TechSpot

Advice needed for strange webcam viruses

By cantubia
Jul 6, 2011
  1. Hi guys, I would really like some advice and instructions on what I should do for the results below. Also, if you could provide some insight and answer some of my questions, that would be really nice.

    Some background: Today, my NOD32 antivirus was screwing up so I decided to reinstall it (I think this was my biggest mistake because there were some quarantine files). Do quarantined files affect me after I uninstall my antivirus?

    The major malwares were from this webcam installer of mine that is a freeware I got from an Australian site (which I believe should have been trustable) since I lost my original installation disk. The malwares ran at startup in the form of edr.exe and efixaa.exe (these were files that my Eset had quaratined and I realised they were slowing me down, using 100% of my CPU process at startup).

    These were my results:
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7032

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/7/2011 12:08:55 AM
    mbam-log-2011-07-07 (00-08-55).txt

    Scan type: Quick scan
    Objects scanned: 163608
    Time elapsed: 19 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OHCFC34QK3 (Trojan.FraudPack.Gen) -> Value: OHCFC34QK3 -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JRPP572441 (Trojan.FraudPack.Gen) -> Value: JRPP572441 -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java system update (Trojan.Agent) -> Value: java system update -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate system (Trojan.Agent) -> Value: winupdate system -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java checksys (Trojan.Agent) -> Value: java checksys -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\administrator\local settings\Temp\Edr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\WINDOWS\Efixaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\132.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\Edq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\Eds.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\gpkhdi\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
    c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\eumlm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\icvcc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\gaspci.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\rtpmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    dds results:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/30/2011 1:15:40 PM
    System Uptime: 7/7/2011 12:51:46 AM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-8S648FX
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2813/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 52.225 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM (CDFS)
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 7/7/2011 12:16:24 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    3 Mobile Broadband
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Advanced SystemCare 4
    C-Media WDM Audio Driver
    Chuzzle Deluxe
    Conduit Engine
    EPSON Printer Software
    EPSON Scan
    ESET Smart Security
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    Java Auto Updater
    Java DB 10.6.2.1
    Java(TM) 6 Update 26
    Java(TM) SE Development Kit 6 Update 24
    K-Lite Mega Codec Pack 7.0.0
    Lyrics Plugin for Windows Media Player
    MapleStory
    Messenger Plus! 5
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nexon Game Manager
    PANDA-EGG
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Smart Defrag Server 2010 Trail
    Tumblebugs
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    uTorrentBar Toolbar
    Varmintz Deluxe
    VLC media player 1.1.9
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    WinRAR 4.00 beta 5 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2011 12:12:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    7/7/2011 12:12:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde uagp35
    7/6/2011 9:50:53 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2011 9:50:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
    7/6/2011 12:59:06 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
    7/6/2011 11:54:23 AM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
    .
    ==== End Of File ===========================

    and

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 0:53:18 on 2011-07-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.230 [GMT 10:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\IObit\Game Booster\GameBox.exe
    C:\WINDOWS\system32\wscntfy.exe
    svchost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
    C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://vnexpress.net/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Mobile Partner] "c:\program files\3 mobile broadband\3 Mobile Broadband.exe"
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
    mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\giuwch7e.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    # Mozilla User Preferences
    .
    /* Do not edit this file.
    *
    * If you make changes to this file while the application is running,
    * the changes will be overwritten when the application exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
    */
    .
    FF - user.js: accessibility.blockautorefresh - true
    FF - user.js: accessibility.typeaheadfind.flashBar - 0
    FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1308958311
    FF - user.js: app.update.lastUpdateTime.background-update-timer - 1308961538
    FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1308961418
    FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1308744676
    FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1307100386
    FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1308994998
    FF - user.js: browser.cache.disk.capacity - 1048576
    FF - user.js: browser.cache.disk.smart_size.first_run - false
    FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
    FF - user.js: browser.download.dir - c:\\documents and settings\\administrator\\Desktop
    FF - user.js: browser.download.folderList - 0
    FF - user.js: browser.download.lastDir - c:\\documents and settings\\administrator\\Desktop
    FF - user.js: browser.feeds.showFirstRunUI - false
    FF - user.js: browser.history_expire_days.mirror - 180
    FF - user.js: browser.migration.version - 5
    FF - user.js: browser.places.importBookmarksHTML - false
    FF - user.js: browser.places.smartBookmarksVersion - 2
    FF - user.js: browser.rights.3.shown - true
    FF - user.js: browser.shell.checkDefaultBrowser - false
    FF - user.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - user.js: browser.startup.homepage_override.buildID - 20110615151330
    FF - user.js: browser.startup.homepage_override.mstone - rv:5.0
    FF - user.js: extensions.blocklist.pingCountTotal - 20
    FF - user.js: extensions.blocklist.pingCountVersion - 3
    FF - user.js: extensions.bootstrappedAddons - {}
    FF - user.js: extensions.databaseSchema - 3
    FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{972ce4c6-7e08-4474-a285-3208198ce6fd}:5.0
    FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
    FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1307239442531},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1306823376156}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1308836872343},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1306823387781},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1307868115406}}}]
    FF - user.js: extensions.lastAppVersion - 5.0
    FF - user.js: extensions.pendingOperations - false
    FF - user.js: idle.lastDailyNotification - 1308963423
    FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, Shift_JIS, ISO-8859-1, UTF-8
    FF - user.js: network.cookie.prefsMigrated - true
    FF - user.js: places.database.lastMaintenance - 1308963423
    FF - user.js: places.history.expiration.transient_current_max_pages - 10726
    FF - user.js: places.last_vacuum - 1307017819
    FF - user.js: pref.browser.homepage.disable_button.current_page - false
    FF - user.js: privacy.sanitize.migrateFx3Prefs - true
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: storage.vacuum.last.index - 1
    FF - user.js: storage.vacuum.last.places.sqlite - 1307149454
    FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1309517650
    FF - user.js: xpinstall.whitelist.add -
    FF - user.js: xpinstall.whitelist.add.36 -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-21 100736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-6 27064]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-07-06 14:19:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 14:19:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-06 14:19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-07-06 13:43:35 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2011-07-06 13:43:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-07-06 11:49:03 195072 --sha-r- c:\windows\system32\l_intl9.dll
    2011-07-06 03:07:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VS Revo Group
    2011-07-06 03:07:07 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-07-06 03:01:12 -------- d-----w- c:\program files\Advanced System Care
    2011-07-06 01:58:10 -------- d-----w- c:\program files\UlisesSoft
    2011-07-06 01:48:55 -------- d-----w- c:\program files\VS Revo Group
    2011-06-30 07:37:53 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VT_Software
    2011-06-30 05:55:57 -------- d-----w- c:\program files\Warkeys
    2011-06-26 13:42:04 349472 ----a-w- c:\windows\WindowsXP-KB822603-x86.exe
    2011-06-26 13:42:03 344064 ----a-w- c:\windows\vsnp2std.exe
    2011-06-26 13:42:03 270336 ----a-w- c:\windows\tsnp2std.exe
    2011-06-26 13:42:02 25472 ----a-w- c:\windows\system32\drivers\sncamd.sys
    2011-06-26 13:41:58 12212864 ----a-w- c:\windows\system32\drivers\snp2sxp.sys
    2011-06-26 13:41:57 77824 ----a-w- c:\windows\system32\csnp2std.dll
    2011-06-26 13:41:57 73728 ----a-w- c:\windows\system32\vsnp2std.dll
    2011-06-26 13:41:57 151552 ----a-w- c:\windows\system32\rsnp2std.dll
    2011-06-26 13:41:57 -------- d-----w- c:\program files\common files\snp2std
    2011-06-23 13:47:50 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-06-23 13:47:49 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-06-23 09:36:01 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-06-23 08:50:00 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2011-06-23 08:50:00 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2011-06-23 08:48:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
    2011-06-23 08:26:28 -------- d--h--w- c:\windows\msdownld.tmp
    2011-06-23 08:26:15 -------- d-----w- c:\windows\Logs
    2011-06-21 08:14:43 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2011-06-21 08:14:43 114432 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2011-06-21 08:14:43 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2011-06-21 08:14:43 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
    2011-06-19 03:14:29 -------- d-----w- c:\documents and settings\administrator\glGo
    2011-06-19 03:03:11 81920 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-06-19 03:03:11 233472 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-06-19 03:02:47 -------- d-----w- c:\program files\glGo
    2011-06-17 11:34:17 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2011-06-17 11:34:17 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2011-06-17 11:34:12 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
    2011-06-17 11:34:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2011-06-17 11:34:10 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
    2011-06-17 11:34:10 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2011-06-17 11:34:09 16384 ----a-w- c:\windows\system32\ipsink.ax
    2011-06-17 11:34:07 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
    2011-06-17 11:34:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2011-06-17 11:34:05 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2011-06-17 11:34:05 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2011-06-17 11:33:59 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2011-06-17 11:33:59 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2011-06-17 11:33:57 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
    2011-06-17 11:33:57 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2011-06-17 11:33:05 28672 ----a-w- c:\windows\system32\vidcap.ax
    2011-06-17 11:33:04 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2011-06-17 11:33:03 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2011-06-17 11:33:01 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2011-06-17 11:33:01 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2011-06-17 11:32:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2011-06-17 11:20:11 81920 ----a-w- c:\windows\amcap.exe
    2011-06-17 07:27:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Howei
    2011-06-12 08:37:24 -------- d-----w- c:\documents and settings\administrator\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    2011-06-12 08:24:20 -------- d-----w- c:\documents and settings\administrator\application data\HTC
    2011-06-12 08:23:23 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
    2011-06-12 08:23:01 -------- d-----w- c:\program files\Spirent Communications
    2011-06-12 08:22:27 -------- d-----w- c:\program files\HTC
    2011-06-12 08:21:56 -------- d-----w- c:\program files\MSXML 4.0
    2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\winrm
    2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-06-08 10:16:25 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-06-07 13:45:40 -------- d-----w- c:\documents and settings\administrator\application data\uTorrent
    2011-06-07 13:21:04 -------- d-----w- c:\documents and settings\administrator\application data\Easeware
    2011-06-07 13:14:09 -------- d-----w- c:\documents and settings\all users\application data\Driver Whiz
    2011-06-07 03:53:52 -------- d-----w- c:\documents and settings\all users\application data\IObit
    .
    ==================== Find3M ====================
    .
    2011-06-23 05:49:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-04 02:51:11 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-03 16:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F514D0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f577d0]; MOV EAX, [0x82f5784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F6EAB8]
    3 CLASSPNP[0xF8775FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005a[0x82F739E8]
    5 ACPI[0xF86EC620] -> nt!IofCallDriver[0x804E37D5] -> [0x82FD8940]
    \Driver\atapi[0x82F4DF38] -> IRP_MJ_CREATE -> 0x82F514D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x82F5131B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 0:56:05.00 ===============

    I am unable to provide a GMER log as my computer freezes at the point in which it scans C:\WINDOWS\system\32\dhcpcsvc.dll. In addition, I have noted that there was one particular file/location which was highlited in red. It was \Device\Harddisk0\DR0 and it was something called TDL4@MBR code bas been found.

    Please give me advice and I was wondering if installation of Eset (which I have yet to install again) will crash my computer if I have Malwarebytes as well. Malwarebytes has also blocked off 'outgoing' IP addresses. If you would like me to provide this as well, please ask.

    *edited*

    I forgot to mention, my computer has been unable to update properly in the past few weeks. I choose to update, it downloads and installs but it comes back up every time I restart computer.

    Thanks in advance.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! You have multiple problems- and extensive infection from different malware- some of which may not remove completely and will put the system at risk

    I seriously doubt you got all the ma;ware from just the web cam download. Please stop using torrent downloads and programs! These are file sharing program, along with your Vuze Remote Toolbar and the Conduit Engine which will all bring more malware!
    ===============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please download MBRCheck and save to your desktop
    • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.
    =======================================
    When that has been completed, please run the following:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ============================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    ==============================================
    Please paste the 3 logs into your next reply.
     
  3. cantubia

    cantubia TS Rookie Topic Starter

    Here are my scan results:

    MBR

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000007d

    Kernel Drivers (total 121):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EF000 \WINDOWS\system32\hal.dll
    0x826F4000 \WINDOWS\system32\KDCOM.DLL
    0xF8B49000 \WINDOWS\system32\BOOTVID.dll
    0xF86E6000 ACPI.sys
    0xF8C35000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF86D5000 pci.sys
    0xF8735000 isapnp.sys
    0xF8CFD000 pciide.sys
    0xF89B5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8745000 MountMgr.sys
    0xF86B6000 ftdisk.sys
    0xF8C37000 dmload.sys
    0xF8690000 dmio.sys
    0xF89BD000 PartMgr.sys
    0xF8CFE000 siside.sys
    0xF8755000 VolSnap.sys
    0xF8678000 atapi.sys
    0xF8765000 disk.sys
    0xF8775000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8658000 fltMgr.sys
    0xF8646000 sr.sys
    0xF862F000 KSecDD.sys
    0xF85A2000 Ntfs.sys
    0xF8575000 NDIS.sys
    0xF8785000 uagp35.sys
    0xF8B4D000 sisperf.sys
    0xF8795000 sisidex.sys
    0xF87A5000 SISAGPX.sys
    0xF855B000 Mup.sys
    0xF89A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7C31000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF7C1D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF87D5000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF87E5000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF87F5000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7BFA000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7825000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xF7801000 \SystemRoot\system32\drivers\portcls.sys
    0xF8805000 \SystemRoot\system32\drivers\drmk.sys
    0xF8A15000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF77DD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8A1D000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF77A7000 \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
    0xF76A8000 \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
    0xF7600000 \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
    0xF8A25000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF75EE000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
    0xF8A7D000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF7D28000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF84EF000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF709E000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7D18000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8A85000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8A8D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF84EB000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF8DC6000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7D08000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF84E7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF7087000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7CF8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8855000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF8A95000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF7076000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8865000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF1299000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF1291000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xEB81D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xEB981000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8CCF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xEB903000 \SystemRoot\system32\DRIVERS\update.sys
    0xECD85000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF1447000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF1437000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8CDB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF137F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xEC922000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF1422000 \SystemRoot\System32\Drivers\Null.SYS
    0xEC920000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF1394000 \SystemRoot\System32\drivers\vga.sys
    0xEC91E000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xEC91C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF15A0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF1730000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF1601000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAE7CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAE774000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAE74C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAE72A000 \SystemRoot\System32\drivers\afd.sys
    0xF1496000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAE6FF000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAE68F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF1486000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAE669000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF1AD4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF1AA4000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF1B7D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAE64F000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
    0xF1B6D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xAE637000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xEBAB3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF1982000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF1B5D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8E17000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF048000 \SystemRoot\System32\ati2cqag.dll
    0xBF080000 \SystemRoot\System32\ati3duag.dll
    0xBF24E000 \SystemRoot\System32\ativvaxx.dll
    0xBF2CD000 \SystemRoot\System32\ATMFD.DLL
    0xF196A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF171A000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xAE50A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF1A84000 \SystemRoot\system32\drivers\sysaudio.sys
    0xAE55B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF7D88000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xAE322000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAE011000 \SystemRoot\System32\Drivers\HTTP.sys
    0xADCB9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 34):
    0 System Idle Process
    4 System
    524 C:\WINDOWS\system32\smss.exe
    616 csrss.exe
    640 C:\WINDOWS\system32\winlogon.exe
    688 C:\WINDOWS\system32\services.exe
    700 C:\WINDOWS\system32\lsass.exe
    880 C:\WINDOWS\system32\svchost.exe
    944 svchost.exe
    984 C:\WINDOWS\system32\svchost.exe
    1036 svchost.exe
    1324 C:\WINDOWS\explorer.exe
    1424 C:\WINDOWS\system32\svchost.exe
    1508 C:\WINDOWS\system32\spoolsv.exe
    1748 C:\Program Files\Java\jre6\bin\jqs.exe
    1836 C:\WINDOWS\system32\svchost.exe
    1968 C:\WINDOWS\system32\wuauclt.exe
    280 C:\Program Files\IObit\Game Booster\GameBox.exe
    424 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    432 C:\WINDOWS\soundman.exe
    472 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
    480 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    488 C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    500 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    516 C:\WINDOWS\system32\ctfmon.exe
    540 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    552 C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
    588 C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    1548 svchost.exe
    1360 C:\WINDOWS\system32\wscntfy.exe
    2056 alg.exe
    2756 C:\Program Files\Mozilla Firefox\firefox.exe
    3172 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3376 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST380011A, Rev: 3.06

