Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


am i still infected with this virus?hard drive partly damaged.

  • This topic is locked This topic is locked
2 replies to this topic

#1 curt08


  • Members
  • 1 posts
  • Local time:09:51 PM

Posted 21 November 2011 - 02:38 AM

GMER - http://www.gmer.net
Rootkit scan 2011-11-21 15:22:19
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00
Running: gmer.exe; Driver: C:\Users\CURTJU~1\AppData\Local\Temp\uwryqpow.sys

---- System - GMER 1.0.15 ----

SSDT 84E2ED10 ZwAlertResumeThread
SSDT 84E2EDF0 ZwAlertThread
SSDT 84DEB6F8 ZwAllocateVirtualMemory
SSDT 84CDC6A8 ZwAlpcConnectPort
SSDT 84E30650 ZwAssignProcessToJobObject
SSDT 84E2D4D0 ZwCreateMutant
SSDT 8A9F0A86 ZwCreateSection
SSDT 84E30370 ZwCreateSymbolicLinkObject
SSDT 84E0D630 ZwCreateThread
SSDT 84E30460 ZwCreateThreadEx
SSDT 84E30730 ZwDebugActiveProcess
SSDT 84E2DDC8 ZwDuplicateObject
SSDT 84E0B718 ZwFreeVirtualMemory
SSDT 84E2D5C0 ZwImpersonateAnonymousToken
SSDT 84E2EC30 ZwImpersonateThread
SSDT 83F1D4E0 ZwLoadDriver
SSDT 84E0B638 ZwMapViewOfSection
SSDT 84E2D3F0 ZwOpenEvent
SSDT 84E0D198 ZwOpenProcess
SSDT 84E4D210 ZwOpenProcessToken
SSDT 84E2D230 ZwOpenSection
SSDT 84E2DE98 ZwOpenThread
SSDT 84E30560 ZwProtectVirtualMemory
SSDT 8A9F0A90 ZwRequestWaitReplyPort
SSDT 84DB3200 ZwResumeThread
SSDT 8A9F0A8B ZwSetContextThread
SSDT 84E0B4A8 ZwSetInformationProcess
SSDT 8A9F0A95 ZwSetSecurityObject
SSDT 84E30810 ZwSetSystemInformation
SSDT 84E2D310 ZwSuspendProcess
SSDT 84E2EED0 ZwSuspendThread
SSDT 8A9F0A9A ZwSystemDebugControl
SSDT 8A9F0A27 ZwTerminateProcess
SSDT 84E2EF90 ZwTerminateThread
SSDT 84E0B578 ZwUnmapViewOfSection
SSDT 84DEB628 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81A7C579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AA0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 81AA8724 8 Bytes [10, ED, E2, 84, F0, ED, E2, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 81AA873C 4 Bytes [F8, B6, DE, 84]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 81AA8748 4 Bytes [A8, C6, CD, 84] {TEST AL, 0xc6; INT 0x84}
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 81AA879C 4 Bytes [50, 06, E3, 84] {PUSH EAX; PUSH ES; JECXZ 0xffffffffffffff88}
.text ntkrnlpa.exe!RtlSidHashLookup + 318 81AA8818 4 Bytes [D0, D4, E2, 84] {RCL AH, 0x1; LOOP 0xffffffffffffff88}
.text ...
? C:\Users\CURTJU~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Safari\Safari.exe[4424] USER32.dll!EndPaint 76E07B73 5 Bytes JMP 6358F560 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)
.text C:\Program Files\Safari\Safari.exe[4424] USER32.dll!BeginPaint 76E07B87 5 Bytes JMP 6358F4F0 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2af2e9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0ceee6f36cc3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0ceee6f36cc3@44f459391168 0xA7 0x29 0xB3 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2af2e9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0ceee6f36cc3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0ceee6f36cc3@44f459391168 0xA7 0x29 0xB3 0x9C ...

