|
Member Login:
|
|
 |
September 9th, 2011
|
Top | #1 |
Huh?
Joined: February 2004
Location: Miami, Fl
Posts: 1,124
Reputation: 50
Power: 112 |
PC printing/deleting email automatically?
I am truly baffled by this one. I am an admin and have an issue with a PC (I think) at a remote location. The user has told me that something is printing her emails but deleting them before they get to the inbox. I know it sounds very strange but at first thought it was viral. I ran scans with Symantec End-point protection 12, Trend micro house call, malwarebytes, super anti spyware, and spybot search & destroy. They found some stuff but they were "cleaned" and now the behavior continues. If I scan the machine again, it comes up clean. Oh, and I have tried deleting the printer but it still prints to it! I suspect it is this machine since this is the one she has her email client on. Where else could they be coming from.. More info: Active Directory 2003 domain (very simple) PC has XP SP3 on it with ALL updates I have tried recreating her profile on the PC as well, no luck As I said, I am baffled and could not find anything that would behave like this through google. Any help is appreciated. Thanks in advance |
|
|
|
September 10th, 2011
|
Top | #2 |
OSNN Veteran Addict
Joined: June 2004
Location: Seattle
Posts: 2,864
Reputation: 2689
Power: 151 |
Re: PC printing/deleting email automatically?
|
|
|
|
|
September 12th, 2011
|
Top | #3 |
|
Huh?
Joined: February 2004
Location: Miami, Fl
Posts: 1,124
Reputation: 50
Power: 112 |
Re: PC printing/deleting email automatically?
Oh yea? I thought symantec was good. Which would you recommend?
I will post a hijackthis log soon Thanks |
|
|
|
|
September 12th, 2011
|
Top | #4 |
|
Huh?
Joined: February 2004
Location: Miami, Fl
Posts: 1,124
Reputation: 50
Power: 112 |
Re: PC printing/deleting email automatically?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:36 AM, on 9/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Kyocera\FileUtility\SFUSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kyocera\FileUtility\nsCatCom.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Lantronix\Redirector\red32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe C:\WINDOWS\twain_32\Dell\Dell2335\Scan2Pc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kyocera\FileUtility\NsCatCom.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Redirector] C:\Program Files\Lantronix\Redirector\red32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [msnmsgupdate] msnmsgupdater.exe O4 - HKLM\..\Run: [Dell PanelMgr] C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [2335dn Scan2PC] "C:\WINDOWS\twain_32\Dell\Dell2335\Scan2Pc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Scanner File Utility.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1251124125437 O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.msbce.com/reports/bin/arview2.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VPCOMMONS.COM O17 - HKLM\Software\..\Telephony: DomainName = VPCOMMONS.COM O17 - HKLM\System\CCS\Services\Tcpip\..\{574D1B95-FB11-4BF9-8C9F-F16F597EB722}: NameServer = 10.8.1.5,64.80.84.108 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VPCOMMONS.COM O17 - HKLM\System\CS1\Services\Tcpip\..\{574D1B95-FB11-4BF9-8C9F-F16F597EB722}: NameServer = 10.8.1.5,64.80.84.108 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VPCOMMONS.COM O17 - HKLM\System\CS2\Services\Tcpip\..\{574D1B95-FB11-4BF9-8C9F-F16F597EB722}: NameServer = 10.8.1.5,64.80.84.108 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera\FileUtility\SFUSVC.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 7159 bytes |
|
|
|
|
September 27th, 2011
|
Top | #5 |
OSNN Junior Addict
Joined: June 2009
Posts: 2
Reputation: 0
Power: 0 |
Re: PC printing/deleting email automatically?
It was a helpful information for me,Bootsy's post is quite appreciable and was very helpful for me.But i didn't understand how u scanned all this and pasted here,need some assistance not much.Thanks in advice bootsy.
|
|
|
|
|
September 27th, 2011
|
Top | #6 |
|
Huh?
Joined: February 2004
Location: Miami, Fl
Posts: 1,124
Reputation: 50
Power: 112 |
Re: PC printing/deleting email automatically?
The log I pasted was from hijackthis, a troubleshooting tool. It basically says all meaningful running programs/services on your pc.
My problem was fixed by the way, there had been a user who set themselves up as an email pop recipient directly on the printer... hah... |
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Email printing error in Vista | Tweakfiend | Windows Desktop Systems | 6 | December 27th, 2007 5:47pm |
| send email without leaving email addy. | VenomXt | Green Room | 9 | October 19th, 2004 12:48pm |
| email address for email notification from ntfs.org | jonifen | Site Problems & Feedback | 21 | March 5th, 2003 3:33pm |
| Automatically connect? | ronenph1 | Windows Desktop Systems | 2 | September 5th, 2002 5:57pm |
| IE Homepage Automatically Changes? | GuardianAtomos | Windows Desktop Systems | 1 | April 3rd, 2002 12:13am |
