Re: Matteo for "Trafton"
From: Bob (anonymous_at_discussions.microsoft.com)
Date: 05/02/04
- Next message: Trafton: "Re: Matteo for "Trafton""
- Previous message: Jim Macklin: "Re: Dual boot and virus"
- In reply to: Br0wnbear: "Re: Matteo for "Trafton""
- Next in thread: Trafton: "Re: Matteo for "Trafton""
- Reply: Trafton: "Re: Matteo for "Trafton""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 2 May 2004 14:51:05 -0700
Would you guys mind looking at my readout list too, as I have the same symptoms? I'll use the same fix as Matteo if applicable. Also, could the spyware have come in with the sasser virus or vice versa? Thanks!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\Program Files\EarthLink 5.0\etoolbar.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\EarthLink 5.0\Browser.exe
C:\Documents and Settings\Bob\Desktop\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
EarthLink ToolBar 5.0.lnk = C:\Program Files\EarthLink 5.0\etoolbar.exe
Microsoft Works Calendar Reminders.lnk = ?
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
UpdReg = C:\WINDOWS\Updreg.exe
AHQInit = C:\Program Files\Creative\SBLive\Program\AHQInit.exe
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ConMgr.exe = "C:\Program Files\EarthLink 5.0\ConMgr.exe"
Lexmark X73 Button Monitor = C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
Lexmark X73 Button Manager = C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
PrinTray = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
Iomega Startup Options = C:\Program Files\Iomega\Common\ImgStart.exe
Iomega Drive Icons = C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
nwiz = nwiz.exe /install
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"
Iomega Active Disk = C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D}
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL - {07B18EA1-A523-4961-B6BB-170DE4475CCA}
Ipswitch.WsftpBrowserHelper - C:\Program Files\WS_FTP Pro\wsbho2K0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[{02BF25D5-8C17-4B23-BC23-BC8000000000}]
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/26fe2d2a9c6f26098316/netzip/RdxIE601.cab
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
[Pulse V5 ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxPulse5.dll
CODEBASE = http://a320.g.akamai.net/7/320/1456/v50245/www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab
[SassCln Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.com/security/controls/SassCln.CAB
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 8,305 bytes
Report generated in 0.578 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
- Next message: Trafton: "Re: Matteo for "Trafton""
- Previous message: Jim Macklin: "Re: Dual boot and virus"
- In reply to: Br0wnbear: "Re: Matteo for "Trafton""
- Next in thread: Trafton: "Re: Matteo for "Trafton""
- Reply: Trafton: "Re: Matteo for "Trafton""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
