problems accessing my emails - do i have a virus. M Service provider tells me its an OE problem but i dont use OE i use incredimail and have doen for years. OVer he last few days i cannot access my emails unless i got to VM hoempage. It coems up with an error code on OE 0x800CCCOF service provider tells me its definatly a problem on OE so do i have a virus or have i bene hijacked coz my spyware and AVG have not picked anyhing up. i get a message saying failed to conect to pop.ntlworld.com pelase try again, but ive been doing this for the last 2 days. also having problems getting on the net at times. Any help appreciated
ok foudn hijackthis on here and here is a copy of the log if anyone can help : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:22:41, on 03/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINDOWS\system32\mobsync.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reptilicious.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.1.224.4:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" O4 - HKLM\..\Run: [Motive SmartBridge] "C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [eBayToolbar] "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Logitech Desktop Messenger] "C:\DOCUME~1\Linda\LOCALS~1\Temp\ins1.tmp\LDMClient.exe" -ReportOnly O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Linda\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.reptilicious.com O15 - Trusted Zone: http://*.youtube.com O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175453457312 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ManageEngine Desktop Central 6 (DesktopCentralServer) - Unknown owner - C:\Program Files\DesktopCentral_Server\bin\wrapper.exe (file missing) O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing) O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Linda/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 11777 bytes
Hi linny Is this a proxy you recognize? 80.1.224.4 Let's try a little more analysis: Please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Hi linny Is this a proxy you recognize? 80.1.224.4 - sorry yes it is just checked my diary and my proxy setitng are, but dont think i have it on proxy now that was for ebay when i could not get onto it a few years ago. answer to that is no. i know its an ntl ip address bit its the last bit 224.4 that i dont reconginse mine are mainly 111.1 ubt now downloading that prog thanks ( will check IPS on other pcs as i do have wireless but it is locked with a password how do i disable the firewalls etc??
Think i did it all correct here is the log file: ComboFix 08-11-03.04 - Linda 2008-11-04 11:15:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.209 [GMT 0:00] Running from: c:\documents and settings\Linda\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))) . 2008-11-04 10:56 . 2008-11-04 11:00 <DIR> d-------- c:\windows\system32\URTTemp 2008-11-03 17:21 . 2008-11-03 17:21 <DIR> d-------- c:\program files\Trend Micro 2008-10-31 09:26 . 2008-10-31 09:26 <DIR> d-------- c:\program files\NOS 2008-10-31 09:26 . 2008-10-31 09:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-10-29 22:21 . 2008-10-29 22:21 <DIR> d-------- C:\Binaries 2008-10-24 08:07 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-16 06:46 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-16 06:45 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 06:45 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 06:45 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 06:45 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-16 06:35 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-12 15:05 . 2008-10-29 22:16 164 --a------ C:\install.dat 2008-10-10 19:12 . 2008-10-10 19:12 <DIR> d-------- c:\program files\iPod 2008-10-10 19:11 . 2008-10-10 19:13 <DIR> d-------- c:\program files\iTunes 2008-10-10 19:11 . 2008-10-10 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-03 07:55 --------- d-----w c:\program files\Google 2008-10-31 22:02 --------- d-----w c:\program files\bigmaq 2008-10-31 21:57 --------- d-----w c:\documents and settings\Linda\Application Data\WholeSecurity 2008-10-30 18:04 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-10-30 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot 2008-10-23 14:52 --------- d-----w c:\program files\DYMO Label 2008-10-23 09:02 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-10-18 12:26 --------- d-----w c:\program files\Webroot 2008-10-12 13:18 1,553,272 ----a-w c:\windows\WRSetup.dll 2008-10-10 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-02 04:15 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys 2008-10-02 04:15 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys 2008-10-02 04:15 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys 2008-09-16 20:20 --------- d-----w c:\program files\SecretZip Drive 2008-09-16 08:52 28,656 ----a-w c:\documents and settings\Linda\Application Data\GDIPFONTCACHEV1.DAT 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-11 12:13 --------- d-----w c:\program files\Apple Software Update 2008-09-11 12:00 --------- d-----w c:\program files\Bonjour 2008-09-11 11:58 --------- d-----w c:\program files\QuickTime 2008-09-11 11:56 --------- d-----w c:\program files\Common Files\Apple 2008-09-08 14:17 --------- d-----w c:\documents and settings\Linda\Application Data\Apple Computer 2008-09-08 14:04 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-29 09:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 08:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-08-05 16:55 265,720 ----a-w c:\windows\system32\msdbg2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2008-10-12 13:11 238968 --a------ c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_9.