[gone_yaar]

In my computer i detected trojan dropper , trojan PSW.onlinegames , trojan downloader , trojan generic and win 32/alman viruses . Even my computer has become too slow at startup and also tell me if there is any method to increase my download speed , it is just 15 kb/sec.

[Advertisements]

Please read this topic and post your HijackThis log here when ready.

[greyknight17]

Please read this topic and post your HijackThis log here when ready.

[gone_yaar]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:07 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.mail.yahoo.com
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - (no file)
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - (no file)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - (no file)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - (no file)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - (no file)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - (no file)
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - (no file)
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - (no file)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - (no file)
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - (no file)
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - (no file)
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - (no file)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - (no file)
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - (no file)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - (no file)
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - (no file)
O2 - BHO: apsgejba.dll - {5FD45A54-9875-698F-E56E-65102358FDF5} - (no file)
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - (no file)
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - (no file)
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - (no file)
O2 - BHO: arjrdler.dll - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - (no file)
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - (no file)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - (no file)
O2 - BHO: jke34kl32.dll - {9629FF4F-ACDB-5C90-A098-FACB3456A269} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - (no file)
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Boost XP Service] C:\Program Files\Boost XP\bxservice.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCAE48D-F5BC-4547-8BEC-86ADFDFC4D7C}: NameServer = 202.144.115.4,202.144.66.6
O20 - AppInit_DLLs: jkjkll.dll,ghjyer.dll,ilkyu.dll,yukevg.dll,ghkrg.dll,tuker.dll,ujkwet.dll,asfjth
j.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,losdf.dll,kergt.dll,gfcf
g.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,x
gnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,sergh
jm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,x
fng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll
,oqrthc.dll,fgthde.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn
.dll,dbfb.dll,fjnbv.dll,rthkyuk.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dl
l,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.d
ll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh
.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr
.dll,hfther.dll,,akjsdkaq.dll,arjreler.dll,yzztkmsn.dll,nhmxdjkl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - (no file)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: VideoAcceleratorService - Unknown owner - E:\All Hardware\SpeedBit Video Accelerator\VideoAcceleratorService.exe (file missing)

--
End of file - 8343 bytes

[greyknight17]

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - (no file)
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - (no file)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - (no file)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - (no file)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - (no file)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - (no file)
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - (no file)
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - (no file)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - (no file)
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - (no file)
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - (no file)
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - (no file)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - (no file)
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - (no file)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - (no file)
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - (no file)
O2 - BHO: apsgejba.dll - {5FD45A54-9875-698F-E56E-65102358FDF5} - (no file)
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - (no file)
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - (no file)
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - (no file)
O2 - BHO: arjrdler.dll - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - (no file)
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - (no file)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - (no file)
O2 - BHO: jke34kl32.dll - {9629FF4F-ACDB-5C90-A098-FACB3456A269} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - (no file)
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - AppInit_DLLs: jkjkll.dll,ghjyer.dll,ilkyu.dll,yukevg.dll,ghkrg.dll,tuker.dll,ujkwet.dll,asfjth
j.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,losdf.dll,kergt.dll,gfc
f
g.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,
x
gnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serg
h
jm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,
x
fng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dl
l
,oqrthc.dll,fgthde.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydg
n
.dll,dbfb.dll,fjnbv.dll,rthkyuk.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.d
l
l,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.
d
ll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfg
h
.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkd
r
.dll,hfther.dll,,akjsdkaq.dll,arjreler.dll,yzztkmsn.dll,nhmxdjkl.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - (no file)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[gone_yaar]

I had already runned combofix but after restarting the computer after that it got error that NTLPR not found , press alt+crl+del to restart.But restarting gave me same error.

[greyknight17]

Did you run into any problems during the combofix scan?

Read here or post in our Windows forum for assistance on this matter.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.