Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100's Of Emails Being Sent From My Computer.


  • Please log in to reply
7 replies to this topic

#1 410steve

410steve

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 16 May 2007 - 10:17 PM

Hello! My laptop was operating slow and had major issues when I would connect to my office's network "AFF"...I ran SDFix.exe and it deleted some of the issues shown in the HJT log and seemed to work fine. Well I plugged it back into my office network and it still had the same slow issues *(I can't download any files, I can't change internet options such as home page or history days, I can't download anything, Adobe Acrobat doesn't work, Outlook wants to reinstall when clicked on and I can't access any of the network printers.)*

The IT guy took the lap top and investigated it. He found that immediately after plugging the comp into the network, the network was swamped and my computer was sending 100's of emails. He removed all spyware removal programs (Spyware Doctor, Ad Aware SE, Spynomore, etc..) and uploaded Symantec Client Security.

I was able to get an HJT log while logged onto the network before the IT guy locked me off the network. It differed a lot from the HJT log, while logged onto my computer.

Logfile of HijackThis v1.99.1
Scan saved at 3:00:51 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and
Settings\Administrator.STEVE-57M9DIWJX\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should
be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should
be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should
be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should
be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should
be Internet Zone
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX
Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AFF.local
O17 - HKLM\Software\..\Telephony: DomainName = AFF.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AFF.local
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


*******************<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>**********************
Also, here is the most current HJT log. I'm not able to log into AFF any longer.

Logfile of HijackThis v1.99.1
Scan saved at 7:41:36 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AFF.local
O17 - HKLM\Software\..\Telephony: DomainName = AFF.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AFF.local
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:29 AM

Posted 17 May 2007 - 05:36 AM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Greets Jürgenv

Donation: Click me.

#3 410steve

410steve
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 18 May 2007 - 03:20 AM

I ran DrWeb, came home, it had stopped, so I started the scan over again and ended with this. Don't know if that makes any difference. It sure found a lot of stuff!

PS: I don't like the symantec software, my IT guy installed. It runs SAVROAM.exe, SPBBCSvc.exe, rtvscan.exe and ccEvtMgr.exe which slow my computer down. And I'm not able to disable it through msconfig startup. What do you recommend? Should I keep it? My computer is a 750mghz PIII Toshiba Satellite laptop with 128mb RAM...I try to keep running processes down to a minimum. Is there a good virus protection that doesn't eat up memory out there?

DrWeb.csv LOG:
ip6fw.sys;c:\windows\system32\drivers;BackDoor.Bulknet;Deleted.;
vcdb32.dll;C:\!KillBox;Trojan.Spambot;Deleted.;
Process.exe;C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\My Documents\My Received Files\SmitFraud\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\My Documents\My Received Files\smitRem;Tool.Prockill;Incurable.Moved.;
drf1175645776[1].htm;C:\Documents and Settings\steve.AFF\Local Settings\Temporary Internet Files\Content.IE5\UR43EBK3;Trojan.Packed.49;Deleted.;
drf1175645776[1].htm.exe;C:\Documents and Settings\steve.AFF\Local Settings\Temporary Internet Files\Content.IE5\UR43EBK3;Trojan.Packed.49;Deleted.;
Process.exe;C:\Program Files\Roguescanfix;Tool.Prockill;Incurable.Moved.;
Dc1.exe;C:\RECYCLER\S-1-5-21-1960408961-920026266-1060284298-500;Trojan.Swizzor;Deleted.;
Dc10.dll;C:\RECYCLER\S-1-5-21-1960408961-920026266-1060284298-500;Trojan.Vqten;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0071678.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071682.exe\data002;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303\A0071682.exe;Trojan.Spambot;;
A0071682.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;Archive contains infected objects;Moved.;
A0071687.dll;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;Trojan.Vqten;Deleted.;
A0071692.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071717.dll;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;Trojan.Spambot;Deleted.;
A0071721.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071743.exe\data002;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303\A0071743.exe;Trojan.Spambot;;
A0071743.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;Archive contains infected objects;Moved.;
A0071756.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071762.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071766.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071769.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071775.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071784.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP303;BackDoor.Bulknet;Deleted.;
A0071799.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;BackDoor.Bulknet;Deleted.;
A0071812.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;BackDoor.Bulknet;Deleted.;
A0071820.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;BackDoor.Bulknet;Deleted.;
A0071824.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;BackDoor.Bulknet;Deleted.;
A0071832.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;BackDoor.Bulknet;Deleted.;
A0072832.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;BackDoor.Bulknet;Deleted.;
A0075841.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;Tool.Prockill;Incurable.Moved.;
A0075892.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP305;Tool.Prockill;Incurable.Moved.;
A0075986.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP305;BackDoor.Bulknet;Deleted.;
A0076987.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP305;BackDoor.Bulknet;Deleted.;
A0077259.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP306;BackDoor.Bulknet;Deleted.;
A0077440.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP306;BackDoor.Bulknet;Deleted.;
A0077466.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP307;BackDoor.Bulknet;Deleted.;
A0077475.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP307;BackDoor.Bulknet;Deleted.;
A0077493.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP308;BackDoor.Bulknet;Deleted.;
A0077498.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP308;BackDoor.Bulknet;Deleted.;
A0077503.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP308;BackDoor.Bulknet;Deleted.;
A0077533.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP308;BackDoor.Bulknet;Deleted.;
A0077545.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP309;BackDoor.Bulknet;Deleted.;
A0077555.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP310;BackDoor.Bulknet;Deleted.;
A0077556.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP310;Trojan.NtRootKit.248;Deleted.;
A0078555.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP310;BackDoor.Bulknet;Deleted.;
A0078556.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP310;Trojan.NtRootKit.248;Deleted.;
A0079555.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP310;BackDoor.Bulknet;Deleted.;
A0079556.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP310;Trojan.NtRootKit.248;Deleted.;
A0080558.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP311;BackDoor.Bulknet;Deleted.;
A0082568.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP311;BackDoor.Bulknet;Deleted.;
A0082578.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP311;Tool.Prockill;Incurable.Moved.;
A0082600.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP311;Trojan.NtRootKit.248;Deleted.;
A0082608.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP311;Trojan.NtRootKit.248;Deleted.;
A0083006.sys;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP315;BackDoor.Bulknet;Deleted.;
A0083007.dll;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP315;Trojan.Spambot;Deleted.;
A0083008.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP315;Trojan.Packed.49;Deleted.;
A0083009.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP316;Trojan.Swizzor;Deleted.;
A0083010.dll;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP316;Trojan.Vqten;Deleted.;
Process.exe;C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\My Documents\My Received Files\SmitFraud\SmitfraudFix;Tool.Prockill;;
Process.exe;C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\My Documents\My Received Files\smitRem;Tool.Prockill;;
Process.exe;C:\Program Files\Roguescanfix;Tool.Prockill;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0075841.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP304;Tool.Prockill;;
A0075892.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP305;Tool.Prockill;;
A0082578.exe;C:\System Volume Information\_restore{B15EF170-2004-43C8-995E-E802DB3F2DF1}\RP311;Tool.Prockill;;


