Tech Support Forum - View Single Post

hilton7949 · 04-16-2005, 02:06 PM

I am hoping that cleaning these out will end the enormous amount of spam this computer is getting (I'm talking about 150-200/day). I figured it must have a trojan/malware culprit sending out its e-mail address. Are some of the ones that have been deleted capable of doing that?

New log:
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:55:43 PM, on 04/16/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\SCTHEMES\SCTHEMES.EXE
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\EREG\REMIND32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE

F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: ScreenThemes.lnk = C:\scthemes\scthemes.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .adp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

End of KRC HijackThis Analyzer Log.
====================================================================

04-16-2005, 02:06 PM	#5 (permalink)
hilton7949 Registered User Join Date: Mar 2005 Posts: 71 OS: several computers:xp,2000,98se,ME,linux	Log following next round of deletions I am hoping that cleaning these out will end the enormous amount of spam this computer is getting (I'm talking about 150-200/day). I figured it must have a trojan/malware culprit sending out its e-mail address. Are some of the ones that have been deleted capable of doing that? New log: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 3:55:43 PM, on 04/16/2005 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE C:\SCTHEMES\SCTHEMES.EXE C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\EREG\REMIND32.EXE C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE F1 - win.ini: run=hpfsched O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\sbsetup.exe c:\windows\SYSTEM O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe O4 - Startup: ScreenThemes.lnk = C:\scthemes\scthemes.exe O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32.EXE O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll O12 - Plugin for .adp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net End of KRC HijackThis Analyzer Log. ====================================================================