1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

email msgs yet I didn't send email from symantec

Discussion in 'Virus & Other Malware Removal' started by maultar, Oct 21, 2007.

Thread Status:
Not open for further replies.
  1. maultar

    maultar Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    1
    hijack this log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 8:34:01 AM, on 10/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nslsvice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    C:\Program Files\Altiris\Carbon Copy\shellker.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\notes\ntmulti.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ISS\BlackICE\blackd.exe
    \192.168.1.44\ctemp\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myelvis.d51.lilly.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lillynet.global.lilly.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myelvis.d51.lilly.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Flash Module - {68D5BBF9-EED5-4125-B227-55F81540BF4D} - simcard1.dll (file missing)
    O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [cpqek] none
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ICEXPIE] "C:\Program Files\sburst\Lilly\ASBBL32.EXE" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ICEXPIE] "C:\Program Files\sburst\Lilly\ASBBL32.EXE" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ICEXPIE] "C:\Program Files\sburst\Lilly\ASBBL32.EXE" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ICEXPIE] "C:\Program Files\sburst\Lilly\ASBBL32.EXE" (User 'Default user')
    O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
    O4 - Global Startup: Proventia Desktop Agent.lnk = ?
    O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://lillynet.global.lilly.com/
    O15 - Trusted Zone: http://elvis1.d50.lilly.com (HKLM)
    O15 - Trusted Zone: http://ic1-pk01.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://icewebapps.global.lilly.com (HKLM)
    O15 - Trusted Zone: http://lillynet.global.lilly.com (HKLM)
    O15 - Trusted Zone: http://LillyNetCollaboration.global.lilly.com (HKLM)
    O15 - Trusted Zone: http://mc1legalwp01.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://mc1spotfire1.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://mcntspotfire01.d51.lilly.com (HKLM)
    O15 - Trusted Zone: http://msproject.d51.lilly.com (HKLM)
    O15 - Trusted Zone: http://sites-ltc.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://sites.ema.lilly.com (HKLM)
    O15 - Trusted Zone: http://sites.global.lilly.com (HKLM)
    O15 - Trusted Zone: http://sos.lilly.com (HKLM)
    O15 - Trusted Zone: http://srv04448.d52.lilly.com (HKLM)
    O15 - Trusted Zone: http://vpo.d51.lilly.com (HKLM)
    O15 - Trusted Zone: http://vs1-ph01.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://vs1-ph02.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://vs1-ph03.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://vs1-ph04.am.lilly.com (HKLM)
    O15 - Trusted Zone: http://yo2-ph01.ema.lilly.com (HKLM)
    O15 - Trusted Zone: http://yo2-ph02.ema.lilly.com (HKLM)
    O15 - Trusted Zone: http://yo2-ph03.ef.lilly.com (HKLM)
    O15 - Trusted Zone: http://yo2-ph04.ef.lilly.com (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AM.LILLY.COM
    O17 - HKLM\Software\..\Telephony: DomainName = AM.LILLY.COM
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4354177D-DC3E-4EF5-A133-779AB5BA4720}: NameServer = 192.168.1.2,192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A3F9AF-94B8-41F3-A4D6-0FA1F5BBE171}: NameServer = 192.168.1.2,192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AM.LILLY.COM
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = am.lilly.com,d51.lilly.com,d48.lilly.com,d52.lilly.com,d50.lilly.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AM.LILLY.COM
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = am.lilly.com,d51.lilly.com,d48.lilly.com,d52.lilly.com,d50.lilly.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = am.lilly.com,d51.lilly.com,d48.lilly.com,d52.lilly.com,d50.lilly.com
    O20 - AppInit_DLLs: AMInit.dll
    O20 - Winlogon Notify: winrpf32 - C:\WINDOWS\SYSTEM32\winrpf32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
    O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
    O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: Local IT Software Distribution (ITSD) - Unknown owner - C:\WINDOWS\System32\LTDSDA.EXE (file missing)
    O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\notes\ntmulti.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\vpatch.exe

    --
    End of file - 11338 bytes

    what file(s) should i get rid of? Thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/641306

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice