Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer possibly infected, but I don't know what by


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sillyshmo

Sillyshmo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 06 March 2010 - 04:33 AM

I am running Windows XP SP3.

About a month ago, I accidentally downloaded a toolbar I really shouldn't have (MyWebSearch). Aside from some intermittent adware, it wasn't too big of an issue, and MalwareBytes got rid of it fairly quickly.

Earlier today, though, while running a routine MalwareBytes scan, I found some more stuff from that toolbar. Thinking nothing of it, I had MalwareBytes get rid of it, and it advised me to reboot, which I did. Unfortunately, upon rebooting, the quick-launch and open windows sections were gone from my taskbar, my messenger programs were no longer working (MSN wouldn't open at all, while no text showed up in Yahoo IM messages, including offline messages.) and start-up was fairly slow compared to normal (It takes about two minutes for any icons to show up, and the taskbar takes another half minute to show up afterward.).

Not getting any warnings or anything, I assumed it was just my computer being a douche (Which it's been known for on occasion.), and rebooted again. This time, though, the taskbar was gone completely, Internet Explorer no longer works and most of my usual programs no longer run. Some, such as Windows Media Player, simply don't open, without giving an error. Others, such as Photoshop, give me errors pertaining to such and such a file (It varies from program to program.) not being available or, in the case of After Effects, I get After Effects can't continue: sorry, After Effects has crashed.. I've tried to run MalwareBytes, but it only gives me a Control vbalgrid cannot be found in "vbalsgrid6.ocx" error. Other services give similar issues. Attempting to download and install other anti-virus services (Such as Kasparsky Anti-Virus.) invariably results in errors such as it being unable to find Windows Installation Utility. In addition to this, the clipboard seems to be unavailable, meaning I can't copy or cut anything, whether it be files, text, pictures or anything. I can't drag-and-drop, either (I can't even drag.).

My sound card is also apparently disabled, with no sound playing at all, and all error messages simply giving the CPU's built-in beep, even though the device manager says that it is enabled and working. In addition, when trying to reboot in safe mode, my computer hangs in a DOS screen while trying to load drivers for about 10 minutes, before it reboots the computer automatically in normal mode again. All of the same issues from the first reboot also remain.

Some anti-virus programs that have actually succeeded in running (Dr. Web's CureIt, for example.) haven't found anything out of the ordinary.

Unfortunately, I don't have a DDS.scr log file because that, too, crashes before it can generate the log files (It opens, but then quits automatically after a few seconds without doing anything.). I've got a gmer scan running right now, though, that appears to be working and detecting several issues. I have to get going right now, though, so I'll post it once it's finished and I get back on.

Any help would be greatly appreciated. I have recent files on my computer that I hadn't gotten around to backing up, and I would really rather not lose them to a hard drive wipe (Especially since I can't back it up now, given the lack of copy-pasting.). Thank you for taking a look at this.

________________________________________________________________________________

Edit:

Here's a HijackThis scan I did:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:19 PM, on 05/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\PowerISOB\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wpabaln.exe
G:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
G:\Program Files\National Instruments\MAX\nimxs.exe
G:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
G:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
G:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Spare\Prog\PaiTouch\drweb-cureit.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\RarSFX2\xl6xdm.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\RarSFX2\nw86rXP.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - G:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - G:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FG\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISOB\PWRISOVM.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Veoh] "G:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Uniblue Registry Booster] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-329068152-515967899-682003330-1004\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (User '?')
O4 - HKUS\S-1-5-21-329068152-515967899-682003330-1004\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-329068152-515967899-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-515967899-682003330-1004\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-329068152-515967899-682003330-1004\..\Run: [AlcoholAutomount] "G:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-515967899-682003330-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-329068152-515967899-682003330-1004 Startup: GameSpot Download Manager.lnk = G:\Program Files\DownloadManager\GameSpot\GameSpotDownloadManager_Win32.exe (User '?')
O4 - S-1-5-21-329068152-515967899-682003330-1004 Startup: MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GameSpot Download Manager.lnk = G:\Program Files\DownloadManager\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FG\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FG\FLASHGET\jc_link.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesca.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - G:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FG\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FG\FLASHGET\FLASHGET.EXE
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173708625343
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: SOzytQBllY - {396B18D7-93C1-B27D-CD06-0E5E664B8F3D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - g:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - G:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - G:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - G:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - G:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PDAgent - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16652 bytes

________________________________________________________________________________

And, here's the gmer scan as well:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-06 01:58:55
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\fgtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT sprj.sys ZwCreateKey [0xB9EAA0E0]
SSDT sprj.sys ZwEnumerateKey [0xB9EC7CA2]
SSDT sprj.sys ZwEnumerateValueKey [0xB9EC8030]
SSDT sprj.sys ZwOpenKey [0xB9EAA0C0]
SSDT sprj.sys ZwQueryKey [0xB9EC8108]
SSDT sprj.sys ZwQueryValueKey [0xB9EC7F88]
SSDT sprj.sys ZwSetValueKey [0xB9EC819A]

INT 0x62 ? 8A712BF8
INT 0x63 ? 8A49FBF8
INT 0x82 ? 8A712BF8
INT 0x83 ? 8A6A3BF8
INT 0xB1 ? 8A714BF8
INT 0xB1 ? 8A714BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6A21F8
Device \FileSystem\Fastfat \FatCdrom 89F531F8
Device \FileSystem\Udfs \UdfsCdRom 89C58500
Device \FileSystem\Udfs \UdfsDisk 89C58500
Device \Driver\usbohci \Device\USBPDO-0 8A5F8500
Device \Driver\usbehci \Device\USBPDO-1 8A49A500
Device \Driver\PCI_PNP4606 \Device\00000055 sprj.sys
Device \Driver\prodrv06 \Device\ProDrv06 E1ABE658
Device \Driver\PCI_PNP4606 \Device\00000056 sprj.sys
Device \Driver\sptd \Device\3815832106 sprj.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6A41F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6A41F8
Device \Driver\Cdrom \Device\CdRom0 8A5FA500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6A41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A7121F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A7121F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A7121F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A7121F8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A7121F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 8A5FA500
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A6A41F8
Device \Driver\Cdrom \Device\CdRom2 8A5FA500
Device \Driver\Cdrom \Device\CdRom3 8A5FA500
Device \Driver\NetBT \Device\NetBT_Tcpip_{5505A14C-FD06-4EEC-9ABF-2D31FD81C924} 89F941F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F28DA24C-69DC-40C8-B077-D612DB93649A} 89F941F8
Device \Driver\Cdrom \Device\CdRom4 8A5FA500
Device \Driver\prohlp02 \Device\ProHlp02 E101E048
Device \Driver\mcdbus \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom5 8A5FA500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F941F8
Device \Driver\Cdrom \Device\CdRom6 8A5FA500
Device \Driver\Cdrom \Device\CdRom7 8A5FA500
Device \Driver\nvata \Device\00000079 8A6A31F8
Device \Driver\nvata \Device\00000079 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000092 89F491F8
Device \Driver\USBSTOR \Device\00000092 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 89F941F8
Device \Driver\mcdbus \Device\mcdbus sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-0 8A5F8500
Device \Driver\nvata \Device\NvAta0 8A6A31F8
Device \Driver\nvata \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbehci \Device\USBFDO-1 8A49A500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F711F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89F711F8
Device \Driver\Ftdisk \Device\FtControl 8A6A41F8
Device \Driver\sptd \Device\3815988356 sprj.sys
Device \Driver\USBSTOR \Device\0000008b 89F491F8
Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a37n9qiz \Device\Scsi\a37n9qiz1Port4Path0Target0Lun0 8A47F500
Device \Driver\a37n9qiz \Device\Scsi\a37n9qiz1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a37n9qiz \Device\Scsi\a37n9qiz1 8A47F500
Device \Driver\a37n9qiz \Device\Scsi\a37n9qiz1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target3Lun0 89F541F8
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target3Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target1Lun0 89F541F8
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1 89F541F8
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target2Lun0 89F541F8
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target2Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target0Lun0 89F541F8
Device \Driver\a9nkf23w \Device\Scsi\a9nkf23w1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 89F531F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89E82500

Edited by Orange Blossom, 06 March 2010 - 08:27 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:19 AM

Posted 09 March 2010 - 06:56 AM

Hi Sillyshmo,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  1. If the issue is not resolved yet please update me on the current condition of your computer. You seem to be able to run the tools from your G drive (is it a flash drive?).

  2. Please download OTL by OldTimer.
    • Double click on the OTL.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers and Standard Registry to All.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:19 AM

Posted 14 March 2010 - 06:03 AM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic with new logs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users