Win32/Cryptor + WinPC Antivirus - Help request

DDS (Ver_09-05-14.01) - NTFSx86
Run by tony at 20:44:23.79 on 24/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2046.1292 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Documents and Settings\tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tony\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.automaticbacklinks.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - c:\program files\seoquake\seoquake.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - c:\program files\seoquake\seoquake.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\20dqpwky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npnul32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-20 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-11-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-20 108552]
R1 b7521cd3-361f-4d6c-a588-7efef60ecb81;b7521cd3-361f-4d6c-a588-7efef60ecb81;c:\windows\iprot\b7521cd3-361f-4d6c-a588-7efef60ecb81\PhysMem.sys [2008-12-19 3584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-20 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-20 298776]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2007-11-19 754688]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-5 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-19 812544]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2007-11-19 169984]
S3 photonau;photonau;c:\windows\system32\drivers\photonau.sys [2009-2-27 46080]
S3 rrau0002;rrau0002;c:\windows\system32\drivers\rrau0002.sys [2007-11-24 24576]
S3 rrwd0002;rrwd0002;c:\windows\system32\drivers\rrwd0002.sys [2007-11-24 97280]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-4-12 120168]

=============== Created Last 30 ================

2009-05-23 19:13 161,792 a------- c:\windows\SWREG.exe
2009-05-23 19:13 139,776 a------- c:\windows\PEV.exe
2009-05-23 19:13 98,816 a------- c:\windows\sed.exe
2009-05-23 17:18 --d----- c:\program files\Trend Micro
2009-05-15 18:47 434,688 a------- c:\windows\system32\ss2uinst.exe
2009-05-02 11:28 --d----- c:\docume~1\tony\applic~1\Spotify
2009-05-02 11:28 --d----- c:\program files\Spotify

==================== Find3M ====================

2009-05-09 10:51 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 10:51 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-09 10:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 20:44:43.62 ===============

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\PEV.exe
c:\windows\sed.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Here's the combofix log:

ComboFix 09-05-23.01 - tony 24/05/2009 22:38.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2046.1387 [GMT 1:00]
Running from: c:\documents and settings\tony\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\tony\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\PEV.exe
c:\windows\sed.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\PEV.exe
c:\windows\sed.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 16:18 . 2009-05-23 16:18 -------- d-----w c:\program files\Trend Micro
2009-05-21 18:02 . 2009-05-09 09:51 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-21 18:02 . 2009-05-09 09:51 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-21 18:02 . 2009-05-09 09:51 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-21 18:02 . 2009-05-09 09:51 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-21 18:02 . 2009-05-09 09:51 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-21 18:02 . 2009-05-09 09:51 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-21 18:02 . 2009-05-09 09:51 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-21 18:01 . 2009-05-09 09:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-21 18:01 . 2009-05-09 09:49 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-17 11:39 . 2009-05-17 11:39 57344 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-2d861388-n\Decora-SSE.dll
2009-05-17 11:39 . 2009-05-17 11:39 24064 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-62762942-n\Decora-D3D.dll
2009-05-17 11:39 . 2009-05-17 11:39 315392 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7344b5ac-n\jogl.dll
2009-05-17 11:39 . 2009-05-17 11:39 20480 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7344b5ac-n\jogl_awt.dll
2009-05-17 11:39 . 2009-05-17 11:39 114688 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7344b5ac-n\jogl_cg.dll
2009-05-17 11:39 . 2009-05-17 11:39 499712 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2e78a161-n\msvcp71.dll
2009-05-17 11:39 . 2009-05-17 11:39 499712 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2e78a161-n\jmc.dll
2009-05-17 11:39 . 2009-05-17 11:39 348160 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-2e78a161-n\msvcr71.dll
2009-05-17 11:39 . 2009-05-17 11:39 20480 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-2255fff4-n\gluegen-rt.dll
2009-05-17 11:36 . 2009-05-17 11:36 152576 ----a-w c:\documents and settings\tony\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-16 08:29 . 2009-05-09 09:51 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-16 08:29 . 2009-05-09 09:51 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-15 17:47 . 2009-05-15 17:46 434688 ----a-w c:\windows\system32\ss2uinst.exe
2009-05-02 10:28 . 2009-05-09 15:09 -------- d-----w c:\documents and settings\tony\Application Data\Spotify
2009-05-02 10:28 . 2009-05-02 10:28 -------- d-----w c:\documents and settings\tony\Local Settings\Application Data\Spotify
2009-05-02 10:28 . 2009-05-02 10:28 -------- d-----w c:\program files\Spotify

