ajm200

The other things didn't find anything, but the Hijack log is as below: Can't see anything overtly evil, though I must admit I am not familiar with some of the running processes, particularly the ones within the system32 folder... Andrew Logfile of HijackThis v1.97.7 Scan saved at 13:55:17, on 16/02/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\nslsvice.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\cusrvc.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Lotus\Notes\ntmulti.exe C:\Program Files\Novell\ZENworks\nalntsrv.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\NetDrive\wdService.exe C:\WINNT\system32\svchost.exe C:\Program Files\Novell\ZENworks\wm.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINNT\system32\MsgSys.EXE C:\WINNT\Explorer.EXE C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\Atiptaxx.exe C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINNT\system32\PRPCUI.exe C:\WINNT\system32\dpmw32.exe C:\WINNT\system32\NWTRAY.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINNT\system32\ctfmon.exe C:\PROGRA~1\ERICSSON\COMMUN~1\MOBILE~1\EPMWOR~1.EXE C:\Lotus\Notes\NLNOTES.EXE C:\Lotus\Notes\ntaskldr.EXE C:\WINNT\SYSTEM32\VpnStats.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\AMurray\Local Settings\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm O1 - Hosts: 172.22.2.41 denotes1.mymow.com O1 - Hosts: 172.22.2.241 franotes1.mymow.com O1 - Hosts: 172.22.2.151 frasvr01.mymow.com O1 - Hosts: 172.22.2.155 frasvr02.mymow.com O1 - Hosts: 172.22.2.165 frasvr03.mymow.com O1 - Hosts: 172.20.2.79 fraunity1.mymow.com O1 - Hosts: 172.21.2.241 lonnotes1.mymow.com O1 - Hosts: 172.21.2.151 lonsvr01.mymow.com O1 - Hosts: 172.21.2.155 lonsvr02.mymow.com O1 - Hosts: 172.21.2.165 lonsvr03.mymow.com O1 - Hosts: 172.20.2.77 lonunity1.mymow.com O1 - Hosts: 172.23.2.151 madsvr01.mymow.com O1 - Hosts: 172.26.2.151 milsvr01.mymow.com O1 - Hosts: 172.20.2.42 mowchat01.mymow.com O1 - Hosts: 172.20.2.43 mowbes1.mymow.com O1 - Hosts: 172.20.2.72 mowgoback.mymow.com O1 - Hosts: 172.20.2.51 mowupdates.mymow.com O1 - Hosts: 172.20.2.241 nycnotes1.mymow.com O1 - Hosts: 172.20.2.151 nycsvr01.mymow.com O1 - Hosts: 172.20.2.155 nycsvr02.mymow.com O1 - Hosts: 172.20.2.165 nycsvr03.mymow.com O1 - Hosts: 172.20.2.75 nycunity1.mymow.com O1 - Hosts: 172.25.2.151 sinsvr01.mymow.com O1 - Hosts: 172.21.2.41 uknotes1.mymow.com O1 - Hosts: 172.20.2.41 usnotes1.mymow.com O1 - Hosts: 172.21.2.160 zenwsimport.mymow.com O1 - Hosts: 63.111.194.182 vpn1.mymow.com O1 - Hosts: 63.111.193.175 vpn2.mymow.com O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar_en_2.0.107-big.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar_en_2.0.107-big.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINNT\System32\zentray.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [NDPS] C:\WINNT\system32\dpmw32.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CFDStart] C:\WINNT\WinMuschi.exe -m O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar_en_2.0.107-big.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar_en_2.0.107-big.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar_en_2.0.107-big.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar_en_2.0.107-big.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar_en_2.0.107-big.dll/cmtrans.html O9 - Extra button: Novell delivered applications (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} (WebInstall) - http://www.lucius2003.biz/uk/webinstall.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7985C439-23C4-4765-A8C0-21C0F5FB1874}: NameServer = 195.241.49.33 195.241.48.33

I've been having what seems like exactly the same problem for the past week or two - I receive a few bounced emails a day, which all appear to have been sent from this computer (the IPs match to whether I have been at home or using a dialup in the Netherlands). Nothing from Norton AV, but I will try the suggestions above. Andrew P.S. Example mail: Return-Path: <Andrew@AJMurray.freeserve.co.uk> Received: from unknown (HELO LONJJZX70J) (amurray?owc@195.240.28.83 with login) by smtp105.mail.sc5.yahoo.com with SMTP; 10 Feb 2004 10:02:06 -0000 Reply-To: <Andrew@AJMurray.freeserve.co.uk> From: "Andrew Murray" <Andrew@AJMurray.freeserve.co.uk> To: <nfuizlzwrfpuo@aaronkwok.net> Subject: Not read: Read: What's up, then? Date: Tue, 10 Feb 2004 11:01:58 +0100 Message-ID: <00a301c3efbc$ed69cd50$531cf0c3@LONJJZX70J> MIME-Version: 1.0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-MS-TNEF-Correlator: 000000000045864123B0504BB412FEBD513BC520A4E33F00 eJ8+IgEKAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9S