1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spam relay?

Discussion in 'Virus & Other Malware Removal' started by MarkPark, Apr 27, 2004.

Thread Status:
Not open for further replies.
  1. MarkPark

    MarkPark Thread Starter

    Joined:
    Jan 11, 2004
    Messages:
    16
    I've recently been receiving bounced email messages from emails I did not originally send. I'm concerned that my PC may be used as a spam relay.
    My PC is a Dell Dimension 4100, P3, 900MHz, running WinME, Zonealarm Pro & Norton Viruscan, on a home network going to the cable modem through a router.

    Can anything be determined from the attached Hijack This log?

    Logfile of HijackThis v1.96.1
    Scan saved at 8:05:34 PM, on 4/27/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    F:\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    F:\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    F:\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    D:\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\DATAVIZ\DVZINCMSGR.EXE
    E:\DOWNLOAD\TECHSUPPORT\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myibocs.com/
    F1 - win.ini: run=hpfsched
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.quixtar.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\5zsupyvy.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CNETSCAPE7%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\5zsupyvy.slt\prefs.js)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV Agent] F:\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] F:\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] F:\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [NPROTECT] F:\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Roxio\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
    O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Office Startup.lnk.disabled
    O4 - User Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
    O4 - User Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - User Startup: PowerReg Scheduler.exe
    O4 - User Startup: Office Startup.lnk.disabled
    O4 - Global Startup: GoBack.lnk.disabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.7594212963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
     
  2. HitAnyKey

    HitAnyKey

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    Is there any additional information that we can provide that would assist in helping you to help us figure this one out? My dad is receiving these bounced emails every single day, even though he has been keeping his network cable unplugged when he hasn't been using the internet.

    As soon as he plugs it in again, and runs McAfee SpamKiller to check his email (he has his mails run through that first) it notifies him of the many emails that look like spam and appear to have been sent by him. They have his email address in the Sent From and Repy-To fields of the headers. The emails are mails that look to have been bounced back from attempting to be sent to email addresses that don't exist or can't receive the mails.
     
  3. HitAnyKey

    HitAnyKey

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    I'm bringing this back to the forefront with some more information. Hopefully someone will have an idea of how we can fix this problem.

    The actual PC that is referenced in this post has been unplugged from the network for the past 3-4 days. He's been using his laptop to check his mail through the web interface of Optimum Online (our network provider), and these bounced emails are still arriving.

    Any ideas on how we can figure out what is going on to cause this? :confused:
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224462

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice