Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Microsoft Outlook 2003 Sends Hundreds of Emails!


  • Please log in to reply

#1
olace88

olace88

    Member

  • Member
  • PipPip
  • 97 posts
Hi,

I need help. My Microsoft Outlook 2003 is sending hundreds of e-mails everytime I open it. I have reformatted my hard drive twice and load my saved mails but still the Outlook sends hundreds of emails with nothing on the outbox and on the message sent folder. This is very strange but I think I have a virus but dont know how to get rid of it. What kind of virus is this.

Please help.

Hope to hear from you guys.

Thanks,

Olace88
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
olace88

olace88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Loophole,

Thank you for taking time to help. I will do as you have instructed and post the log file the soonest time I can.

Thanks,

Olace88
  • 0

#4
olace88

olace88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Loophole,

Here's the logfile i got after running HJT.

Logfile of HijackThis v1.99.1
Scan saved at 9:08:49 AM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\mpm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [\\PRINTEREPSON\EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P41 "\\PRINTEREPSON\EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
O4 - HKLM\..\Run: [HPWT myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\mpm.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ph\msntabres.dll.mui/229?c58aeeee6bcf4aa2b2d4cdf5a26c7b3b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ph\msntabres.dll.mui/230?c58aeeee6bcf4aa2b2d4cdf5a26c7b3b
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1159533195069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159533165502
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

I dont see anything wrong in the Hijack log, Lets look at something else

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#6
olace88

olace88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Loophole,

Sorry for my delayed reply. I got tied up this weekend. Anyway, here's the combofix log. Please see below.

Mel Adriano - 06-10-23 9:06:46.87 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Mel Adriano\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))


2006-10-13 11:03 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-13 11:03 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-05 11:58 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-05 11:58 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-05 11:58 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-02 16:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-02 16:02 102,400 -ra------ C:\WINDOWS\scrub2k.exe
2006-10-02 12:30 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-02 10:00 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-10-01 20:43 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-10-01 20:43 61,072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-01 20:43 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-01 20:43 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2006-10-01 20:43 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2006-10-01 20:43 1,212,928 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-10-01 11:13 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-10-01 10:44 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-10-01 10:43 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-10-01 10:43 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-30 10:32 26,496 --a------ C:\WINDOWS\system32\drivers\usbstor.sys
2006-09-30 10:31 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-29 20:55 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-29 20:49 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-29 20:49 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-29 20:49 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-29 20:49 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-29 20:36 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-29 20:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-29 20:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-29 20:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-29 20:35 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-29 20:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-29 20:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-23 09:03 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\Help
2006-10-23 08:47 -------- d-------- C:\Program Files\Plaxo
2006-10-20 12:39 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-20 11:14 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\Talkback
2006-10-20 10:54 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\Thunderbird
2006-10-20 10:54 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\Mozilla
2006-10-20 10:34 -------- d-------- C:\Program Files\Hijackthis
2006-10-09 16:40 -------- d-------- C:\Program Files\Messenger
2006-10-09 16:38 -------- d-------- C:\Program Files\Internet Explorer
2006-10-09 16:27 -------- d-------- C:\Program Files\Outlook Express
2006-10-09 16:27 -------- d-------- C:\Program Files\Common Files\System
2006-10-06 09:27 -------- d-------- C:\Program Files\America Online 9.0
2006-10-05 17:13 -------- d-------- C:\Program Files\Notebook Maximizer
2006-10-05 09:19 -------- d-------- C:\Program Files\Viewpoint
2006-10-02 16:05 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-02 16:02 -------- d-------- C:\Program Files\Hewlett-Packard
2006-10-02 15:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-02 14:41 -------- d---s---- C:\Documents and Settings\Mel Adriano\Application Data\Microsoft
2006-10-02 14:11 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-02 12:30 -------- d-------- C:\Program Files\AOD
2006-10-02 12:30 -------- d-------- C:\Program Files\AIM
2006-10-02 12:30 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\Aim
2006-10-02 12:25 -------- dr-h----- C:\Documents and Settings\Mel Adriano\Application Data\yahoo!
2006-10-02 12:15 -------- d-------- C:\Program Files\Yahoo!
2006-10-02 12:15 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-10-02 12:14 -------- d-------- C:\Program Files\Real
2006-10-02 12:12 -------- d-------- C:\Program Files\MSN Messenger
2006-10-02 11:58 -------- d-------- C:\Program Files\EPSON
2006-10-02 11:12 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-02 10:45 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 10:45 -------- d-------- C:\Program Files\Movie Maker
2006-10-02 10:36 -------- d-------- C:\Program Files\Windows NT
2006-10-02 10:36 -------- d-------- C:\Program Files\NetMeeting
2006-10-02 09:25 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\SpamBayes
2006-10-02 09:23 -------- d-------- C:\Program Files\SpamBayes
2006-10-01 22:02 -------- d-------- C:\Program Files\Microsoft Works
2006-10-01 20:43 -------- d-------- C:\Program Files\Kaspersky Lab
2006-10-01 20:43 -------- d-------- C:\Program Files\iolo
2006-10-01 20:43 -------- d-------- C:\Program Files\Common Files\Kaspersky Lab
2006-10-01 20:43 -------- d-------- C:\Program Files\Common Files
2006-10-01 10:40 -------- d-------- C:\Documents and Settings\Mel Adriano\Application Data\Macromedia
2006-09-30 10:33 -------- d-------- C:\Program Files\Atheros
2006-09-13 13:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 23:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 20:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 17:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 19:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 21:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"CplBTQ00"="C:\\Program Files\\EzButton\\CplBTQ00.EXE"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
@=""
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"CpRmtKey"="\"C:\\Program Files\\Toshiba Controls\\CpRmtKey.EXE\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"\\\\PRINTEREPSON\\EPSON Stylus CX3700 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACP.EXE /P41 \"\\\\PRINTEREPSON\\EPSON Stylus CX3700 Series\" /O6 \"USB001\" /M \"Stylus CX3700\""
"HPWT myPrintMileage Agent"="C:\\Program Files\\Hewlett-Packard\\HP Business Inkjet 1000\\Toolbox\\mpm.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-10-23 9:07:28.64
C:\ComboFix.txt ... 06-10-23 09:07


Hope to hear from you.

thanks,

olace88
  • 0

#7
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

The logs arent revealing much

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\iolobtdfg.exe
  • Click on the submit button
  • Please post the results in your next reply.
Do the same for C:\WINDOWS\system32\smrgdf.exe
  • 0

#8
olace88

olace88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Loophole,

Sorry for the delay in my reply. Anyway, it was a national holiday yesterday so I was not able to perform your suggestion. Anyway, I'll do it and send the log asap.

Thank you for your patience.

regards,

olace88
  • 0

#9
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK :whistling:
  • 0

#10
olace88

olace88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi Loophole,

I sincerely apologize for not getting back to you regarding my problem with Microsoft Outlook. I got so busy the past weeks and have no time running the Jotti's malware scan. Anyway, I really appreciate the time and effort you put into this. I'll post the log as soon as I find the time.

Again, I'm sorry for taking your time.

best regards,

olace88
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP