Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - theroadisalover

Pages: [1]
1
Tech Clinic / request help on HJT logfile
« on: April 29, 2005, 12:29:20 AM »
Questolo,

First of all, let me apologize for the delay in getting back with you. Too much wildness to describe here. If you are still able to ck. out this log file, the results Ive found will follow. On Jotti's site, there seemed to be a problem loading so I question whether I did it right. However, I believe I have the root of the problem, just needs your expert eye.

______________________
1.
scanned C:\csrss.exe

AntiVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing

Dr. web found  BACKDOOR.trojan  Probable variant.

F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
mks_vir  Found nothing

NOD32  Found Win32/VB.VE
 
Norman Virus Control  Found nothing
VBA32  Found nothing

_____________________________

2.
  Scanned mscomm.exe on Jotti.org
 

Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing

Dr.Web  Found modification of BackDoor.Generic.815  

F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
mks_vir  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
VBA32  Found nothing
_______________________________

3.
scanned c:\WINDOWS\system32\dll32\cssrs.exe

AntiVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found BACKDOOR.Trojan (probable variant)  
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
mks_vir  Found nothing
NOD32  Found Win32/VB.VE  
Norman Virus Control  Found nothing
VBA32  Found nothing
_____________________________

4.
In C:\WINDOWS\system32\dll

There are four files:

1. csrss.exe  ( This file accompanied by the name "Transparent Proxy Server" ) W/ icon of PC and monitor.

2. makensis.exe  w/ windows"frame" icon.

3. Script.nsi  NSI file 2KB

4.ScriptTemp.nsi  NSI File 2KB


Again, sorry for the delay. Let me know if I can provide more info.   THANKS......theroadisalover

P.S. Please advise if perhaps you know of another site w/ scan. or?
perhaps answer will be apparent.

2
Tech Clinic / request help on HJT logfile
« on: April 09, 2005, 07:07:12 AM »
Say folks.... here is my HJT logfile. This computer is getting very cranky...IE is screwy, things are locking up left and right. Hope I have posted this correctly. thanks in advance for any help possible.
theroadisalover.....

 Logfile of HijackThis v1.99.1
Scan saved at 6:52:49 AM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\Ltmoh.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\RFA\rfagent.exe
C:\WINDOWS\system32\dll32\csrss.exe
C:\csrss.exe
C:\WINDOWS\Mscomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\pc-user\Desktop\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\pc-user\LOCALS~1\Temp\Temporary Directory 1
for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LtMoh] C:\WINDOWS\system32\Ltmoh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SoundMax] C:\WINDOWS\system32\dll32\csrss.exe
O4 - HKLM\..\Run: [] \csrss.exe
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: WebJet.lnk = C:\Program Files\WebJet\WebJet\WebJet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D457991B-86E5-465C-B6BE-B7FEE58D60CE}: NameServer = 207.218.192.38 207.218.192.39
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Pages: [1]