xXallergicXx

Hi Here is the DDS and GMER logs. 'Attach' file is zipped and attached. Thanks Crystal DDS (Ver_09-12-01.01) - NTFSx86 Run by Crystal & Addz at 11:41:21.89 on Tue 09/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.511.66 [GMT 10:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\vVX1000.exe C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Crystal & Addz.HOME-8B021C13CE\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.au/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX1000] c:\windows\vVX1000.exe mRun: [bigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189190842093 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\crysta~1.hom\applic~1\mozilla\firefox\profiles\mppc2bn9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-28 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-28 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-28 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-28 56816] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-8-17 235648] S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\bt848.sys [2002-5-13 261696] S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2002-1-27 22016] S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2006-11-23 87424] S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2006-12-13 87040] S3 SNCT511;PC Camera (6005 CIF);c:\windows\system32\drivers\snct511.sys [2007-8-24 219264] =============== Created Last 30 ================ 2010-03-09 01:40:54 524288 ----a-w- c:\program files\dds.scr 2010-03-07 10:42:42 30780 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-06 01:51:11 0 ----a-w- c:\documents and settings\crystal & addz.home-8b021c13ce\defogger_reenable 2010-03-05 04:15:29 1955472 ----a-w- c:\program files\install_flash_player_ax.exe 2010-03-05 04:04:56 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe 2010-03-05 04:00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-03-05 03:49:12 0 d-----w- c:\documents and settings\crystal & addz.home-8b021c13ce\.SunDownloadManager 2010-03-05 00:20:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-05 00:20:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 03:19:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-28 03:42:33 0 d-sh--w- c:\documents and settings\crystal & addz.home-8b021c13ce\PrivacIE 2010-02-28 02:15:52 0 d-----w- c:\windows\SxsCaPendDel 2010-02-28 02:02:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-02-28 01:56:58 0 d-----w- c:\program files\Lavasoft 2010-02-28 01:18:25 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-28 01:18:20 0 d-----w- c:\program files\Avira 2010-02-28 01:18:20 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Avira 2010-02-26 22:53:27 0 d-sha-r- C:\cmdcons 2010-02-23 17:03:11 0 d-----w- c:\docume~1\crysta~1.hom\applic~1\Malwarebytes 2010-02-23 17:03:03 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-08 23:53:24 0 d-----w- c:\docume~1\crysta~1.hom\applic~1\Office Genuine Advantage 2010-02-07 10:18:48 0 d--h--w- c:\windows\system32\GroupPolicy ==================== Find3M ==================== 2010-03-05 04:17:10 5527040 ----a-w- c:\program files\AdbeRdrUpd931_all_incr.msp 2010-03-05 03:59:51 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll 2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll ============= FINISH: 11:42:04.03 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-09 14:33:31 Windows 5.1.2600 Service Pack 2 Running: GMER.exe; Driver: C:\DOCUME~1\CRYSTA~1.HOM\LOCALS~1\Temp\fxtdapoc.sys ---- System - GMER 1.0.15 ---- SSDT F8BE3E9E ZwCreateKey SSDT F8BE3E94 ZwCreateThread SSDT F8BE3EA3 ZwDeleteKey SSDT F8BE3EAD ZwDeleteValueKey SSDT F8BE3EB2 ZwLoadKey SSDT F8BE3E80 ZwOpenProcess SSDT F8BE3E85 ZwOpenThread SSDT F8BE3EBC ZwReplaceKey SSDT F8BE3EB7 ZwRestoreKey SSDT F8BE3EA8 ZwSetValueKey SSDT F8BE3E8F ZwTerminateProcess ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583b41689 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Attach.zip

Hi there Yes that thread is correct. The procedure from "directions here" is what I was in the middle of when Defogger would not reboot my computer; so should I put Defogger back into 'enable' mode? It is still in 'disable' mode. I will continue with the directions. Thankyou Crystal

Hi While in another forum to get advice to remove a virus, I was asked to download Malwarebytes, run it, and post the log report. I downloaded it and ran the scan no probs...when it was finished I got an 'Access Denied" message while trying to access the log report. The face of the program did not change where you are supposed to click 'OK' and 'Show Results'. I have tried to uninstall the program (which I don't think was done properly because desktop icons remained) and install another in it's place but the results are always the same. I run this program on another computer but for some reason, cannot run it properly on this one. Upon joining the forum here I was asked to go through some procedures before posting to this group, one being to install MBAM and run it which resulted in the same results mentioned above and secondly to run DeFogger; well DeFogger is in disable mode but did not reboot my computer so now I don't know what to do. Can I just re-enable it? Thankyou for your help Crystal

Thanks for the welcome I will begin your suggestions today. Crystal

Hi While in another forum to get advice to remove a virus, I was asked to download Malwarebytes, run it, and post the log report. I downloaded it and ran the scan no probs...when it was finished I got an 'Access Denied" message while trying to access the log report. The face of the program did not change where you are supposed to click 'OK' and 'Show Results'. I have tried to uninstall the program (which I don't think was done properly because desktop icons remained) and install another in it's place but the results are always the same. I run this program on another computer but for some reason, cannot run it properly on this one. I was advised to seek help from this forum. Thankyou for your help Crystal