Inactive Advice needed for strange webcam viruses

Status
Not open for further replies.
Hi guys, I would really like some advice and instructions on what I should do for the results below. Also, if you could provide some insight and answer some of my questions, that would be really nice.

Some background: Today, my NOD32 antivirus was screwing up so I decided to reinstall it (I think this was my biggest mistake because there were some quarantine files). Do quarantined files affect me after I uninstall my antivirus?

The major malwares were from this webcam installer of mine that is a freeware I got from an Australian site (which I believe should have been trustable) since I lost my original installation disk. The malwares ran at startup in the form of edr.exe and efixaa.exe (these were files that my Eset had quaratined and I realised they were slowing me down, using 100% of my CPU process at startup).

These were my results:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7032

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/7/2011 12:08:55 AM
mbam-log-2011-07-07 (00-08-55).txt

Scan type: Quick scan
Objects scanned: 163608
Time elapsed: 19 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OHCFC34QK3 (Trojan.FraudPack.Gen) -> Value: OHCFC34QK3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JRPP572441 (Trojan.FraudPack.Gen) -> Value: JRPP572441 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java system update (Trojan.Agent) -> Value: java system update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate system (Trojan.Agent) -> Value: winupdate system -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java checksys (Trojan.Agent) -> Value: java checksys -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\administrator\local settings\Temp\Edr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Efixaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\132.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Edq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Eds.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gpkhdi\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\eumlm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\icvcc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\gaspci.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\rtpmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

dds results:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/30/2011 1:15:40 PM
System Uptime: 7/7/2011 12:51:46 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-8S648FX
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2813/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 52.225 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/7/2011 12:16:24 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
3 Mobile Broadband
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 4
C-Media WDM Audio Driver
Chuzzle Deluxe
Conduit Engine
EPSON Printer Software
EPSON Scan
ESET Smart Security
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
K-Lite Mega Codec Pack 7.0.0
Lyrics Plugin for Windows Media Player
MapleStory
Messenger Plus! 5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nexon Game Manager
PANDA-EGG
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Smart Defrag Server 2010 Trail
Tumblebugs
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
Varmintz Deluxe
VLC media player 1.1.9
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 5 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 12:12:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/7/2011 12:12:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde uagp35
7/6/2011 9:50:53 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2011 9:50:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
7/6/2011 12:59:06 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
7/6/2011 11:54:23 AM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
.
==== End Of File ===========================

and

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 0:53:18 on 2011-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.230 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\system32\wscntfy.exe
svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vnexpress.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Mobile Partner] "c:\program files\3 mobile broadband\3 Mobile Broadband.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\giuwch7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.blockautorefresh - true
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1308958311
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1308961538
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1308961418
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1308744676
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1307100386
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1308994998
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
FF - user.js: browser.download.dir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.download.lastDir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
FF - user.js: browser.startup.homepage_override.buildID - 20110615151330
FF - user.js: browser.startup.homepage_override.mstone - rv:5.0
FF - user.js: extensions.blocklist.pingCountTotal - 20
FF - user.js: extensions.blocklist.pingCountVersion - 3
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 3
FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{972ce4c6-7e08-4474-a285-3208198ce6fd}:5.0
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1307239442531},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1306823376156}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1308836872343},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1306823387781},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1307868115406}}}]
FF - user.js: extensions.lastAppVersion - 5.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1308963423
FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, Shift_JIS, ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1308963423
FF - user.js: places.history.expiration.transient_current_max_pages - 10726
FF - user.js: places.last_vacuum - 1307017819
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1307149454
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1309517650
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-21 100736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-6 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-06 14:19:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 14:19:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 13:43:35 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-07-06 13:43:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-06 11:49:03 195072 --sha-r- c:\windows\system32\l_intl9.dll
2011-07-06 03:07:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VS Revo Group
2011-07-06 03:07:07 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-06 03:01:12 -------- d-----w- c:\program files\Advanced System Care
2011-07-06 01:58:10 -------- d-----w- c:\program files\UlisesSoft
2011-07-06 01:48:55 -------- d-----w- c:\program files\VS Revo Group
2011-06-30 07:37:53 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VT_Software
2011-06-30 05:55:57 -------- d-----w- c:\program files\Warkeys
2011-06-26 13:42:04 349472 ----a-w- c:\windows\WindowsXP-KB822603-x86.exe
2011-06-26 13:42:03 344064 ----a-w- c:\windows\vsnp2std.exe
2011-06-26 13:42:03 270336 ----a-w- c:\windows\tsnp2std.exe
2011-06-26 13:42:02 25472 ----a-w- c:\windows\system32\drivers\sncamd.sys
2011-06-26 13:41:58 12212864 ----a-w- c:\windows\system32\drivers\snp2sxp.sys
2011-06-26 13:41:57 77824 ----a-w- c:\windows\system32\csnp2std.dll
2011-06-26 13:41:57 73728 ----a-w- c:\windows\system32\vsnp2std.dll
2011-06-26 13:41:57 151552 ----a-w- c:\windows\system32\rsnp2std.dll
2011-06-26 13:41:57 -------- d-----w- c:\program files\common files\snp2std
2011-06-23 13:47:50 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-23 13:47:49 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 09:36:01 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-23 08:50:00 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-06-23 08:50:00 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-06-23 08:48:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-06-23 08:26:28 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-23 08:26:15 -------- d-----w- c:\windows\Logs
2011-06-21 08:14:43 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-21 08:14:43 114432 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-21 08:14:43 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-21 08:14:43 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-06-19 03:14:29 -------- d-----w- c:\documents and settings\administrator\glGo
2011-06-19 03:03:11 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-19 03:03:11 233472 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-19 03:02:47 -------- d-----w- c:\program files\glGo
2011-06-17 11:34:17 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-06-17 11:34:17 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-06-17 11:34:12 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-06-17 11:34:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-06-17 11:34:10 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-06-17 11:34:10 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-06-17 11:34:09 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-06-17 11:34:07 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-06-17 11:34:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-06-17 11:34:05 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-06-17 11:34:05 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-06-17 11:33:59 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-06-17 11:33:59 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-06-17 11:33:57 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-06-17 11:33:57 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-06-17 11:33:05 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-06-17 11:33:04 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-06-17 11:33:03 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-06-17 11:33:01 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-06-17 11:33:01 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-06-17 11:32:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-06-17 11:20:11 81920 ----a-w- c:\windows\amcap.exe
2011-06-17 07:27:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Howei
2011-06-12 08:37:24 -------- d-----w- c:\documents and settings\administrator\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-06-12 08:24:20 -------- d-----w- c:\documents and settings\administrator\application data\HTC
2011-06-12 08:23:23 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
2011-06-12 08:23:01 -------- d-----w- c:\program files\Spirent Communications
2011-06-12 08:22:27 -------- d-----w- c:\program files\HTC
2011-06-12 08:21:56 -------- d-----w- c:\program files\MSXML 4.0
2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\winrm
2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-08 10:16:25 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-07 13:45:40 -------- d-----w- c:\documents and settings\administrator\application data\uTorrent
2011-06-07 13:21:04 -------- d-----w- c:\documents and settings\administrator\application data\Easeware
2011-06-07 13:14:09 -------- d-----w- c:\documents and settings\all users\application data\Driver Whiz
2011-06-07 03:53:52 -------- d-----w- c:\documents and settings\all users\application data\IObit
.
==================== Find3M ====================
.
2011-06-23 05:49:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-04 02:51:11 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F514D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f577d0]; MOV EAX, [0x82f5784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F6EAB8]
3 CLASSPNP[0xF8775FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005a[0x82F739E8]
5 ACPI[0xF86EC620] -> nt!IofCallDriver[0x804E37D5] -> [0x82FD8940]
\Driver\atapi[0x82F4DF38] -> IRP_MJ_CREATE -> 0x82F514D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F5131B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:56:05.00 ===============

I am unable to provide a GMER log as my computer freezes at the point in which it scans C:\WINDOWS\system\32\dhcpcsvc.dll. In addition, I have noted that there was one particular file/location which was highlited in red. It was \Device\Harddisk0\DR0 and it was something called TDL4@MBR code bas been found.

