Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outlook Express Needs Repairing?


  • Please log in to reply
7 replies to this topic

#1 randyrayd

randyrayd

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Location:Austin, of course.
  • Local time:01:44 PM

Posted 08 May 2006 - 05:48 PM

My Outlook Express keeps creating new messages that just run in the background. I only ascertained this when I ran Task Manager. Two questions:

1. What would cause this? Iíve run AV and anti-spyware applications and Iím clean.

2. I tried repairing IE in Add/Remove Programs and itís not listed. Thereís only an IE update Q903235. Whatís up with that?

Question #2 isnít that big a deal as Iím going to reinstall IE6 and then it should be listed. Iím just curious why itís not listed in Add/Remove programs.

My OS is Win2K

Thanks,
Randall

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:44 PM

Posted 08 May 2006 - 06:15 PM

Whoa there Tex, sounds like you may have some malware that is on your computer. I would suggest you put away that IE6-shooter and run some online scans for trojans/viruses. Or you might want to submit a Hijack This scan.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 randyrayd

randyrayd
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Location:Austin, of course.
  • Local time:01:44 PM

Posted 08 May 2006 - 07:00 PM

Hey, buddy. Thanks. IE6 shooter....That's funny and I like a sense of humor.

Maybe you didn't read in my post that I ran updated Computer Associates AV, MS anti-spyware which runs in the background also, and Ad-Aware, which turns up negative and I just ran them again to be sure.

Edit: The messages aren't sent. It's as if I started an email but stopped before anything was typed.

rd

Edited by randyrayd, 08 May 2006 - 07:05 PM.


#4 HitSquad

HitSquad

    You're Bleepin' or you're Weepin'


  • Members
  • 1,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Momma
  • Local time:01:44 PM

Posted 09 May 2006 - 08:28 AM

Iím just curious why itís not listed in Add/Remove programs.

If you updated Win2k with any service packs, that's why and is normal.

Maybe you didn't read in my post that I ran updated Computer Associates AV, MS anti-spyware which runs in the background also, and Ad-Aware

No offense Randall but that's minimal protection.
No single AV program will detect all viruses, particularly when it comes to trojans.
If I were you, I'd take buddy's advice on second and third opinions and post a HJT log too.
It really can't hurt to be absolutley sure. :thumbsup:

#5 randyrayd

randyrayd
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Location:Austin, of course.
  • Local time:01:44 PM

Posted 09 May 2006 - 02:15 PM

If you updated Win2k with any service packs, that's why and is normal.


How do I get it back to Add/Remove so I can do a repair...even if that's not what's needed right now.

Per the suggestions, I ran two more anti-spyware apps and tried to run two more AV scans. Housecall wouldn't run, but maybe because I still had my AV running. I ran pctools AV scan. AV's showed nothing and not much (IMHO) from the anti-spyware scans. Of course one scan I ran found 4 "critical" items and for $9.95 I could quarantine them.

Here's my HJT log. I'm not an HJT guru like some of you guys, but I'm don't see much to be concerned about but would very much appreciate an expert opinion.

If I need to post this elsewhere, please advise.

Thanks,
Randall

Logfile of HijackThis v1.99.1
Scan saved at 1:50:16 PM, on 5/9/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\FRU\Remind32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\FRU\Remind32.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AirPlus.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.iwon. com
O15 - Trusted Zone: dot.state.tx.us.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122480969375
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

#6 randyrayd

randyrayd
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Location:Austin, of course.
  • Local time:01:44 PM

Posted 10 May 2006 - 07:17 PM

Okay, I've found a command that will repair IE without uninstalling updates or SP's. The phantom emails have stopped, but I'm curious about my HJT log.

Thanks,
Randall

Edited by randyrayd, 10 May 2006 - 07:18 PM.


#7 buddy215

buddy215

  • BC Advisor
  • 12,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:44 PM

Posted 10 May 2006 - 08:47 PM

Glad you found a painless cure for your email problem. I believe you will have to post elsewhere here to get a Hijack this review. I look at them strictly for practice. Glancing thru your scan I see one item you might want to check out---O15 - Trusted Zone: http://*.iwon. com

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 randyrayd

randyrayd
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Location:Austin, of course.
  • Local time:01:44 PM

Posted 10 May 2006 - 09:23 PM

Thanks buddy. I had to put iwon in as a trusted zone because I used to frequent a tech board there. jgweed who is a moderator here also used to post there and told me about this forum. It was restricted because of Alexis which is fairly benign IMHO. I don't go there anymore anyway so should take it out of Trusted.

I appreciate your reply.

Randall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users