1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojans and Virus

Discussion in 'Virus & Other Malware Removal' started by me_neha2k2, Jul 15, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. me_neha2k2

    me_neha2k2 Thread Starter

    Joined:
    Jul 15, 2008
    Messages:
    2
    Hi,

    I am continuously getting messages of Trojan and virus in my system.

    I have AVG, Avast, Spybot and Trojan guarder on my system and I'm getting continuous msg alerts from all of them that my system has trojan and virus !

    Please help.
    Neha
     
  2. me_neha2k2

    me_neha2k2 Thread Starter

    Joined:
    Jul 15, 2008
    Messages:
    2
    HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:14:01 PM, on 7/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\svchost.xy3
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\DAP\DAP.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iWin Games\iWinGamesInstaller.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iWin Games\iWinGames.exe
    C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,svchost.xy3
    O1 - Hosts: 202.165.102.205 972.aksjd11.com
    O1 - Hosts: 202.165.102.205 w3og.cn
    O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
    O1 - Hosts: 203.208.35.100 www.aujoy.cn
    O1 - Hosts: 203.208.35.101 www.hao601.cn
    O1 - Hosts: 203.208.35.101 www.psp476.cn
    O1 - Hosts: 72.14.235.99 222.1212l112.net
    O1 - Hosts: 72.14.235.99 444.1212l112.netn
    O1 - Hosts: 72.14.235.99 555.1212l112.net
    O1 - Hosts: 72.14.235.99 111.1212l112.net
    O1 - Hosts: 65.55.21.250 111.3243l24.com
    O1 - Hosts: 65.55.21.250 222.3243l24.com
    O1 - Hosts: 65.55.21.250 333.3243l24.com
    O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
    O1 - Hosts: 125.64.8.112 kao.gmwo06.com
    O1 - Hosts: 125.64.8.112 444.gmwo07.com
    O1 - Hosts: 116.252.185.15 ru.update365.us
    O1 - Hosts: 116.252.185.15 ad.update365.us
    O1 - Hosts: 207.46.232.182 popmails.net
    O1 - Hosts: 203.208.37.99 3.goodhh.com
    O1 - Hosts: 220.181.37.55 down.rwixr.com
    O1 - Hosts: 160.79.42.52 www.xdj2008.com
    O1 - Hosts: 63.175.76.152 www.revtr.cn
    O1 - Hosts: 219.133.40.91 qq.ljsll.com
    O1 - Hosts: 203.208.35.102 www.aassccwe.cn
    O1 - Hosts: 209.132.177.50 973.aksjd11.com
    O1 - Hosts: 209.132.177.50 974.aksjd11.com
    O1 - Hosts: 209.132.177.50 971.aksjd11.com
    O1 - Hosts: 209.132.177.50 975.aksjd11.com
    O1 - Hosts: 72.14.235.104 user1.12-39.net
    O1 - Hosts: 72.14.235.147 www.infomt.net
    O1 - Hosts: 192.150.18.101 ata1.sysions.net
    O1 - Hosts: 192.150.18.101 ata2.sysions.net
    O1 - Hosts: 192.150.18.101 ata3.sysions.net
    O1 - Hosts: 192.150.18.101 ata4.sysions.net
    O1 - Hosts: 193.120.42.226 8nnnnn99.cn
    O1 - Hosts: 24.39.54.34 www.haoaoao.cn
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: detxbiua.dll - {20618412-C528-C784-C056-C164D1F7C502} - (no file)
    O2 - BHO: ijdybpaw.dll - {2A698452-C5D8-C584-C256-C264C987C5A2} - (no file)
    O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - (no file)
    O2 - BHO: zywlcime.dll - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - (no file)
    O2 - BHO: tisqctyu.dll - {38093456-9012-4568-9076-908765467183} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: zycbdime.dll - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - (no file)
    O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
    O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - (no file)
    O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - (no file)
    O2 - BHO: zywmgime.dll - {7319A1F1-9410-9654-3201-345FFA349137} - (no file)
    O2 - BHO: zxmsdwin.dll - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - (no file)
    O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
    O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - (no file)
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
    O2 - BHO: zyzxjime.dll - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - (no file)
    O2 - BHO: yzztlmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
    O2 - BHO: hdf453d.dll - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - (no file)
    O2 - BHO: yzztlmsn.dll - {C490415F-65F8-B5C5-D8BA-9405FB12054C} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{154D2B2B-58E0-4CE8-85C0-F91F5CA98E85}: NameServer = 202.88.149.25,202.88.149.6
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B3AF54E6-2143-4A8B-B61F-45DD15E7AF85}: NameServer = 202.88.149.25,202.88.149.6
    O17 - HKLM\System\CS1\Services\Tcpip\..\{154D2B2B-58E0-4CE8-85C0-F91F5CA98E85}: NameServer = 202.88.149.25,202.88.149.6
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll (file missing)
    O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    --
    End of file - 9811 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/730799