Google
2009-01-05 05:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 05:09 --------- d-----w c:\program files\PokerStars.NET
2009-01-05 05:08 --------- d-----w c:\program files\BOTS
2008-12-30 10:03 --------- d-----w c:\program files\SwiftKit
2008-12-30 10:02 --------- d-----w c:\program files\DJ Music Mixer
2008-12-29 20:02 --------- d-----w c:\program files\Lavasoft
2008-12-09 22:34 --------- d-----w c:\program files\Lexmark X1100 Series
2008-12-09 11:05 21,504 ---h--w c:\windows\che07.exe
2008-11-28 03:48 176,640 ----a-r c:\windows\system32\hyjere.exe
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2004-10-01 02:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 68856]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
c:\documents and settings\ToNy\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-05 18:05 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
--------- 2007-07-31 20:37 815104 c:\program files\Brownie\BrStsWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-03 09:15 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aswUpdSv"=2 (0x2)
"avast! Antivirus"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\ToNy\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\6000\\install\\cyclomite.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-10-26 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot16- Search & Destroy\TeaTimer.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search - ?p=ZJfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ToNy\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\ToNy\Application Data\Mozilla\Firefox\Profiles\t1vlugw8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\ToNy\Application Data\Mozilla\Firefox\Profiles\t1vlugw8.default\extensions\
[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\echospin\npesProxy.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-18 15:43:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-18 15:45:59
ComboFix-quarantined-files.txt 2009-01-18 02:45:43
Pre-Run: 45,028,093,952 bytes free
Post-Run: 45,021,675,520 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
167 --- E O F --- 2009-01-16 06:03:48