Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! This Is Fruastrating...


  • Please log in to reply
2 replies to this topic

#1 killerfish

killerfish

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 20 August 2008 - 03:06 PM

Hi. I got infected not sure by virus/trojan... my whole system got slower, i cant open my taskmanager, also cant open some of the programs like HIJACKTHIS & norton antivirus(damn pissed). I tried to run in safe mode, still no improvement, same symptoms. There i able to run norton and spotted C:\document and setting\all users\application data\SecTaskMan\660589.q-126clfq is infected with Trojan.packed.NsAnti. All i can open is my installed Security Task Manager and show the window processes log. Pls help, i hate reformatting my com.... & sry for the messy logs, i tried to tidy up...


LOGS

Name File Start
Adobe SVG Viewer 3.0 C:\Program Files\Internet Explorer\iexplore.exe 2:46:40 AM from Windows Explorer

Security Task Manager C:\Documents and Settings\Sunny\Desktop\taskmanager17\TaskMan.exe 3:47:21 AM from Windows Explorer
Client Server Runtime Process C:\WINDOWS\system32\csrss.exe 2:45:15 AM from Windows NT Session Manager

System System

LSA Shell (Export Version) C:\WINDOWS\system32\lsass.exe 2:45:25 AM from Windows NT Logon Application

svchost.exe 2:45:30 AM during system start-up from Event Log, Plug and Play after LanmanWorkstation,LanmanServer RpcSs Tcpip,Afd,NetBT RpcSs,PlugPlay Netman,WinMgmt RpcSs,Ndisuio

services.exe 2:45:25 AM during system start-up from Windows NT Logon Application

Windows NT Logon Application C:\WINDOWS\system32\winlogon.exe 2:45:18 AM from Windows NT Session Manager

cuelpsk.exe C:\WINDOWS\system32\cuelpsk.exe 2:50:19 AM

svchost.exe 2:45:30 AM during system start-up from Event Log, Plug and Play

svchost.exe 2:45:29 AM during system start-up from Event Log, Plug and Play after RPCSS

Windows NT Session Manager C:\WINDOWS\System32\smss.exe 2:45:05 AM from System

svchost.exe 2:45:31 AM during system start-up from Event Log, Plug and Play after NetBT,Afd

debug.exe C:\WINDOWS\system32\debug.exe 2:45:22 AM from Windows NT Logon Application

svchost.exe 2:45:30 AM during system start-up from Event Log, Plug and Play after Tcpip

System idle System idle

ACPI.sys during boot

Adobelmsvc.exe manual

afd.sys during system start

aliide.sys during boot

amdk7.sys during system start

Apfiltr.sys manual

aspnet_state.exe manual

atapi.sys during boot

Ati2evxx.exe during system start-up

svchost.exe during system start-up after PlugPlay,RpcSs
AdskScSrv.exe during system start-up
Beep.sys during system start
svchost.exe during system start-up after RpcSs
atisgkaf.sys during boot
ccEvtMgr.exe during system start-up after RPCSS
ccPwdSvc.exe manual
ccSetMgr.exe during system start-up after RPCSS
Cdaudio.sys during system start
Cdfs.sys started disabled after +SCSI CDROM Class
cdrom.sys during system start after +SCSI miniport
IoLogMsg.dll during system start
mscorsvw.exe manual
IoLogMsg.dll started disabled
compbatt.sys during boot
DefWatch.exe during system start-up
disk.sys during boot after +SCSI miniport
dmio.sys during boot
dmload.sys during boot
EagleNT.sys manual
eeCtrl.sys during system start after FltMgr
EraserUtilRebootDrv.sys manual
svchost.exe during system start-up after RpcSs
Fdc.sys during system start
Fips.sys during system start
Flpydisk.sys during system start
fltMgr.sys during boot
ftdisk.sys during boot
FUJ02B1.sys manual
msgpc.sys manual
hamachi.sys manual
hidusb.sys manual
IoLogMsg.dll during system start
i8042prt.sys during system start
imapi.sys during system start
IoLogMsg.dll started disabled
ipnat.sys manual after Tcpip
ipsec.sys during system start
irda.sys during system start-up
svchost.exe during system start-up after irda,RpcSs,TermService
isapnp.sys during boot
kbdclass.sys during system start
KSecDD.sys during boot
IoLogMsg.dll during system start
MDM.EXE during system start-up after RPCSS
mnmdd.sys during system start
mouclass.sys during system start
mouhid.sys manual
MountMgr.sys during boot
mrxsmb.sys during system start
Msfs.sys during system start
mssmbios.sys manual
Mup.sys during boot
NAVENG.SYS manual
NAVEX15.SYS manual
NDIS.sys during boot
ndistapi.sys manual
ndisuio.sys manual
ndiswan.sys manual
NDProxy.sys manual
netbios.sys during system start
netbt.sys during system start after Tcpip
Npfs.sys during system start
Ntfs.sys started disabled
Null.sys during system start
ohci1394.sys during boot
OSE.EXE manual
PartMgr.sys during boot
ParVdm.sys during system start-up after Parport,+Parallel arbitrator
pci.sys during boot
during system start
IoLogMsg.dll started disabled
pcmcia.sys during boot
manual
manual
manual
manual
started disabled
lsass.exe during system start-up after RPCSS,Tcpip,IPSec
raspptp.sys manual
lsass.exe during system start-up after RpcSs
psched.sys manual after Gpc
ptilink.sys manual
PxHelp20.sys during boot
rasacd.sys during system start
rasirda.sys manual
rasl2tp.sys manual
raspppoe.sys manual
raspti.sys manual
rdbss.sys during system start
RDPCDD.sys during system start
rdpdr.sys manual
redbook.sys during system start
svchost.exe during system start-up after RPCSS
Rtnicxp.sys manual
lsass.exe during system start-up after RPCSS
SavRoam.exe during system start-up
savrt.sys during system start after SAVRTPEL
Savrtpel.sys during system start
svchost.exe during system start-up after RpcSs
secdrv.sys during system start-up
svchost.exe during system start-up
svchost.exe during system start-up after EventSystem
serial.sys during system start
ServiceLayer.exe manual after RPCSS
Sfloppy.sys during system start after +SCSI miniport
svchost.exe during system start-up after RpcSs
SNDSrvc.exe during system start-up
SPBBCDrv.sys manual
SPBBCSvc.exe manual after RPCSS
spoolsv.exe during system start-up after RPCSS
sr.sys during boot
srv.sys manual
swenum.sys manual
Rtvscan.exe during system start-up
SYMEVENT.SYS manual
SYMTDI.SYS during system start after Tcpip
tcpip.sys during system start after IPSec
termdd.sys during system start
svchost.exe during system start-up
IoLogMsg.dll started disabled
svchost.exe during system start-up after RpcSs
tunmp.sys manual
update.sys manual
usbehci.sys manual
usbhub.sys manual
usbohci.sys manual
usnsvc.exe manual after rpcss,eventlog
vga.sys during system start
IoLogMsg.dll started disabled
VolSnap.sys during boot
svchost.exe during system start-up
manual
svchost.exe during system start-up after MRxDAV
WibuKey.sys during system start-up
svchost.exe during system start-up after RpcSs,winmgmt
svchost.exe during system start-up
nhmxfjkl.dll C:\WINDOWS\system32\nhmxfjkl.dll
bnmhggo0.dll C:\WINDOWS\system32\bnmhggo0.dll
bnmhggo1.dll C:\WINDOWS\system32\bnmhggo1.dll
Microsoft Text Frame Work Service IME C:\WINDOWS\system32\msctfime.ime
wklsdd.dll C:\WINDOWS\system32\wklsdd.dll
mttwfh.dll C:\WINDOWS\system32\mttwfh.dll
dntggf.dll C:\WINDOWS\system32\dntggf.dll
fmcvxy.dll C:\WINDOWS\system32\fmcvxy.dll
jdsaex.dll C:\WINDOWS\system32\jdsaex.dll
zsdgff.dll C:\WINDOWS\system32\zsdgff.dll
tdfhex.dll C:\WINDOWS\system32\tdfhex.dll
tdggrz.dll C:\WINDOWS\system32\tdggrz.dll
fsrgeb.dll C:\WINDOWS\system32\fsrgeb.dll
hhrdxd.dll C:\WINDOWS\system32\hhrdxd.dll
Adobe Reader 8 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll when Internet Explorer starts

Flashget CatchUrl Module C:\Program Files\FlashGet\jccatch.dll when Internet Explorer starts

BitCometBHO C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll when Internet Explorer starts

MegaUpload Toolbar C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll when Internet Explorer starts

Java™ Platform SE binary C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll when Internet Explorer starts
{7E853D72-626A-48EC-A868-BA8D5E23E045} when Internet Explorer starts

Flashget GetFlash Module C:\Program Files\FlashGet\getflash.dll when Internet Explorer starts

bnmhggo0.dll C:\WINDOWS\system32\bnmhggo0.dll when programs start

mttwfh.dll C:\WINDOWS\system32\mttwfh.dll when programs start
jlgejgei32fg.dll C:\WINDOWS\system32\jlgejgei32fg.dll when programs start when Windows starts, Registry: Machine\AppInit_DLLs
wklsdd.dll C:\WINDOWS\system32\wklsdd.dll when programs start
dntggf.dll C:\WINDOWS\system32\dntggf.dll when programs start
lopdfeab.dll C:\WINDOWS\Fonts\lopdfeab.dll when programs start
zptlesys.dll C:\WINDOWS\Fonts\zptlesys.dll when programs start
fsrgeb.dll C:\WINDOWS\system32\fsrgeb.dll when programs start
hhrdxd.dll C:\WINDOWS\system32\hhrdxd.dll when programs start
apsghjba.dll C:\WINDOWS\Fonts\apsghjba.dll when programs start
nhmxfjkl.dll C:\WINDOWS\system32\nhmxfjkl.dll when programs start
ptjhfhlp.dll C:\WINDOWS\Fonts\ptjhfhlp.dll when programs start
tdfhex.dll C:\WINDOWS\system32\tdfhex.dll when programs start
arjrller.dll C:\WINDOWS\system32\arjrller.dll when programs start
fmcvxy.dll C:\WINDOWS\system32\fmcvxy.dll when programs start
akjsgkaq.dll C:\WINDOWS\Fonts\akjsgkaq.dll when programs start
jdsaex.dll C:\WINDOWS\system32\jdsaex.dll when programs start
tdggrz.dll C:\WINDOWS\system32\tdggrz.dll when programs start
skqnfbib.dll C:\WINDOWS\Fonts\skqnfbib.dll when programs start
zsdgff.dll C:\WINDOWS\system32\zsdgff.dll when programs start

Microsoft IME C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE when Windows starts, Registry: Machine\Run

???????? 2002a C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE when Windows starts, Registry: Machine\Run & Machine\Run

ATI 2D Mode component C:\WINDOWS\system32\Ati2mdxx.exe when Windows starts, Registry: Machine\Run

ATI Desktop Control Panel C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE when Windows starts, Registry: Machine\Run

SoftModem Messaging Applet C:\WINDOWS\AGRSMMSG.exe when Windows starts, Registry: Machine\Run
DisableWinXPWZCS MFC Application C:\Program Files\Atheros\DisableWinXPWZCS.exe when Windows starts, Registry: Machine\Run

Symantec User Session C:\Program Files\Common Files\Symantec Shared\ccApp.exe when Windows starts, Registry: Machine\Run

Symantec AntiVirus C:\Program Files\Symantec AntiVirus\VPTray.exe when Windows starts, Registry: Machine\Run

Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe when Windows starts, Registry: Machine\Run

QuickTime C:\Program Files\QuickTime\qttask.exe when Windows starts, Registry: Machine\Run

Windows Shell Common Dll C:\WINDOWS\system32\SHELL32.dll when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad & Machine\ShellServiceObjectDelayLoad

Web Site Monitor C:\WINDOWS\system32\webcheck.dll when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad

Systray shell service object C:\WINDOWS\system32\stobject.dll when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad

Windows Portable Device Shell Service Object C:\WINDOWS\system32\WPDShServiceObj.dll when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad

Adobe Common File Installer C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe when Windows starts, Registry: User\Startup

Windows Explorer C:\WINDOWS\Explorer.EXE 2:46:06 AM




ur help will be deeply appreciated =(

Edited by killerfish, 20 August 2008 - 03:27 PM.


BC AdBot (Login to Remove)

 


#2 killerfish

killerfish
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 22 August 2008 - 01:40 AM

sad... nobody could help, i guess i go with reformat...

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 22 August 2008 - 01:44 AM

Try this scan:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users