AND


Logfile of HijackThis v1.99.1
Scan saved at 1:07:57 AM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AFF.local
O17 - HKLM\Software\..\Telephony: DomainName = AFF.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AFF.local
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:29 AM

Posted 18 May 2007 - 05:26 AM

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):
To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.
Norton Antivirus (or anything similar such as Symantec etc..)

* After removing symantec, run the following tool to remove all leftovers: http://service1.symantec.com/SUPPORT/INTER...78?OpenDocument


* Please open hijackthis and put a check next to the following:

O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

C:\Program Files\SpyNoMore

Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.
Greets Jürgenv

Donation: Click me.

#5 410steve

410steve
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 18 May 2007 - 03:56 PM

Thanks for the help. I uninstalled Symantec and the processes are no longer running. I attempted the OTMoveFix for SpyNoMore and it couldn't locate file, so it couldn't generate a logfile either.

ALSO: Since I'm never again, going to hook this computer up to the AFF network at my office...how can I eliminate the users and log in options. Just one user "Administrator" and one network "my computer" in fact, I don't even want to have to log in. I want it to turn on and go. Currently, I always have the option of logging in as administrator or Steve on both "My Computer" and "AFF" And some programs in Program files (ie: Winamp) only show up when logged in as Steve on My Computer, but not when logged in as administrator on my computer. How can I simplify this?

Here's HJT

Logfile of HijackThis v1.99.1
Scan saved at 1:45:42 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator.STEVE-57M9DIWJX\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.taylorbeanonline.com/scriptx/smsx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AFF.local
O17 - HKLM\Software\..\Telephony: DomainName = AFF.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AFF.local
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:29 AM

Posted 18 May 2007 - 04:07 PM

So you mean you don't want to choose wich account you want to login but directly going to your desktop?
Greets Jürgenv

Donation: Click me.

#7 410steve

410steve
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 18 May 2007 - 10:56 PM

So you mean you don't want to choose wich account you want to login but directly going to your desktop?


Yes. How do I go back to one account and maintain all the desktop folders/icons and My Documents/pictures, etc.. from each user account onto one account? Currently in the drop down menu, I have the option to log into AFF. If I can't go to just one, can I eliminate this network log on option and delete the AFF user accounts?

Thanks for all your support!

Steve

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:29 AM

Posted 19 May 2007 - 06:53 AM

Save all the personal files from the account you want to delete on a memory stick or so and copy it to your account, after that, delete that account é voila. :thumbsup:
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users