Please give me advice and I was wondering if installation of Eset (which I have yet to install again) will crash my computer if I have Malwarebytes as well. Malwarebytes has also blocked off 'outgoing' IP addresses. If you would like me to provide this as well, please ask.

*edited*

I forgot to mention, my computer has been unable to update properly in the past few weeks. I choose to update, it downloads and installs but it comes back up every time I restart computer.

Thanks in advance.
 
Welcome to TechSpot! You have multiple problems- and extensive infection from different malware- some of which may not remove completely and will put the system at risk

I seriously doubt you got all the ma;ware from just the web cam download. Please stop using torrent downloads and programs! These are file sharing program, along with your Vuze Remote Toolbar and the Conduit Engine which will all bring more malware!
===============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please download MBRCheck and save to your desktop
  • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    [o] Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    [o] Found non-standard or infected MBR.
    [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Paste this log to your next message.
=======================================
When that has been completed, please run the following:
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
==============================================
Please paste the 3 logs into your next reply.
 
Here are my scan results:

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0x826F4000 \WINDOWS\system32\KDCOM.DLL
0xF8B49000 \WINDOWS\system32\BOOTVID.dll
0xF86E6000 ACPI.sys
0xF8C35000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF86D5000 pci.sys
0xF8735000 isapnp.sys
0xF8CFD000 pciide.sys
0xF89B5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8745000 MountMgr.sys
0xF86B6000 ftdisk.sys
0xF8C37000 dmload.sys
0xF8690000 dmio.sys
0xF89BD000 PartMgr.sys
0xF8CFE000 siside.sys
0xF8755000 VolSnap.sys
0xF8678000 atapi.sys
0xF8765000 disk.sys
0xF8775000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8658000 fltMgr.sys
0xF8646000 sr.sys
0xF862F000 KSecDD.sys
0xF85A2000 Ntfs.sys
0xF8575000 NDIS.sys
0xF8785000 uagp35.sys
0xF8B4D000 sisperf.sys
0xF8795000 sisidex.sys
0xF87A5000 SISAGPX.sys
0xF855B000 Mup.sys
0xF89A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7C31000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF7C1D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF87D5000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF87E5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF87F5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BFA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7825000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7801000 \SystemRoot\system32\drivers\portcls.sys
0xF8805000 \SystemRoot\system32\drivers\drmk.sys
0xF8A15000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A1D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
0xF76A8000 \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
0xF7600000 \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
0xF8A25000 \SystemRoot\System32\Drivers\Modem.SYS
0xF75EE000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF8A7D000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7D28000 \SystemRoot\system32\DRIVERS\serial.sys
0xF84EF000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF709E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7D18000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A85000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A8D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF84EB000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF8DC6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7D08000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF84E7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7087000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7CF8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8855000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A95000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7076000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8865000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF1299000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF1291000 \SystemRoot\system32\DRIVERS\raspti.sys
0xEB81D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xEB981000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8CCF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEB903000 \SystemRoot\system32\DRIVERS\update.sys
0xECD85000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF1447000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF1437000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8CDB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF137F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEC922000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF1422000 \SystemRoot\System32\Drivers\Null.SYS
0xEC920000 \SystemRoot\System32\Drivers\Beep.SYS
0xF1394000 \SystemRoot\System32\drivers\vga.sys
0xEC91E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xEC91C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF15A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF1730000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF1601000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE7CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE774000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE74C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE72A000 \SystemRoot\System32\drivers\afd.sys
0xF1496000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE6FF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE68F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF1486000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE669000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF1AD4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF1AA4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF1B7D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAE64F000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF1B6D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAE637000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xEBAB3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF1982000 \SystemRoot\System32\drivers\Dxapi.sys
0xF1B5D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8E17000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF048000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\ati3duag.dll
0xBF24E000 \SystemRoot\System32\ativvaxx.dll
0xBF2CD000 \SystemRoot\System32\ATMFD.DLL
0xF196A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF171A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAE50A000 \SystemRoot\system32\drivers\wdmaud.sys
0xF1A84000 \SystemRoot\system32\drivers\sysaudio.sys
0xAE55B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7D88000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xAE322000 \SystemRoot\system32\DRIVERS\srv.sys
0xAE011000 \SystemRoot\System32\Drivers\HTTP.sys
0xADCB9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
524 C:\WINDOWS\system32\smss.exe
616 csrss.exe
640 C:\WINDOWS\system32\winlogon.exe
688 C:\WINDOWS\system32\services.exe
700 C:\WINDOWS\system32\lsass.exe
880 C:\WINDOWS\system32\svchost.exe
944 svchost.exe
984 C:\WINDOWS\system32\svchost.exe
1036 svchost.exe
1324 C:\WINDOWS\explorer.exe
1424 C:\WINDOWS\system32\svchost.exe
1508 C:\WINDOWS\system32\spoolsv.exe
1748 C:\Program Files\Java\jre6\bin\jqs.exe
1836 C:\WINDOWS\system32\svchost.exe
1968 C:\WINDOWS\system32\wuauclt.exe
280 C:\Program Files\IObit\Game Booster\GameBox.exe
424 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
432 C:\WINDOWS\soundman.exe
472 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
480 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
488 C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
500 C:\Program Files\Common Files\Java\Java Update\jusched.exe
516 C:\WINDOWS\system32\ctfmon.exe
540 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
552 C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
588 C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
1548 svchost.exe
1360 C:\WINDOWS\system32\wscntfy.exe
2056 alg.exe
2756 C:\Program Files\Mozilla Firefox\firefox.exe
3172 C:\Program Files\Mozilla Firefox\plugin-container.exe
3376 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.06