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    ckfies:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\administrator\my documents\downloads\revo.uninstaller.pro.v2.5.3.tano1221\revo uninstaller pro v2.5.3\keygen.exe
    c:\documents and settings\administrator\my documents\downloads\ta\crack\gamebooster.exe
    c:\documents and settings\administrator\my documents\downloads\ta\crack\license.dat
    c:\documents and settings\administrator\my documents\downloads\ta\crack\madexcept_.bpl
    c:\documents and settings\thanh\my documents\downloads\iobit collection [ all products ] == full versions ==\iobit smart defrag server 2010 cracked [pazdog]\defragserver2010trial.exe
    c:\documents and settings\thanh\my documents\downloads\iobit collection [ all products ] == full versions ==\iobit smart defrag server 2010 cracked [pazdog]\iobit smartdefrag.exe
    c:\documents and settings\thanh\my documents\downloads\iobit collection [ all products ] == full versions ==\iobit smart defrag server 2010 cracked [pazdog]\readme.txt
    scanner sequence 3.GL.11.VOAPXK
    ----- EOF -----

    I am unable to provide a combo.exe scan. I can give detail on what happens though. During the initial scan and fix-up on registries, it says that a registry called "hiv-backup" is corrupted and cannot be fixed, replaced etc. The end result of the combo.exe scan was that it found a rootkey and tells me to restart my computer. It restarts and I get no log which is why I am unable to provide it.

    Could you tell me the worse that could happen with these viruses and malware?

    Also, please explain "Vuze Remote Toolbar and the Conduit Engine which will all bring more malware!" I have no idea what these are. As for the torrenting programs, I will stop with your advice.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    All of the above may not apply to you- but I suspect many do.
    ===============================================
    Why you should not download the Conduit Engine:
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    • Conduit sells search engines to sites that install the engine to hijack home pages.
    • This spyware 'search engine' that refers unwilling users to advertisers deserves a better answer than what is below sooner, rather than later.
    • Conduit bundles a hidden "toolbar" and other apps with other companies' software, pays them a kickback because they are willing to hide from the end user that Conduit products are being allowed to install secretly alongside what the user actually wanted.

    These options are not necessarily good or safe.
    ==============================================
    To continue support, you will need to remove the pirated programs or apps.

    Note: The Google Spell check parsed some of the entries. I think I found and fix them but an entry may have gotten through,
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...