Got a message that my machine might be a spam relay ?

This is my second try as I erred in my posting (Rule #3) sorry. I am a wrestling coach and tried to send a message to our state bulletin board moderator. I use OE 6 and Hotmail. I got this message back.



The original message was received at Mon, 25 Oct 2004 18:55:20 -0400
from bay22-f26.bay22.hotmail.com [64.4.16.76]

----- The following addresses had permanent fatal errors -----
<wrestle@wvmat.com>
(reason: 553 5.3.0 <tmiller@mountain.net>... DENY This machine is being used as a spam relay please call 304-848-5422.)

----- Transcript of session follows -----
... while talking to rx.citynet.net.:
>>> RCPT To:<tmiller@mountain.net>
<<< 553 5.3.0 <tmiller@mountain.net>... DENY This machine is being used as a spam relay please call 304-848-5422.
550 5.1.1 <wrestle@wvmat.com>... User unknown


Is it my machine or the other one and if it's mine how can I clean it up? I ran AdAware and Spybot and they didn't find anything.

Thanks to all....
Jim

 

The other machine may be setup to reject mail from Hotmail?
You have run the update options on Ad-aware and Spybot and run FULL scans with both. With Spybot I'd suggest clicking on the immunize button as well.
Have you run a full virus scan?

 

Here's what I have done

Thanks for the reply. I have Updated Spybot S&D, EZ Trust AV, Spysweeper and ADaware 6. My EZ Trust found 2 redirect exploit trojans in the java cache and I removed them with clean disk security set to 7 overwrites. That was all it found and that was a couple of weeks ago. When I run it now (updatd) it comes up clean. I also checked my firewall log (Sygate) and see no suspicious outgoing traffic. I have sent e-mail to this board many times with Hotmail and had not had any problem. The HJThis log looks OK to my untrained eye but would it help to send one?

Thanks again,
Jim

 

Yes, we have some HJT experts on the board. (not me though )

 

Here's the log file -

Logfile of HijackThis v1.97.7
Scan saved at 8:19:59 PM, on 10/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Remainder of log removed - update needed. Newt

 

Jim - you need to download the latest version of HJT, 1.98.2, and use it to create the scan log. The updated version finds more and has better removal tools.

http://radiosplace.com/ is a good place to download it.

 

Downloaded new version - here is logfile

Newt,
Thanks for steering me to the new HJT version.

I hope this will do the trick

Thanks again for all your help!

Logfile of HijackThis v1.98.2
Scan saved at 7:09:36 PM, on 10/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\VetMsgNT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\kmw_run.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Iomega\Tools\Imgicon.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINNT\system32\KMW_SHOW.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Disk Utilities\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84 "
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\Disk Utilities\Pop-Up Stopper\dpps2.exe "
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: twksup.lnk = D:\Disk Utilities\Tweak 3-1\twksup.exe
O16 - DPF: ppctlcab - http://www.my-etrust.com/includes/pscanner/ppctlcab.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...vehicles/2005/camry/ext360.html?noreloadredir
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {70FBDD76-044D-40C4-95E0-E15791C24AA4} - http://www.guardiansoftware.com/GAudit.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://peeper.axisinc.com/AxisCamControl.ocx
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} - http://communities.msn.com/scr/MsnUpld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BC26D98E-4F8E-11D4-B523-94ED45C04971} - http://www.pqvalet.com/plugin/win/ie/printQuick.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://photos.msn.com/resources/neutral/controls/MsnPUpld.cab?4,0,1009,0
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab

 

I see nothing in the log that would cause your machine to be a spammer.

 

Me either but these should be fixed
Have Hijackthis fix this >
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
===========
Uninstall viewpoint mediaplayer in control panel >addremove programs.
Reboot
Delete its folder if still present and pc32.exe also.

 

Many Many Thanks!

Will do as you suggested! I was afraid it was me!

Jim