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

ckfies:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\my documents\downloads\revo.uninstaller.pro.v2.5.3.tano1221\revo uninstaller pro v2.5.3\keygen.exe
c:\documents and settings\administrator\my documents\downloads\ta\crack\gamebooster.exe
c:\documents and settings\administrator\my documents\downloads\ta\crack\license.dat
c:\documents and settings\administrator\my documents\downloads\ta\crack\madexcept_.bpl
c:\documents and settings\thanh\my documents\downloads\iobit collection [ all products ] == full versions ==\iobit smart defrag server 2010 cracked [pazdog]\defragserver2010trial.exe
c:\documents and settings\thanh\my documents\downloads\iobit collection [ all products ] == full versions ==\iobit smart defrag server 2010 cracked [pazdog]\iobit smartdefrag.exe
c:\documents and settings\thanh\my documents\downloads\iobit collection [ all products ] == full versions ==\iobit smart defrag server 2010 cracked [pazdog]\readme.txt
scanner sequence 3.GL.11.VOAPXK
----- EOF -----

I am unable to provide a combo.exe scan. I can give detail on what happens though. During the initial scan and fix-up on registries, it says that a registry called "hiv-backup" is corrupted and cannot be fixed, replaced etc. The end result of the combo.exe scan was that it found a rootkey and tells me to restart my computer. It restarts and I get no log which is why I am unable to provide it.

Could you tell me the worse that could happen with these viruses and malware?

Also, please explain "Vuze Remote Toolbar and the Conduit Engine which will all bring more malware!" I have no idea what these are. As for the torrenting programs, I will stop with your advice.
 
14 ways to get Infected without trying

A little bit of humour but also based on fact.

