|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 email bouncing back(Click here to view the original thread with full colors/images)Posted by: roy.stevenson Hi can anyone help me ? my email comes back to me from Outlook Express through my AVG anti-virus, says undeliverable, phoned NTL re problem they say I have a virus and that is why the server is rejecting. I have done several runs with adaware, spyware doctor etc and full anti-virus scans but have found nothing....I enclose a hijack this scan to see if someone can point me in the right direcdtion to this problem Cheers in advance Roy. Logfile of HijackThis v1.99.1 Scan saved at 11:39:46, on 05/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wdfmgr.exe D:\WINDOWS\system32\ZONELABS\vsmon.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\system32\P2P Networking\P2P Networking.exe D:\PROGRA~1\Altnet\DOWNLO~1\ASM.exe D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\Program Files\Grisoft\AVG Free\avgcc.exe D:\Program Files\Grisoft\AVG Free\avgemc.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\wscntfy.exe D:\DOCUME~1\ROYSTE~1\LOCALS~1\Temp\eauninst.exe D:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eafuninst_n oguid.exe D:\Program Files\Windows Media Player\wmplayer.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\roy stevenson\My Documents\HIGHJACK THIS\HijackThis.exe D:\DOCUME~1\ROYSTE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://k2b-bulk.ebay.co.uk/ws/eBayISAPI.dll?MyeBaySellingSummary&ssPageName=STRK:ME:LNLK[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C46 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\RunOnce: [ws_uninst] D:\DOCUME~1\ROYSTE~1\LOCALS~1\Temp\ws_uninst.exe -s O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] D:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe /COMPLETECACHE O4 - HKLM\..\RunOnce: [SpyHunter] "D:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe" /REMOVEPARASITEONBOOT O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe" O4 - HKCU\..\Run: [iolo Task Agent] D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\RunOnce: [BullguardoptIn] D:\WINDOWS\Temp\BullGuard\bulldownload.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - [url]http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab[/url] O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - [url]http://download.ebay.com/turbo_lister/US/install.cab[/url] O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url] O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - [url]http://www.mt-download.com/MediaTicketsInstaller.cab[/url] O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - [url]http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab[/url] O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: McAfee Firewall - Unknown owner - D:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe Posted by: Lobos Hi roy Welcome to TF Please download Download [url=http://cleanup.stevengould.org/]CleanUp![/url] ([url=http://www.greyknight17.com/spy/Cleanup.exe]Alternate Link if main link don't work[/url]) and install it. dont run it yet [B][url=http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button]Adaware SE[/url][/B] and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this [B][url=http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml]Site[/url][/B] to get the plug-in for fixing VX2 variants. Also make sure to [B][url=http://www.greyknight17.com/spyware.htm#adaware]Customize[/url][/B] the settings in Adaware for better scan results. Dont rut yet Download and install [url=http://security.kolla.de/]Spybot S&D[/url]. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. dont run it yet First you still have some adware p2pnetworking and Acceleration Soft Press ctrl-alt-delete and endthese processes P2P Networking.exe ASM.exe eauninst.exe eafuninst_noguid.exe Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: uninstall webscan Acceleration Soft p2pnetworking eauninst.exe Next Go to [b]My Computer >Tools >Folder Options >View[/b] tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the [b]Hide protected operating system files[/b] option. Open Hijack This and click on Scan. Check the following entries [B](make sure you do not miss any)[/B] [B]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://k2b-bulk.ebay.co.uk/ws/eBayI...me=STRK:ME:LNLK[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\RunOnce: [ws_uninst] D:\DOCUME~1\ROYSTE~1\LOCALS~1\Temp\ws_uninst.exe -s O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - [url]http://www.mt-download.com/MediaTicketsInstaller.cab[/url] [/B] [B][I]Please remember to close all other windows, including browsers then click Fix checked.[/I][/B] Delete the following Files indicated in [b][color=red]RED[/color][/b] and Folders indicated in [b][color=blue]BLUE[/color][/b][B] if they still exist.[/B] [B] D:\WINDOWS\system32\[color=blue]P2P Networking\[/color] D:\PROGRA~1\[color=blue]Altnet\[/color] D:\PROGRA~1\COMMON~1[color=blue]\EACCEL~1\[/color] the folder starts with this EACCEL I believe it is EACCELERATION [/B] Reboot your System in normal mode. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download [url=http://cleanup.stevengould.org/]CleanUp![/url] ([url=http://www.greyknight17.com/spy/Cleanup.exe]Alternate Link if main link don't work[/url]) and install it. Run CleanUp! and click on [b]CleanUp![/b] button. When it asks you if you want to logoff, click on Yes. run ad-aware and run spybot s/d and cleanup reboot between each one The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Run CleanUp! and click on [b]CleanUp![/b] button. When it asks you if you want to logoff, click on Yes. reboot post a new hijackthis log and let me know how your computer is running Posted by: roy.stevenson Hi again, I have completed the tasks you recommended and posted below is the latest Hijackthis log, have tried to send mail again but the same problem is occuring(c&p a copy of error notice also below)went through the process again but could not see any parts i missed although you may be able to :) this is really doing my head in ......lol, looking forward to your next suggestion, although the rest of the computer does seem to be running fine with no problems Regards Roy. Logfile of HijackThis v1.99.1 Scan saved at 11:14:43, on 06/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\ZONELABS\vsmon.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\DOCUME~1\ROYSTE~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C46 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe" O4 - HKCU\..