More strange occurences. HijackThis log included...

I am also having this warning coming from my AVG Resident Shield each time I open Internet Explorer:

Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Found ;"C:\Documents and Settings\user1\Cookies\user1@advertising[1].txt";"Potentially dangerous object";"8/31/2009, 3:59:59 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Found ;"C:\Documents and Settings\user1\Cookies\user1@doubleclick[2].txt";"Potentially dangerous object";"8/31/2009, 3:59:59 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Found ;"C:\Documents and Settings\user1\Cookies\user1@ad.yieldmanager[3].txt";"Potentially dangerous object";"8/31/2009, 3:59:56 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Found ;"C:\Documents and Settings\user1\Cookies\user1@atdmt[1].txt";"Moved to Virus Vault";"8/31/2009, 3:59:52 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Found ;"C:\Documents and Settings\user1\Cookies\user1@doubleclick[1].txt";"Moved to Virus Vault";"8/31/2009, 2:00:15 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus found Win32/Cryptor;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096236.dll";"Moved to Virus Vault";"8/14/2009, 10:57:21 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Moved to Virus Vault";"8/13/2009, 9:20:56 AM";"file";"C:\Program Files\AVG\AVG8\avgcsrvx.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/13/2009, 9:20:53 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/13/2009, 6:08:57 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/12/2009, 3:46:38 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/12/2009, 2:13:33 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/11/2009, 9:33:03 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/11/2009, 8:04:35 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/11/2009, 5:42:45 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Found ;"C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\cookies.sqlite";"Healed";"8/11/2009, 10:00:42 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
Trojan horse Generic13.BQVV;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096238.dll";"Deleted";"8/10/2009, 7:36:54 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic13.BQVV;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096238.dll";"Deleted";"8/10/2009, 6:36:54 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic13.BQVV;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096238.dll";"Deleted";"8/10/2009, 5:36:54 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic13.BQVV;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096238.dll";"Deleted";"8/10/2009, 5:16:41 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic14.FFS;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096235.dll";"Moved to Virus Vault";"8/10/2009, 3:36:54 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Pakes.DXZ;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096234.sys";"Moved to Virus Vault";"8/10/2009, 2:48:20 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Pakes.DXZ;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096234.sys";"Deleted";"8/10/2009, 12:36:54 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Pakes.DXZ;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP529\A0096234.sys";"Deleted";"8/10/2009, 12:21:17 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Potentially harmful program Logger.GAT;"C:\temp\MPK\MPK64.exe";"Added to PUP exceptions";"3/14/2009, 5:34:02 PM";"file";"C:\temp\MPK\MPK.exe"
Trojan horse PSW.Generic6.AZKA;"C:\System Volume Information\_restore{0D808AFC-C6CF-494A-B8CD-8CAB520AF4FE}\RP338\A0062813.dll";"Moved to Virus Vault";"1/14/2009, 12:39:16 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus found FakeAlert;"C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\QTU5OC26\freescan[1].htm";"Moved to Virus Vault";"11/8/2008, 8:11:38 PM";"file";"C:\DOCUME~1\user1\LOCALS~1\Temp\~tmpd.exe"
Virus found FakeAlert;"C:\DOCUMENTS AND SETTINGS\USER1\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QTU5OC26\FREESCAN[1].HTM";"Deleted";"11/8/2008, 8:11:38 PM";"file";"C:\Program Files\Spyware Doctor\pctsSvc.exe"
Virus found FakeAlert;"C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\5KJOIMFC\freescan[1].htm";"Moved to Virus Vault";"11/8/2008, 7:41:32 PM";"file";"C:\DOCUME~1\user1\LOCALS~1\Temp\~tmpd.exe"

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [forsinit] C:\WINDOWS\sprscore.exe
  O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Here is my MBAM Log as requested:

Malwarebytes' Anti-Malware 1.40
Database version: 2728
Windows 5.1.2600 Service Pack 3

9/1/2009 9:33:56 PM
mbam-log-2009-09-01 (21-33-56).txt

Scan type: Quick Scan
Objects scanned: 93089
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I still am unable to run mozilla. Also each time I open Explorer my AVG resident shield warning pops up with the same info as I posted above.

Lets go deeper.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.
  

