Trojan and Virus Problem

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 9.3.2025 / 23:03

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > trojan and virus problem

Browse by topic

Forums

Start a new thread

Trojan and Virus Problem

Jump to:

Posted

Message

rogerm16

Junior Member

8. February 2008 @ 09:00

Link to this message

I have a log from hijackthis
its from my sis laptop, I cant get the internet to run or get an internet connection at all... any help would be appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:54 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\5E5F5F615F636.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [d0bc2afe] rundll32.exe "C:\WINDOWS\system32\lxnsttqr.dll",b
O4 - HKLM\..\Run: [313232343236393] 5E5F5F615F636.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VmlwLW5ldA\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cmtfmvnt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4869 bytes

[ + quote]

yeah...im a newbie..a learning one teach me!!

echoreply

Member

8. February 2008 @ 19:48

Link to this message

you have malware on board. normally that dosnt affect your internet connection as malware wants to use it also.

try:
if you have a router power off both your router and computer, then restart both after a minute or so.

try:
start>run and type in cmd, click ok
in the window at the prompt type in
ipconfig /release click enter
followed by:
ipconfig /renew enter

note: there is a space after the g and before the /

need to get some tools to help clean it up

[ + quote]

http://www.virusvault.us/

pred3

Member

8. February 2008 @ 19:54

Link to this message

Originally posted by echoreply:
you have malware on board. normally that dosnt affect your internet connection as malware wants to use it also.

try:
if you have a router power off both your router and computer, then restart both after a minute or so.

try:
start>run and type in cmd, click ok
in the window at the prompt type in
ipconfig /release click enter
followed by:
ipconfig /renew enter

note: there is a space after the g and before the /

need to get some tools to help clean it up

How do you read that log and tell if there is virus?

[ + quote]

PsP PhaT (+[__]%) 1.50 - 3.40 OE-A - 3.52 m33 - 3.52 m33-4 - 3.90m33-3 - 5.00m33-6

echoreply

Member

8. February 2008 @ 20:44

Link to this message

i can recognize what should and shouldnt be there. hjt doesnt recognize malware or know the difference between malware and a normal file, it just displays some startup locations and places that malware might be running from. its not a cleaning tool. you can have a clean hjt log and still have malware present. rely on your AV/anti-malware software first.

malware;
O4 - HKLM\..\Run: [d0bc2afe] rundll32.exe "C:\WINDOWS\system32\lxnsttqr.dll",b

O4 - HKLM\..\Run: [313232343236393] 5E5F5F615F636.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VmlwLW5ldA\command.exe (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cmtfmvnt.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

[ + quote]

http://www.virusvault.us/

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > trojan and virus problem


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.