\Run: [iolo Task Agent] D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - [url]http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab[/url] O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - [url]http://download.ebay.com/turbo_lister/US/install.cab[/url] O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url] O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url] O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - [url]http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab[/url] O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe Error message received from ISP provider below; An unknown error has occurred. Subject 'test mail', Account: 'roy.stevenson20', Server: 'smtp.ntlworld.com', Protocol: SMTP, Server Response: '452 Message rejected', Port: 25, Secure(SSL): No, Server Error: 452, Error Number: 0x800CCC6C Posted by: Lobos Ok well your log is loking better I forgot to mention that you are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it [B] HJK [/B], or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. Please run these two online scans. Make sure they are set to clean automatically: [URL=http://housecall.trendmicro.com/]TrendMicro's HouseCall[/URL] [URL=http://www.pandasoftware.com/activescan/]ActiveScan[/URL] You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found. make sure you take hijack this an extract the Hijack this file into its own folder Then scan again with HijackThis and post another log. and post the av logs too the only other thing i can think of is your firewal, but let me know how thing go sal Posted by: roy.stevenson Hi again Have done the latest things that you suggest by moving Hijack to it's own folder and doing the 2 online scans. None of the scans showed any virus, the log for the Panda online is below with the Hijack scan and i have removed the objects which i have indicated on the log. Besides the problem with the email which is still coming back to me the computer runs fine, hoping you can suggest some further action to try to find the answer to my problem Regards Roy. Incident Status Location Adware:Adware/MyWay No disinfected REMOVED Windows Registry Adware:Adware/Twain-Tech No disinfected REMOVED D:\WINDOWS\smdat32m.sys Adware:Adware/SuperSpider No disinfected CAN,T FIND Windows Registry Adware:Adware/InstaFinder No disinfected REMOVED D:\Program Files\INSTAFINK Adware:Adware/BrilliantDigital No disinfected REMOVED C:\Program Files\KaZaA\bdcore.dll.updpnd Adware:Adware/FunWeb No disinfected REMOVED C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Spyware:Spyware/New.net No disinfected REMOVED C:\_RESTORE\TEMP\A0122493.CPY Adware:Adware/nCase No disinfected REMOVED C:\_RESTORE\TEMP\A0122495.CPY Adware:Adware/nCase No disinfected REMOVED C:\_RESTORE\TEMP\A0127953.CPY Spyware:Spyware/New.net No disinfected REMOVED C:\_RESTORE\TEMP\A0127955.CPY Spyware:Spyware/New.net No disinfected REMOVED C:\_RESTORE\TEMP\A0128003.CPY Adware:Adware/Ucmore No disinfected REMOVED C:\_RESTORE\TEMP\UCMIE.0 Adware:Adware/Ucmore No disinfected C:\_RESTORE\TEMP\A0130364.CPY[UCMIE.DLL] CAN’T FIND Adware:Adware/MyWay No disinfected REMOVED D:\Documents and Settings\roy stevenson\My Documents\HIGHJACK THIS\backup-20040131-180302-199.dll Adware:Adware/P2PNetworking No disinfected REMOVED D:\Documents and Settings\roy stevenson\My Documents\HIGHJACK THIS\backup-20040131-180302-861.dll Hijack log to follow Roy. Posted by: roy.stevenson Here is the latest Hijack log that i said would follow; Logfile of HijackThis v1.99.1 Scan saved at 17:04:07, on 07/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINDOWS\system32\ZONELABS\vsmon.exe D:\Program Files\Windows Media Player\wmplayer.exe D:\Program Files\HJK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://k2b-bulk.ebay.co.uk/ws/eBayISAPI.dll?MyEbaySellingSummary&ssPageName=STRK:ME:LNLK[/url] F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RoxioEngineUtility] "D:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "D:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C46 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe" O4 - HKCU\..\Run: [iolo Task Agent] D:\Program Files\iolo\Common\Task Agent\Task_Agent.exe O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\RunOnce: [CleanUp!] D:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall-beta.trendmicro.com/housecall/xscan60.cab[/url] O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - [url]http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab[/url] O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - [url]http://download.ebay.com/turbo_lister/US/install.cab[/url] O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url]http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - [url]http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab[/url] O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - [url]http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab[/url] O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [url]http://chat.msn.com/bin/msnchat45.cab[/url] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe Regards Roy:( Posted by: Lobos well it looks like your log is clean but the ones you cant find maybe hidden unhide the hidden files and folder by doing this double click on the [b]My Computer[/b] icon on the desktop. Go to [b]Tools | Folder Options[/b], click on the [b]View[/b] tab and make sure that [b]Show hidden files and folders[/b] is checked. Also uncheck [b]Hide protected operating system files[/b]. Now click [b]Apply to all folders[/b], then click [b]Apply[/b] then [b]OK[/b]. D:\WINDOWS\smdat32m.sys find this file and delete or any of the other ons you couldn't find your going to have to clear out your systems restore go here to do that [url]http://www.pchell.com/virus/systemrestore.shtml[/url] now to your error the only thisg i found about that is it could be the mail server i guess they were having the sme results you are having now [url]http://www.uk-bug.net/Article317.html[/url] [url]http://www.cableforum.co.uk/board/showthread.php?t=7373&page=1&pp=15[/url] but nothing recently my suggestion would find a UK board and state your problem reason because Ntl world is a Uk ISP also it doesn't look like there service is doing very well right now [url]http://www.ntl-isp.ntl.com/ServiceStatus/[/url] hope this helps Lobos Posted by: southernlady Closed. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |