After running ComboFix I opend FF tonight AVG Shield advised me of a web page attempt to open and blocked it and advised me not to go there. I reinstalled AVG yesterday after having deleted it to run Kaspersky, I didn't know about the shield deactivation then. Below is the log from ComboFix:
ComboFix 09-09-29.01 - Michael 09/29/2009 20:22.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.490 [GMT -7:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-2297251999-738724385-1645878046-1003
c:\recycler\S-1-5-21-504221711-2657588388-2843214241-1003
c:\recycler\S-1-5-21-861567501-1202660629-1935655697-1003
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-28 03:26 . 2009-09-28 03:26 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\AVG Security Toolbar
2009-09-28 03:20 . 2009-09-28 03:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-28 03:20 . 2009-09-28 03:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-28 03:20 . 2009-09-28 03:20 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-28 03:20 . 2009-09-28 03:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-28 03:19 . 2009-09-30 03:10 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-28 03:19 . 2009-09-28 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-28 03:12 . 2009-09-28 03:12 -------- d-----w- c:\documents and settings\Michael\Application Data\AVG8
2009-09-27 17:34 . 2009-09-27 17:34 -------- d-----w- c:\windows\Sun
2009-09-27 17:25 . 2009-09-27 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 17:25 . 2009-09-27 17:25 -------- d-----w- c:\program files\Java
2009-09-27 16:58 . 2009-09-27 16:58 -------- d-----w- c:\program files\MSXML 4.0
2009-09-24 21:23 . 2009-09-24 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-24 21:21 . 2009-09-26 03:50 -------- d-----w- C:\Rooter$
2009-09-23 22:19 . 2009-09-23 22:19 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2009-09-23 22:19 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 22:19 . 2009-09-23 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 22:19 . 2009-09-23 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 22:19 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 22:06 . 2009-09-23 22:06 -------- d-----w- C:\_OTM
2009-09-23 22:01 . 2009-09-23 22:02 -------- d-----w- c:\program files\ERUNT
2009-09-22 18:08 . 2009-09-22 18:08 -------- d-----w- C:\rsit
2009-09-17 03:55 . 2009-09-17 03:55 -------- d-----w- c:\program files\Trend Micro
2009-09-11 03:45 . 2009-09-11 03:45 -------- d-----w- c:\documents and settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\Mozilla
2009-09-11 00:24 . 2009-09-11 03:23 -------- d-----w- c:\program files\Windows Defender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 03:20 . 2009-02-12 06:26 -------- d-----w- c:\program files\MailFrontier
2009-09-28 03:19 . 2009-02-08 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-11 03:45 . 2009-09-11 03:44 152 ----a-w- c:\documents and settings\Administrator.YOUR-RTKE0BYPF7\Local Settings\Application Data\fusioncache.dat
2009-09-03 05:03 . 2009-02-12 06:27 -------- d-----w- c:\documents and settings\Michael\Application Data\MailFrontier
2009-08-20 05:26 . 2009-03-06 05:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 05:24 . 2009-08-19 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-20 05:10 . 2009-08-20 05:08 -------- d-----w- c:\documents and settings\Michael\Application Data\GetRightToGo
2009-08-10 05:09 . 2008-09-11 11:51 -------- d-----w- c:\program files\Windows Live
2009-08-05 09:01 . 2008-08-09 14:32 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:48 . 2009-07-29 04:03 104120 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-17 19:01 . 2008-08-09 14:32 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 04:34 . 2009-07-15 04:34 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-14 06:43 . 2008-08-09 14:32 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Matador"="c:\progra~1\MAILFR~1\mantispm.exe" [2006-01-20 894544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-03-14 360448]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-28 2007832]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-31 16806912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-28 03:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2009 8:20 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2009 8:20 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2009 8:19 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2009 8:19 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9/11/2008 4:17 AM 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [9/11/2008 3:18 PM 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [1/2/2002 12:51 PM 36864]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9/11/2008 7:42 PM 625024]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-09-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 16:09]
2009-09-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2009-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.nytimes.com/uInternet Connection Wizard,ShellNext =
hxxp://eeepc.asus.com/globalIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\yia5z0fe.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage -
hxxp://www.theprizeday.com/today.php|ht ... imes.com//FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-29 20:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1368)
c:\windows\system32\WININET.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\windows\system32\ieframe.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-30 20:31
ComboFix-quarantined-files.txt 2009-09-30 03:31
Pre-Run: 76,350,705,664 bytes free
Post-Run: 76,633,423,872 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
175 --- E O F --- 2009-09-28 15:10