Part 2:
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1\applic~1\mozilla\firefox\profiles\hbyiztyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-8 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-8 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-8 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-8 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-8 298776]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-3-19 36224]
S2 bonnqeuc;bonnqeuc;c:\windows\system32\drivers\whnsz.sys --> c:\windows\system32\drivers\whnsz.sys [?]
S2 gupdate1c985a88476ed5a;Google Update Service (gupdate1c985a88476ed5a);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-08-31 13:32 --d----- c:\windows\system32\wbem\Repository
2009-08-27 14:27 --d----- c:\program files\MSECache
2009-08-11 11:39 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 11:39 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-10 10:15 -cd----- c:\windows\system32\dllcache\cache
2009-08-10 09:50 a-dshr-- C:\cmdcons
2009-08-10 09:40 216,064 a------- c:\windows\PEV.exe
2009-08-10 09:40 161,792 a------- c:\windows\SWREG.exe
2009-08-10 09:40 98,816 a------- c:\windows\sed.exe
2009-08-10 09:39 --ds---- C:\Combo-Fix
2009-08-09 17:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 17:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-09 13:55 --d----- c:\windows\pss
2009-08-09 13:36 --d----- c:\windows\system32\LogFiles
2009-08-09 12:49 --d----- C:\2d5cc28737a64e03acdaec9b7be5
2009-08-09 10:48 12,928 ac------ c:\windows\system32\dllcache\dot4prt.sys
2009-08-09 10:48 12,928 a------- c:\windows\system32\drivers\Dot4Prt.sys
2009-08-09 10:48 324,608 ac------ c:\windows\system32\dllcache\hpojwia.dll
2009-08-09 10:48 8,704 ac------ c:\windows\system32\dllcache\dot4scan.sys
2009-08-09 10:48 324,608 a------- c:\windows\system32\hpojwia.dll
2009-08-09 10:48 18,411 a------- c:\windows\system32\hpo5500a.aio
2009-08-09 10:48 18,411 a------- c:\windows\system32\hpo5400a.aio
2009-08-09 10:48 18,411 a------- c:\windows\system32\hpo5300a.aio
2009-08-09 10:48 8,704 a------- c:\windows\system32\drivers\Dot4scan.sys
2009-08-09 10:47 206,976 ac------ c:\windows\system32\dllcache\dot4.sys
2009-08-09 10:47 23,808 ac------ c:\windows\system32\dllcache\dot4usb.sys
2009-08-09 10:47 206,976 a------- c:\windows\system32\drivers\Dot4.sys
2009-08-09 10:47 23,808 a------- c:\windows\system32\drivers\Dot4usb.sys
2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:36 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 09:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-23 09:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-04 22:52 1,024 a------- c:\docume~1\alluse~1\applic~1\pdfxls2.dll
2008-12-09 11:05 87,608 a------- c:\docume~1\user1\applic~1\ezpinst.exe
2008-12-09 11:05 47,360 a------- c:\docume~1\user1\applic~1\pcouffin.sys
2009-04-01 09:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 20:40:04.84 ===============

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :services
  bonnqeuc
  PciCon
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

AS requested, here is the OTM log:

========== SERVICES/DRIVERS ==========

Service\Driver bonnqeuc deleted successfully.

Service\Driver PciCon deleted successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009_185152

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on svchost.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

As requested ComboFix log: Original msg too big. Posting in two parts.
PART 1

ComboFix 09-09-06.06 - user1 09/07/2009 8:58.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1351 [GMT -7:00]
Running from: E:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\dep32ceg.dll
c:\windows\Installer\1632a06.msp
c:\windows\Installer\1632a0f.msp
c:\windows\Installer\1632a18.msp
c:\windows\Installer\1632a21.msp
c:\windows\Installer\1ce03a1.msp
c:\windows\Installer\3726bae.msp
c:\windows\iopa32ul.dll
c:\windows\iopb32ul.dll
c:\windows\spr32snl.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-04 01:51 . 2009-09-04 01:51 -------- d-----w- C:\_OTM
2009-08-31 20:32 . 2009-08-31 20:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-27 21:27 . 2009-08-27 21:34 -------- d-----w- c:\program files\MSECache
2009-08-11 18:39 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 00:16 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 00:16 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 20:36 . 2009-08-09 20:36 -------- d-----w- c:\windows\system32\LogFiles
2009-08-09 19:49 . 2009-08-09 19:49 -------- d-----w- C:\2d5cc28737a64e03acdaec9b7be5
2009-08-09 17:48 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2009-08-09 17:48 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2009-08-09 17:48 . 2001-08-18 05:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2009-08-09 17:48 . 2001-08-18 05:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
2009-08-09 17:48 . 2001-08-17 20:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2009-08-09 17:48 . 2001-08-17 20:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2009-08-09 17:47 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2009-08-09 17:47 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-08-09 17:47 . 2001-08-17 20:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2009-08-09 17:47 . 2001-08-17 20:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 15:29 . 2008-03-20 00:54 -------- d-----w- c:\program files\Steam
2009-09-07 02:09 . 2008-11-09 02:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-07 02:09 . 2008-11-09 02:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-07 02:09 . 2008-11-09 02:24 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 04:30 . 2008-12-10 06:02 -------- d-----w- c:\documents and settings\user1\Application Data\uTorrent
2009-09-02 12:59 . 2008-03-20 04:41 176920 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 20:31 . 2008-08-07 16:06 -------- d-----w- c:\program files\The Print Shop 20
2009-08-10 00:16 . 2008-11-09 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 00:05 . 2008-11-09 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-09 16:33 . 2009-02-03 02:37 -------- d-----w- c:\program files\Google
2009-08-05 09:01 . 2008-11-09 03:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 13:29 . 2008-05-16 15:44 -------- d-----w- c:\program files\Apple Software Update
2009-07-18 00:15 . 2009-07-18 00:14 -------- d-----w- c:\program files\iTunes
2009-07-18 00:15 . 2009-07-18 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-18 00:14 . 2008-05-16 15:44 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 00:14 . 2008-03-30 23:40 -------- d-----w- c:\program files\iPod
2009-07-18 00:14 . 2009-07-18 00:14 -------- d-----w- c:\program files\Bonjour
2009-07-18 00:14 . 2009-07-18 00:13 -------- d-----w- c:\program files\QuickTime
2009-07-17 19:01 . 2008-11-09 03:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2008-11-09 03:49 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 19:16 . 2009-07-18 00:12 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 19:16 . 2008-05-16 15:44 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-29 16:12 . 2001-08-18 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-11-09 03:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2008-11-09 03:48 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2008-11-09 03:48 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-11-09 03:48 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-11-09 03:48 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-11-09 03:48 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-11-09 03:48 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2008-03-31 00:05 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18 . 2008-11-09 03:48 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2008-11-09 03:48 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-11-09 03:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-11-09 03:48 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2008-11-09 03:49 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-11-09 03:48 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-03-31 00:05 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

PART 2

((((((((((((((((((((((((((((( SnapShot@2009-08-10_17.14.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 03:49 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-03-20 04:35 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe
- 2008-03-20 04:35 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
- 2008-03-20 04:35 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-03-20 04:35 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-09-01 01:33 . 2009-09-04 13:19 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-09-01 01:35 . 2009-09-01 01:35 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-07-15 05:57 . 2003-07-15 05:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
+ 2003-07-15 05:52 . 2003-07-15 05:52 67128 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHEV.DLL
+ 2008-03-19 15:56 . 2009-09-02 00:21 536848 c:\windows\system32\FNTCACHE.DAT
+ 2008-09-03 22:43 . 2009-07-12 19:21 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2008-09-03 22:43 . 2008-04-14 00:12 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-15 15:08 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-13 14:05 . 2009-08-13 14:05 516096 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2007-09-12 23:37 . 2007-09-12 23:37 344064 c:\windows\Installer\4242aea.msp
+ 2009-09-01 01:35 . 2009-09-01 01:35 355328 c:\windows\Installer\1123264.msi
+ 2009-09-01 01:33 . 2009-09-01 01:33 886272 c:\windows\Installer\1123247.msi
+ 2009-09-01 01:33 . 2009-09-04 13:19 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-09 03:49 . 2008-04-14 00:12 4874240 c:\windows\system32\wmp.dll
+ 2008-11-09 03:49 . 2009-07-12 19:21 4874240 c:\windows\system32\wmp.dll
+ 2009-08-31 20:30 . 2009-08-31 20:33 2693364 c:\windows\system32\Restore\rstrlog.dat
+ 2008-09-03 22:43 . 2009-07-12 19:21 4874240 c:\windows\system32\dllcache\wmp.dll
- 2008-09-03 22:43 . 2008-04-14 00:12 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2009-06-10 16:19 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-05-14 19:34 . 2009-05-14 19:34 3730944 c:\windows\Installer\392012d.msp
+ 2008-10-25 16:15 . 2008-10-25 16:15 6227456 c:\windows\Installer\3920112.msp
+ 2007-05-31 20:37 . 2007-05-31 20:37 8812384 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.8173\WORDVIEW.EXE
+ 2005-05-03 19:09 . 2005-05-03 19:09 6864584 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
+ 2008-03-30 23:59 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2008-07-30 15:50 . 2008-07-30 15:50 12506112 c:\windows\Installer\3920124.msp
+ 2008-06-04 20:29 . 2008-06-04 20:29 16905728 c:\windows\Installer\392011b.msp
+ 2007-07-31 12:29 . 2007-07-31 12:29 12836864 c:\windows\Installer\112325d.msp
+ 2007-06-19 00:16 . 2007-06-19 00:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2005-04-22 05:57 . 2005-04-22 05:57 12235968 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-07 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-16 1818624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

c:\documents and settings\user1\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-19 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-07 02:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\azmotoxracer\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Steam\\steamapps\\azmotoxracer\\insurgency\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\azmotoxracer\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/8/2008 7:24 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/8/2008 7:24 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/8/2008 7:24 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/8/2008 7:24 PM 297752]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [3/19/2008 5:24 PM 36224]
S2 gupdate1c985a88476ed5a;Google Update Service (gupdate1c985a88476ed5a);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\office
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\hbyiztyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 09:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-07 9:03
ComboFix-quarantined-files.txt 2009-09-07 16:03
ComboFix2.txt 2009-08-10 17:16

Pre-Run: 16,979,312,640 bytes free
Post-Run: 18,221,137,920 bytes free

217 --- E O F --- 2009-09-04 13:19

Hello.
We need to use OTM one more time.

• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

As requested OTM log:

========== FILES ==========
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09082009_214147

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Post the log in your next reply.