My PC may be sending emails I can't stop!

Discussion in 'Computer Support' started by Sim, Sep 20, 2005.

  1. Sim

    Sim Guest

    Sometimes when I'm on my computer, AVG pops up with this:

    AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar

    I have tried updating AVG running a scan and its found nothing. The same
    goes for Ad-Aware and Microsoft Anti Spyware. I don't want to reinstall my
    system but I can't get rid of this damn thing!

    What can I do?!

    Sim
     
    Sim, Sep 20, 2005
    #1
    1. Advertising

  2. Sim

    Shep© Guest

    On Tue, 20 Sep 2005 09:49:40 GMT As Androids Dreamed Of Electric Sheep
    and then "Sim" <> wrote :

    >Sometimes when I'm on my computer, AVG pops up with this:
    >
    >AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
    >
    >I have tried updating AVG running a scan and its found nothing. The same
    >goes for Ad-Aware and Microsoft Anti Spyware. I don't want to reinstall my
    >system but I can't get rid of this damn thing!
    >
    >What can I do?!
    >
    >Sim
    >


    What ISP are you using?



    --
    Free Windows/PC help,
    http://www.geocities.com/sheppola/trouble.html
     
    Shep©, Sep 20, 2005
    #2
    1. Advertising

  3. Sim

    Gordon Guest

    "Shep©" <> wrote in message
    news:
    > On Tue, 20 Sep 2005 09:49:40 GMT As Androids Dreamed Of Electric Sheep
    > and then "Sim" <> wrote :
    >
    >> Sometimes when I'm on my computer, AVG pops up with this:
    >>
    >> AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
    >>
    >> I have tried updating AVG running a scan and its found nothing. The
    >> same goes for Ad-Aware and Microsoft Anti Spyware. I don't want to
    >> reinstall my system but I can't get rid of this damn thing!
    >>
    >> What can I do?!
    >>
    >> Sim
    >>

    >
    > What ISP are you using?


    NTL.
     
    Gordon, Sep 20, 2005
    #3
  4. Sim wrote in 24hoursupport.helpdesk:

    > Sometimes when I'm on my computer, AVG pops up with this:
    >
    > AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
    >
    > I have tried updating AVG running a scan and its found nothing.
    > The same goes for Ad-Aware and Microsoft Anti Spyware. I don't
    > want to reinstall my system but I can't get rid of this damn
    > thing!
    >
    > What can I do?!
    >
    > Sim
    >
    >

    It sounds like *something* is trying to access a remote server. You may
    be infected with a Trojan or worm. Download and run HijackThis from:

    http://www.majorgeeks.com/download3155.html

    Take a look at what it reveals. If you need help you can post the
    contents in this thread and someone should be able to assist.

    You might also take a look at this thread:

    http://forums.majorgeeks.com/showthread.php?t=72442

    It might give you a hint or two.

    Good luck.

    --
    The Old Sourdough
    May 9 unsociable telephone operators find the meaning of life in your
    shower.
     
    The Old Sourdough, Sep 20, 2005
    #4
  5. Sim

    Sim Guest

    Here goes:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:30:31, on 20/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\RMClock\RMClock.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\WinAce\WinAce.exe
    C:\DOCUME~1\Simeon\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = http=200.69.209.130:80
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround
    Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program
    Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
    Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
    Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio
    Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator
    6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD
    Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program
    Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClock.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
    /background
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook
    Express\msimn.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
    Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program
    files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program
    files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll'
    missing
    O12 - Plugin for .mdz: C:\Program Files\Internet
    Explorer\Plugins\npmod32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
    AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/25700c0ac18154a9f922/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1116958275383
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
    AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
    Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program
    Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program
    Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

    Sim


    "The Old Sourdough" <> wrote in message
    news:Xns96D74F8A1706Ebcx25yti54op@216.196.97.131...
    > Sim wrote in 24hoursupport.helpdesk:
    >
    >> Sometimes when I'm on my computer, AVG pops up with this:
    >>
    >> AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
    >>
    >> I have tried updating AVG running a scan and its found nothing.
    >> The same goes for Ad-Aware and Microsoft Anti Spyware. I don't
    >> want to reinstall my system but I can't get rid of this damn
    >> thing!
    >>
    >> What can I do?!
    >>
    >> Sim
    >>
    >>