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2007-10-09 475180] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "Motive SmartBridge"="c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 380928] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-08 652528] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-10-12 6272888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ broadband medic.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe [2007-01-08 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.mxmc"= MimicICM.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] --a------ 2008-08-08 06:09 652528 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2002-12-10 18:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 18:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "Pctspk"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\CIMSVR.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Documents and Settings\\Linda\\Desktop\\Unused Desktop Shortcuts\\Incredimail files\\incredimail_install.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCPxpsp2res.dll,-22015 "1701:UDP"= 1701:UDPxpsp2res.dll,-22016 "500:UDP"= 500:UDPxpsp2res.dll,-22017 "8020:TCP"= 8020:TCP:Manage Engine Desktop Central "5800:TCP"= 5800:TCP:vnc "5900:TCP"= 5900:TCP:vnc "135:TCP"= 135:TCPCOM(135) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings] "Enabled"= 1 (0x1) R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-06-27 12936] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-23 90632] R1 BUFADPT;BUFADPT;c:\windows\system32\BUFADPT.SYS [2005-07-06 9600] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-23 874776] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 231704] R2 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\DRIVERS\bwcdrv.sys [2003-12-21 19840] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-10-12 1066360] R3 Ptserlp;PCTEL Serial Device Driver for PCI;c:\windows\system32\DRIVERS\ptserlp.sys [2001-08-17 112574] S2 DesktopCentralServer;ManageEngine Desktop Central 6;c:\program files\DesktopCentral_Server\bin\wrapper.exe [ ] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\DRIVERS\V0010bVd.sys [2003-04-21 186551] S4 Pctspk;PCTEL Speaker Phone;c:\windows\system32\pctspk.exe [2001-08-17 86016] . Contents of the 'Scheduled Tasks' folder 2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-11-03 c:\windows\Tasks\wrSpySweeper_L118A09910D904287818BF09AD695806C.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-11-03 c:\windows\Tasks\wrSpySweeper_L118A09910D904287818BF09AD695806C.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-10-30 c:\windows\Tasks\wrSpySweeper_L40AFBA48FCA347FA8817F4857881D8EA.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-10-30 c:\windows\Tasks\wrSpySweeper_L40AFBA48FCA347FA8817F4857881D8EA.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-10-30 c:\windows\Tasks\wrSpySweeper_L40AFBA48FCA347FA8817F4857881D8EA.job - a:\","c:\","d:\","e:\","f:\","g:\" [] 2008-10-31 c:\windows\Tasks\wrSpySweeper_L6760C0ACFA2145E8930077BAA616F0D7.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-10-31 c:\windows\Tasks\wrSpySweeper_L6760C0ACFA2145E8930077BAA616F0D7.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-11-03 c:\windows\Tasks\wrSpySweeper_LD7C2C019C6CB4018B35F05108B73FAFC.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-11-03 c:\windows\Tasks\wrSpySweeper_LD7C2C019C6CB4018B35F05108B73FAFC.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-11-03 c:\windows\Tasks\wrSpySweeper_LD7C2C019C6CB4018B35F05108B73FAFC.job - a:\","c:\","d:\","e:\","f:\","g:\" [] 2008-10-01 c:\windows\Tasks\wrSpySweeper_LFD64610CAFBB4CC38BA43617441A4716.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-10-01 c:\windows\Tasks\wrSpySweeper_LFD64610CAFBB4CC38BA43617441A4716.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 13:18] 2008-10-01 c:\windows\Tasks\wrSpySweeper_LFD64610CAFBB4CC38BA43617441A4716.job - a:\","c:\","d:\","e:\","f:\","g:\" [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Linda\Application Data\Mozilla\Firefox\Profiles\nffzw9wg.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1977496&SearchSource=3&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.reptiliciousreptileforum.com/index.php FF -: plugin - c:\documents and settings\Linda\Application Data\Mozilla\Firefox\Profiles\nffzw9wg.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 11:31:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Windows Defender\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\AVG\AVG8\avgam.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\IncrediMail\bin\ImApp.exe c:\progra~1\Magentic\bin\MgApp.exe c:\program files\ntl\broadband medic\bin\mpbtn.exe c:\program files\Webroot\Spy Sweeper\SSU.exe . ************************************************************************** . Completion time: 2008-11-04 11:56:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-04 11:54:58 Pre-Run: 50,230,456,320 bytes free Post-Run: 52,938,125,312 bytes free 247 --- E O F --- 2008-10-30 18:23:43
