was showing win32/cryptor, but not anymore but....

MBAM I mean

Close the AVG alert because it will interfere with MBAM's scan.
Allow MBAM to finish first.

WOW done, will post once PC comes back up.. yes I am on 2 PCs

Malwarebytes' Anti-Malware 1.34
Database version: 1893
Windows 5.1.2600 Service Pack 3

3/24/2009 5:49:51 PM
mbam-log-2009-03-24 (17-49-51).txt

Scan type: Quick Scan
Objects scanned: 64641
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\UACbiwsipxe.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkwvxaran.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACltlwgrrp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACpeppjeyw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACqbivqbgi.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\nila\Local Settings\Temp\UACfb35.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\nila\Local Settings\Temp\Temporary Directory 1 for avenger.zip\avenger.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\nila\Local Settings\Temp\Temporary Directory 2 for avenger.zip\avenger.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkhjakyfg.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACntnklltk.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Hello.
That should of removed a lot of the problem, lets see if anything is left.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-03-16.01) - NTFSx86
Run by nila at 17:59:45.01 on Tue 03/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.536 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\nila\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081225
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081225
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nila\applic~1\mozilla\firefox\profiles\5gseb0o8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\documents and settings\nila\application data\mozilla\firefox\profiles\5gseb0o8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\nila\application data\mozilla\firefox\profiles\5gseb0o8.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-12-24 14248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 298264]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-24 93968]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-24 33176]

=============== Created Last 30 ================

2009-03-24 17:38 --d----- c:\docume~1\nila\applic~1\Malwarebytes
2009-03-24 17:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-24 17:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 17:38 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 17:38 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-24 16:11 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-03-24 16:10 11,264 a------- c:\windows\system32\SpOrder.dll
2009-03-24 16:08 --d----- c:\windows\Internet Logs
2009-03-24 14:16 --d----- c:\documents and settings\nila\.SunDownloadManager
2009-03-24 14:03 --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-03-24 14:24 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 07:08 1,847,552 a------- c:\windows\system32\win32k.sys
2009-02-02 12:52 128 a------- c:\docume~1\nila\applic~1\wklnhst.dat
2009-01-29 20:29 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-29 20:29 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-29 20:28 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-24 20:52 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 18:00:11.65 ===============

Hello.
This looks fine now, how's the machine running?

seems to bring up Web pages quicker now,, Should I install zone firewall and or anti virus.. AVG did not seem to prevent this from happening. That and tell my wife to stay off of D-list and Perez Hilton!!! which is where I think she picked this up. thoughts

I did another quick scan and it found 2 more trojan horses . I will send report.

nevermind, it was AVG popping on top pf MBAM. sorry. But I would like to your thoughts on AVG. Should I install something else like Zone firewall/antivirus.

man these mini 9s are a pain to type on...the above should of been

"never mind, it was AVG popping on top of MBAM, sorry. But I would like to know your thoughts on AVG. Should I install something else like Zone firewall/anti virus or just upgrade to AVG 8.5.283

Heh.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.