    > It sounds like *something* is trying to access a remote server. You may
    > be infected with a Trojan or worm. Download and run HijackThis from:
    >
    > http://www.majorgeeks.com/download3155.html
    >
    > Take a look at what it reveals. If you need help you can post the
    > contents in this thread and someone should be able to assist.
    >
    > You might also take a look at this thread:
    >
    > http://forums.majorgeeks.com/showthread.php?t=72442
    >
    > It might give you a hint or two.
    >
    > Good luck.
    >
    > --
    > The Old Sourdough
    > May 9 unsociable telephone operators find the meaning of life in your
    > shower.
     
    Sim, Sep 20, 2005
    #5
  6. Sim

    why? Guest

    On Tue, 20 Sep 2005 09:49:40 GMT, Sim wrote:

    >Sometimes when I'm on my computer, AVG pops up with this:
    >
    >AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
    >
    >I have tried updating AVG running a scan and its found nothing. The same
    >goes for Ad-Aware and Microsoft Anti Spyware. I don't want to reinstall my
    >system but I can't get rid of this damn thing!


    One of a few matching entries for a quick www.google.com search

    "fibertel.com.ar" pop3

    CastleCops heelpp!! avg email scanner shows auto pop3:connecting ...
    .... box in the bottom right hand side of the screen. within this box is
    the
    following text...auto pop3:connecting to 38-12-235-201.fibertel.com.ar.
    ....
    http://castlecops.com/t131304-heelpp_avg_email_scanner_shows_auto_pop3_connecting_to_38.html
    - Similar pages


    Sounds like a mass mailing worm, there are quite a few you should try
    scanning with some other apps, the often posted list is ripped from a
    Mike post (including other utilities)


    Run two online scanners:
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www3.ca.com/virusinfo/virusscan.aspx
    http://security.symantec.com/sscv6/default.asp
    http://us.mcafee.com/root/mfs/default.asp

    Download, update and use ALL of the following -- even
    if you already have them installed, UPDATE THEM NOW.
    Malware changes by the day, even by the hour, so you MUST
    have the latest version of removal tools:

    Spybot Search & Destroy
    http://www.safer-networking.org/en/index.html
    SpyBot S&D guide
    http://www.chem.wisc.edu/~network/spybot/

    Ad-Aware SE
    http://www.lavasoftusa.com/
    Ad-Aware VX2 cleaner plug-in
    http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
    IMPORTANT NOTICE:
    http://www.mvps.org/winhelp2002/hosts.htm#Attention

    Spyware Blaster
    http://www.javacoolsoftware.com/spywareblaster.html

    CWShredder (CoolWebSearch remover)
    http://cwshredder.net/cwshredder/cwschronicles.html
    Now maintained by InterMute
    http://www.intermute.com/spysubtract/cwshredder_download.html
    http://cwshredder.net/bin/CWShredder.exe

    Finally, for your startups:

    Startup Monitor
    http://www.mlin.net/StartupMonitor.shtml

    Startup Control Panel
    http://www.mlin.net/StartupCPL.shtml

    WinPatrol
    http://www.winpatrol.com/

    Check what's necessary and what isn't
    http://www.sysinfo.org/startuplist.php
    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
    http://www.windowsstartup.com/wso/index.php
    http://pestpatrol.com/Search/
    http://www.3feetunder.com/krick/startup/list.html
    http://www.greatis.com/regrun3appdatabase.htm
    http://www.kephyr.com/filedb/index.php
    http://www.reger24.de/processes.php
    http://www.pcpitstop.com/spycheck/known.asp



    >What can I do?!


    Read the castlecops article.

    >Sim
    >


    Me
     
    why?, Sep 20, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. md
    Replies:
    0
    Views:
    755
  2. Drifter
    Replies:
    3
    Views:
    878
    colin
    Jul 7, 2004
  3. Renee
    Replies:
    5
    Views:
    364
    Dave Martindale
    Oct 27, 2004
  4. Replies:
    1
    Views:
    430
  5. Rich

    First P&S that may "may" not be a piece of crap?

    Rich, Jul 23, 2008, in forum: Digital Photography
    Replies:
    31
    Views:
    815
    John Turco
    Aug 7, 2008
Loading...

Share This Page