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 21:41 . 2008-02-10 13:36 -------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-05-24 21:03 . 2007-11-19 16:52 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 19:21 . 2008-12-21 11:12 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-05-23 13:25 . 2008-02-23 13:38 -------- d-----w c:\documents and settings\tony\Application Data\StumbleUpon
2009-05-17 17:26 . 2007-11-24 06:05 -------- d-----w c:\program files\FlashFXP
2009-05-17 11:38 . 2007-12-02 10:49 -------- d-----w c:\program files\Java
2009-05-17 11:26 . 2009-03-17 19:28 -------- d-----w c:\program files\Flock
2009-05-17 11:26 . 2008-03-10 12:37 -------- d-----w c:\program files\digiXMAS
2009-05-17 11:13 . 2008-12-21 18:04 -------- d-----w c:\program files\CCleaner
2009-05-16 20:50 . 2008-12-23 06:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 17:10 . 2008-12-22 22:18 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-09 09:51 . 2008-07-20 12:11 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-09 09:51 . 2008-07-20 12:11 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-09 09:51 . 2007-11-25 15:33 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-09 09:51 . 2008-07-20 12:11 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-05 07:59 . 2008-11-08 11:03 -------- d-----w c:\program files\SEOSpyGlass
2009-04-24 19:07 . 2008-02-23 13:38 -------- d-----w c:\program files\StumbleUpon
2009-04-06 14:32 . 2008-12-23 06:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-12-23 06:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 13:43 . 2009-04-10 18:17 43008 ----a-w c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-03-24 13:43 . 2009-04-10 18:17 43008 ----a-w c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-03-24 13:43 . 2009-04-10 18:17 235520 ----a-w c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-03-24 13:43 . 2009-04-10 18:17 338432 ----a-w c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-03-24 13:42 . 2009-04-10 18:17 235008 ----a-w c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-03-24 13:42 . 2009-04-10 18:17 345088 ----a-w c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-03-09 04:19 . 2009-02-08 21:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-03 23:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-03 23:56 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-23_18.27.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-24 07:32 . 2009-05-24 07:32 16384 c:\windows\temp\Perflib_Perfdata_538.dat
+ 2009-05-24 07:32 . 2009-05-24 07:32 16384 c:\windows\temp\Perflib_Perfdata_510.dat
+ 2008-06-18 04:52 . 2009-05-24 15:18 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"Google Update"="c:\documents and settings\tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-02 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-05 8429568]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2007-04-05 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-05 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-3-14 2756608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 08:35 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 09:51 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi2"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"RemoteRegistry"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2008 13:11 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2008 13:11 108552]
R1 b7521cd3-361f-4d6c-a588-7efef60ecb81;b7521cd3-361f-4d6c-a588-7efef60ecb81;c:\windows\iprot\b7521cd3-361f-4d6c-a588-7efef60ecb81\PhysMem.sys [19/12/2008 17:12 3584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [04/12/2008 14:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/12/2008 14:50 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2008 13:11 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2008 13:11 298776]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [19/11/2007 19:06 754688]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/12/2008 14:50 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [05/04/2007 04:03 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [19/11/2007 17:56 812544]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [19/11/2007 17:52 169984]
S3 photonau;photonau;c:\windows\system32\drivers\photonau.sys [27/02/2009 19:49 46080]
S3 rrau0002;rrau0002;c:\windows\system32\drivers\rrau0002.sys [24/11/2007 08:26 24576]
S3 rrwd0002;rrwd0002;c:\windows\system32\drivers\rrwd0002.sys [24/11/2007 08:26 97280]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [12/04/2009 19:19 120168]
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-19 09:24]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2139871995-725345543-1003.job
- c:\documents and settings\tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 17:30]

2009-05-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.automaticbacklinks.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\20dqpwky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\tony\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npnul32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 22:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-05-24 22:44
ComboFix-quarantined-files.txt 2009-05-24 21:44
ComboFix2.txt 2009-05-23 19:18
ComboFix3.txt 2009-05-23 18:28

Pre-Run: 144,467,947,520 bytes free
Post-Run: 144,453,656,576 bytes free

219 --- E O F --- 2009-04-23 20:00

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Hi -
Done - Combofix uninstalled.

Machine appears to be running well. It seems to boot faster than it has for a while.

You've done a fantastic job - greatly appreciated.

Glad we could help


We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Once again -
Thanks for your excellent expert assistance and advice.

It was my pleasure