1) Look for cracks, subdivided in illegal software and ....
c:\documents and settings\administrator\my documents\downloads\revo.uninstaller.pro.v2.5.3.tano1221\revo uninstaller pro v2.5.3\keygen.exe
c:\documents and settings\administrator\my documents\downloads\ta\crack\gamebooster.exe
c:\documents and settings\administrator\my documents\downloads\ta\crack\license.dat
c:\documents and settings\administrator\my documents\downloads\ta\crack\madexcept_.bpl;c
:\documents and settingsthanhh\my documents\downloadsiobitt collection [ all products ] == full versions ==iobitt smartdefragg server 2010 cracked pazdogg]defragserver2010triallexee
c:\documents and settingsthanhh\my documents\downloadsiobitt collection [ all products ] == full versions ==iobitt smartdefragg server 2010 cracked pazdogg]iobittsmartdefraggexee
c:\documents and settingsthanhh\my documents\downloadsiobitt collection [ all products ] == full versions ==iobitt smartdefragg server 2010 cracked [pazdog]\readme.txt
2) Practice unsafe hex, browse the web for freepOrnn
3) Look for software that adds smileys to your posts, mail etc
4) Look for kewll skins, screensaverss etc
5) Look for spyware removers, concentrate on the kind that makes you pay before it removes anything
6) Install a P2P program and repeat all of the above
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
P2P or 'file sharing Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall fire sharing programs for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.
Please read the information on P2P Warning to help you better understand these dangers..

7) You always want the best; use p2p to download anti-virus/firewall software
8) Do NOT pay for anything, the internet is a place where you can steal anything from everyone without even saying as much as thank you
c:\documents and settings\administrator\my documents\downloads\revo.uninstaller.pro.v2.5.3.tano1221\revo uninstaller pro v2.5.3\keygen.exe
c:\documents and settings\administrator\my documents\downloads\ta\crackgameboosterrexee
c:\documents and settings\administrator\my documents\downloads\ta\crack\licensedatt
c:\documents and settings\administrator\my documents\downloads\ta\crackmadexcept__bpl;c
c:\documents and settingthanhnh\my documents\downloadiobitit collection [ all products ] == full versions =iobitit smardefragag server 2010 crackedpazdogogdefragserver2010trialaexexe
c:\documents and settingthanhnh\my documents\downloadiobitit collection [ all products ] == full versions =iobitit smardefragag server 2010 crackedpazdogogiobitismartdefragaexexe
c:\documents and settingthanhnh\my documents\downloadiobitit collection [ all products ] == full versions =iobitit smardefragag server 2010 cracked [pazdog]\readme.txt
9) Don't have/use/update antivirus/security software
10) Look for poker games slot machineses and other gambling outfits
11) Look for ringtones and other stuff to bling your phone
12) Click on those unexpected links and attachments in email, because you're curious...
13) Do loan your laptop to the next door neighbour for the weekend and give him your Admin account login so he can get his project done with no hassles
14) Let the Babysitter use your laptop for 'schoolwork'
Thanks to Metallicaca for most of those and Calamity Jane bitman, Lonny, shelf life. :

All of the above may not apply to you- but I suspect many do.
===============================================
Why you should not download the Conduit Engine:
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
  • Conduit sells search engines to sites that install the engine to hijack home pages.
  • This spyware 'search engine' that refers unwilling users to advertisers deserves a better answer than what is below sooner, rather than later.
  • Conduit bundles a hidden "toolbar" and other apps with other companies' software, pays them a kickback because they are willing to hide from the end user that Conduit products are being allowed to install secretly alongside what the user actually wanted.

These options are not necessarily good or safe.
Right-click menu: Conduit Engine comes with an extensive right-click menu that includes the following options and more:
  • Share via all the major social networks.
  • Get more apps from the same publisher in the Conduit App Marketplace (opens a page in the Marketplace sorted to display only the publisher's apps).
  • Manage your apps including show/hide, move left/right, etc.
==============================================
To continue support, you will need to remove the pirated programs or apps.

Note: The Google Spell check parsed some of the entries. I think I found and fix them but an entry may have gotten through,
 
Status
Not open for further replies.
Back