Hey linny So, can I delete the proxy setting? If so, follow these instructions: Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries. Code: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.1.224.4:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Click on the button Fix checked NOTE:: Close all browsers before fixing anything. I see nothing in your logs to suggest such a problem as you are having, nor is your system infected. Perhaps we can try a system scanner. Please download Advanced Windowscare Personal. Install it, update it, and run a scan. Fix everything except Startup Manage. Reboot, and see if your problem is still there. Best Regards
yes can delete the proxy as its not used dunon whats happened but my emails are now coming throgh so i think it was a suppliers fault, coz it was on all 3 pc's and the laptop that could not receive any emails printed out this lot of instructions and will do hijack again
that Advanced Windowscare Personal jsut come up with a page of forums, but i have found http://www.registryfix.com/download/index.htm -is that the one i need to download - sorry as you can tell im not exactly and expert on this lol! Good thing is sounds like i dont have any problems on my pc and id like to thank you guys on AD for helping me especially you cdavfrew
i downloaded that prog but it wont fix anything unless i pay and register bit confused now as i have downloaded serval fix progs - most of which wont fix anything unless you register and pay
Uninstall the program you installed. The program can be found at www.iobit.com, and is freeware, so you don't have to pay anything to fix anything. All good now? Great. Glad we could help you!
thanks now got correct programme and wow 9MB of extra space i now got, not sure if pc is runnig better as only just doen it but gonna download it to rest of pcs and lappy coz that really is slow and probably has megga problems on in so thanks a bunch for your help!
well pc is runing far better but still got the email problem cant send/receive any. Its quite random coz ill go away from pc for a while come back and ive got like 60-100, ( i get a lot due to my forum - theyr not spam ones lol) but ive got 2 in my outbox that i cant send. ive now tried to set up my hotmail to use for my emails, lol but waiting for validation and once ive got that i can do same with other email addys ( yes ive got a few lol) im thinking it maybe an ip problem. ive turned of firewall on spyware and virus protector. looked up the 0x800cccof error on google and well its one of those no going probs but i don't use OE i use Incredimail as my email client and well virgin cant help me with that just keep telling me its my pc problem and not a problem with my email as such. I can pick then up from virgin but well thats a pain when you have to check each address individually. It just seems it the last week or so yet ive done nothing different. i do have a bit of a whiz kid who said he would come and check my ip config and see if he can see if there is a problem so will wait to see what he has to say.
Hey linny40 Doesn't sound like an IP problem. If it's been fine all along, except for the problem which starts acting up now, it probably is something to do with your supplier's fault. Best Regards
thanks, sory its taken so long to reply back but still having email probs but given up trying to talk to them sorry im in england and you getto talk to a call centre millinos of miles away and well have trouble understanding wha they are saying with the dialect and the fact that they talk way to fast for me lol! will jsut have to suffer for now, coz pc is running great now except for emails. I can get them direct form he server but its apain cozi gotta go into each email account and it takes 4ever lol! one think i will add is when i type in ipconfig in my run box itcomes up and disapears beofre you get a chance to blink, so coudl be summit with pc i guess
Hey linny40 It's normal to have ipconfig disappear if you run it from the Run box. You're not supposed to, but rather, run it in Command Prompt. IPConfig will simply show your IP address, and if you can connect normally to this site, it probably means that you have no problems with your IP address. I would recommend switching email clients for now. Best Regards