---- EOF - GMER 1.0.15 ----

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Run by curtjumaine at 13:49:35 on 2011-11-21
Microsoft Windows 7 Starter 6.1.7600.0.1252.65.1033.18.1015.231 [GMT 8:00]
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Safari\Safari.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://toolbar.blinkx.com?domainid=PIN05&version=0.5.64&toolbarid=fe435016-7d9f-429c-908a-5343e6af4d16
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_SG&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ph.yahoo.com
mStart Page = hxxp://ph.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBro0.dll
uURLSearchHooks: the blinkx toolbar: {f08555b0-9cc3-11d2-aa8e-000000000567} - c:\program files\blinkx remote toolbar\the_blinkx_shook.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBro0.dll
BHO: The blinkx Toolbar: {0069b690-7a2b-41c5-98ca-9f535b4c8532} - c:\program files\blinkx remote toolbar\the_blinkx_bho.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\\IPSBHO.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBro0.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\\coIEPlg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBro0.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Power2GoExpress]
uRun: [Google Update] "c:\users\curtjumaine\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [blinkx_toolbar] "c:\program files\blinkx remote toolbar\the_blinkx_toolbar.exe" -startservice
uRun: [VMCL] c:\program files\vodafone\vmclite\DongleEnumerator.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\curtju~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\curtju~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-sg\local\search.html
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: Interfaces\{6E52F226-8DCD-40B2-AD60-FCFC14EDDAAE} : DhcpNameServer =
TCP: Interfaces\{97F344EC-A22F-4D7F-9A64-223239653AAB} : DhcpNameServer =
TCP: Interfaces\{97F344EC-A22F-4D7F-9A64-223239653AAB}\35543425544502255434940554F5642554540275946494 : DhcpNameServer =
TCP: Interfaces\{97F344EC-A22F-4D7F-9A64-223239653AAB}\75962756C6563737043574 : DhcpNameServer =
TCP: Interfaces\{C22CB238-0CB2-4402-B48F-3F775E5BAC1E} : NameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\\CoIEPlg.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=en_US&apn_uid=C4D673BD-741B-4D2E-9CA2-921D169660D1&apn_ptnrs=OI&apn_sauid=EFD2FF84-DEA6-43AF-B462-0EADC3188F18&apn_dtid=VIN009YYSG&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\FFExternalAlert.dll
FF - component: c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\RadioWMPCore.dll
FF - component: c:\users\curtjumaine\appdata\roaming\mozilla\firefox\profiles\zwlij88x.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_blinkx_plugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\curtjumaine\appdata\local\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\users\curtjumaine\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - %profile%\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-19 310320]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-21 36000]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-19 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-19 467592]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-28 16984]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSvix86.sys [2010-2-20 343088]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\AEstSrv.exe [2010-10-16 81920]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-21 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-21 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-21 74640]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-9 323584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-21 366152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\\ccSvcHst.exe [2011-10-19 117648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-16 29472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-30 102448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-4-28 50688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-21 22216]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-16 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
=============== Created Last 30 ================
2011-11-21 04:54:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{51db30d7-e51c-400e-9d2b-38e3f6b3c9e3}\offreg.dll
2011-11-21 02:19:19 -------- d-----w- c:\program files\Vodafone
2011-11-21 02:18:06 11712512 ----a-w- C:\Vodafone Mobile Connect Lite.msi
2011-11-20 23:32:25 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{51db30d7-e51c-400e-9d2b-38e3f6b3c9e3}\mpengine.dll
2011-11-20 17:24:42 -------- d-----w- c:\users\curtjumaine\appdata\roaming\Malwarebytes
2011-11-20 17:24:27 -------- d-----w- c:\programdata\Malwarebytes
2011-11-20 17:24:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 17:24:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 17:05:29 -------- d-----w- c:\users\curtjumaine\appdata\roaming\Avira
2011-11-20 17:02:50 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-20 17:02:48 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-20 17:02:38 -------- d-----w- c:\programdata\Avira
2011-11-20 17:02:38 -------- d-----w- c:\program files\Avira
2011-11-20 15:42:21 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-11-20 13:18:28 346368 ---ha-w- c:\programdata\y3lTPeA5IRpx0Y.exe
2011-11-20 13:11:18 346368 ---ha-w- c:\programdata\8chWx7pHRTBbWK.exe
==================== Find3M ====================
2011-10-19 14:05:51 467592 ----a-w- c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys
2011-09-22 00:35:58 89976 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symfw.sys
2011-09-22 00:35:58 48760 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symndisv.sys
2011-09-22 00:35:58 36472 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symndis.sys
2011-09-22 00:35:58 33144 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symids.sys
2011-09-22 00:35:58 217464 ----a-w- c:\windows\system32\drivers\nis\1008030.006\symtdi.sys
============= FINISH: 13:51:46.62 ===============

DDS (Ver_2011-08-26.01)
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume3
Install Date: 27/12/2009 10:40:51 AM
System Uptime: 21/11/2011 12:49:54 PM (1 hours ago)
Motherboard: Hewlett-Packard | | 308F
Processor: Intel® Atom™ CPU N280 @ 1.66GHz | CPU 1 | 983/167mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 221 GiB total, 185.596 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.919 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP46: 24/5/2011 5:03:02 PM - Scheduled Checkpoint
RP47: 30/6/2011 12:41:05 AM - Scheduled Checkpoint
RP48: 25/7/2011 5:08:30 PM - Scheduled Checkpoint
RP49: 5/8/2011 9:20:57 PM - Scheduled Checkpoint
RP50: 22/10/2011 10:31:13 PM - Restore Operation
RP51: 21/11/2011 7:31:17 AM - Windows Update
RP52: 21/11/2011 10:08:37 AM - Removed Vodafone Mobile Connect Lite.
RP53: 21/11/2011 10:18:32 AM - Installed Vodafone Mobile Connect Lite.
==== Installed Programs ======================
50 FREE MP3s +1 Free Audiobook!
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 3
Ask Toolbar
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
blinkx Remote Toolbar
Broadcom 802.11 Wireless LAN Adapter
Brothersoft Toolbar
Chikka Messenger
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DivX Setup
Facebook Plug-In
GameHouse Super Games AIO®
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Games
HP Instant Web
HP Integrated Module with Bluetooth wireless technology
HP QuickSync
HP Setup
HP Support Assistant
HP Update
HP User Guides 0166
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel® Matrix Storage Manager
Java™ 6 Update 17
LimeWire 5.5.13
Malwarebytes' Anti-Malware version
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6)
Norton Internet Security
Norton Security Scan
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
Vodafone Mobile Connect Lite
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
21/11/2011 12:54:32 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C22CB238-0CB2-4402-B48F-3F775E5BAC1E} because another computer on the network has the same name. The server could not start.
20/11/2011 9:12:23 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
==== End Of File ===========================

done with this steps..but still my computer brodband VODAFONE can not use stating that "you must be in vodafone network to make a data connection"..i can find my google chrome browser and the reset of my files in my desktop..and it is still color black(desktop)..please help me.. thank you!!

BC AdBot (Login to Remove)


#2 HelpBot


    Bleepin' Binary Bot

  • Bots
  • 12,739 posts
  • Gender:Male
  • Local time:10:51 PM

Posted 26 November 2011 - 02:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:


Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428711 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.


Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.


We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot


    Bleepin' Binary Bot

  • Bots
  • 12,739 posts
  • Gender:Male
  • Local time:10:51 PM

Posted 01 December 2011 - 02:40 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users