MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: My Computer seems to be a SpamBot
March 31, 2020, 06:45:44 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
March 31, 2020, 06:45:44 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: My Computer seems to be a SpamBot  (Read 1589 times)
gylbert
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« on: November 12, 2005, 06:30:23 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP Home 2002 - SP1. system restore currently disabled
Problem Application Name & Version: unknown
Problem Hardware Make & Model: Compaq Presario SR1130NX
Error Messages: Symantec Email Proxy



i believe that i have a spambot installed on my computer, and have for some time. nothing i have tried to find, remove or block it works, and i can't think of anything else to do about the problem on my own. so . . . *peers expectantly* Grin

whenever i am connected to the internet (shaw cable high-speed-lite DSL), and traffic is allowed through norton internet security, at some point, 'symantec email proxy' windows will start popping up informing me that emails i have sent have been rejected for various reasons. sometimes this starts shortly after i boot my computer or log back into windows, sometimes

here's the most common error messages lately

'message rejected due to /it being spam/'. @cornell.edu addresses seem to come up unusually often

'your email message was unable to be sent because your mail server rejected the message: 451  mta.1**.mail.dcn.yahoo.com  resources temporarily unavailable. please try again later [#4.16.1]'

'your email message was . . .: 451  mta2**.mail.re2.yahoo.com  resources . . .' for this message, and the one above, the three-digit number after 'mta' changes, i suppose according to exactly which yahoo mail server rejected the email

'your email message was . . .: 553.5.5.4 host name (s010600112f5b9082.cg.shawcable.net) is not match with your IP (68.144.17.46), maybe it's bogus.' ya think? Wink

'[paraphrase] the connection was interrupted. please open your email client to resend your message'

i don't understand why this is. i don't have yahoo mail, or an email client that i recognize as having. in fact, i don't send any email directly from my computer. all of my electronic communication is done through canada.com's webmail service. am i wrong in thinking that webmail is independent of my system??

these windows are quite aggravating, simply by their sheer volume. mean average, one will pop open every 11 seconds, though they can come up as frequently as less than a second apart, or up to 30, maybe 45, seconds apart. if i fall asleep, or otherwise leave the computer, the windows will accumulate until the sytem is bogged down to the point that it can't handle any more emailing. the record currently stands at 933 of these windows open at once. (thank goddess for 'right click, close group! Smiley and as i type this, NIS is blocking internet traffic to preserve my sanity)

history of the problem: i believe i originally was infected with this problem at the same time as Horseserver, which was about march 2005. while Horse was rather quickly banished from my system (thanks again!), the spambot stayed on a while longer, then 'disappeared' over the summer. i have no idea whether it was some configuration change i performed to block it, or if a cleaning program removed it, and i've since been reinfected

the spambot has been active again for about 3 weeks, and this timing coincides with a more serious than average malware issue i came across, which itself was readily handled by one of the antispyware programs i have installed

also, yesterday, something caused a couple dozen of my desktop shortcut icons to 'go missing' - that is, they were useless to click on, and the icon's normal graphic was replaced by either the default 'windows executable' blue-lined white box icon, or the 'dogeared page' document icon. a run with CleanUp and a reboot restored most of my shortcuts to normal, but two shortcut graphics are still AWOL: My Computer and Norton Internet Security (wonder why it's those two . . . Wink ). i've provided a link to a desktop screenshot to show what i mean

http://img365.imageshack.us/img365/5018/zzzzz6qt.jpg

here's what i've tried that hasn't worked:
Logged

Quando Omni Flunkus Moritati - when all else fails, play dead
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: November 12, 2005, 08:42:57 AM »

Hi

Here is the little @#$*^% its a Mass emailing worm.These files will need to be removed.

C:\WINDOWS\System32\winmine.exe
 C:\WINDOWS\System32\vga2sdxm.dll


winmine.exe <--- check the Properties on this first to determin if it genunine Microsoft.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
-------------------------------------
You will also need to run HJT and fix these items...

O9 - Extra button: Microsoft AntiSpyware helper - {06AC82AA-D6A1-450E-99C1-42E19518EA65} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {06AC82AA-D6A1-450E-99C1-42E19518EA65} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {16979AC8-6FE9-425A-87BC-56FBB7A6C092} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {16979AC8-6FE9-425A-87BC-56FBB7A6C092} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2C1686A5-0115-453F-A2B9-CBAD1E57BE84} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2C1686A5-0115-453F-A2B9-CBAD1E57BE84} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5B3E7293-DB3D-4E28-922A-E73355E574EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B3E7293-DB3D-4E28-922A-E73355E574EC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BECDF2AC-8BD5-4604-B7D8-D34A9E69A944} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BECDF2AC-8BD5-4604-B7D8-D34A9E69A944} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DEEA3776-4AB7-4B98-93EF-851A9041C595} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DEEA3776-4AB7-4B98-93EF-851A9041C595} - (no file) (HKCU)
O21 - SSODL: NTDBGTOOL - {67A36F8F-877F-491D-8A25-73F4AFD86828} - C:\WINDOWS\System32\vga2sdxm.dll


-------------------------------------------



When done.....

Please download  this and run it only when all the other fixes have been done. Ewido Security Suite

 Install Ewido Security Suite.
 When installing, under 'Additional Options' uncheck: "Install background guard" and  "Install scan via context menu"

To open the main screen double click the icon on the desktop.
 
 You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

 Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.


Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans  it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
 
If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.
« Last Edit: November 14, 2005, 05:58:50 AM by Pancake » Logged

An Australian Member of

EDDY
gylbert
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #2 on: November 13, 2005, 09:43:04 AM »

i just got home, in need of sleep, and have to be back at work in 3 hours, so it'll be a day or two before i tackle this. however, i'd like to make two notes before turning in

winmine.exe is merely the minesweeper game, is it not? i forgot to close it down when i did the scan

of course, vga2sdxm.dll won't delete straight away in normal mode - too easy! i assume the HJT fixes can be performed in safe mode, along with the file delete?

. . . and i typed all that out for such an easily identifiable problem?!?! wow, do i feel sheepish now . . . *baaaa*

i will post back with my results either sunday night or monday afternoon
« Last Edit: November 13, 2005, 09:46:27 AM by gylbert » Logged

Quando Omni Flunkus Moritati - when all else fails, play dead
gylbert
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #3 on: November 18, 2005, 10:13:07 AM »

hi pancake

i think the problem's solved! Smiley

after doing the HJT fixes, and a couple of CleanUps and restarts, i was able to delete the vga2sdxm file without hassle

wow, that ewido scan is intensive! and because each problem asks you what to do about it, i couldn't just let it run on its own and leave it be, so it took me a few days before i could sit down and play with it

unfortunately, i clicked off the program before saving the log Undecided but a second scan came up clean

the first scan found 342 problams and fixed them all. in amongst the many malware cookies were several trojan downloaders, which (finally) triggered NAV to detect and auto-delete them, so i should hope that's all of the icky code cleaned out of my computer. for today, anyway . . .

most importantly: no more email bounce-back windows, and every one of my desktop shortcuts is back to normal! Cool

here's what HJT has to say:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:26 AM, on 2005-11-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Ewido\ewidoguard.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpyBot\SDHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Logged

Quando Omni Flunkus Moritati - when all else fails, play dead
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: November 18, 2005, 11:54:42 AM »


Run HJT and take this item out and I think we can say you are all clean and ready to go...
O4 - Startup: PowerReg Scheduler V3.exe
Logged

An Australian Member of

EDDY
gylbert
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #5 on: November 19, 2005, 05:47:22 AM »

done.

Logfile of HijackThis v1.99.1
Scan saved at 10:45:37 PM, on 2005-11-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Ewido\ewidoguard.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Works\wksss.exe
c:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\WksSS.exe
C:\Program Files\Microsoft Works\WksSS.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpyBot\SDHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Logged

Quando Omni Flunkus Moritati - when all else fails, play dead
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: November 20, 2005, 12:33:06 AM »

Yep,all fine.All clean.
Logged

An Australian Member of

EDDY
gylbert
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #7 on: November 20, 2005, 04:36:20 AM »

awesome! thanks for the help!! Smiley

*hands over a padlock*
Logged

Quando Omni Flunkus Moritati - when all else fails, play dead
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page February 17, 2020, 06:23:05 PM