| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80353 | 2007-06-20 02:45:00 | Outlook 2002 settings keep changing | radium (8645) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 560762 | 2007-06-20 02:45:00 | At work Outlook 2002 email account settings keep changing, almost everyday. It changes the email account name by putting pop3.officemail.co.nz at the end of it and it puts localhost into the incoming server pop3 box. Strange! I have virus scanned the computer and run HiJackThis and Spybot and have found nothing that has infected the computer. Any suggestions on what could be causing this would be great. Cheers |
radium (8645) | ||
| 560763 | 2007-06-20 02:48:00 | hmmmm..:illogical Tried deleting and re-creating the account? I suppose it's possible a setting has got stuffed up somewhere along the line. | wratterus (105) | ||
| 560764 | 2007-06-20 02:57:00 | It is your AV mail scanning that is doing this. Disable the Incoming mail scan in your AV which is probably NAV Even though it will not scan for viruses while downloading mail your AV will still give you protection. |
Safari (3993) | ||
| 560765 | 2007-06-20 03:50:00 | Theres no AV installed, well the closest thing to one is Trend Micro Office Scan which has been on our systems for ages, and as far as I can tell that doesn't scan the incoming or outgoing emails. I might try and create a new account like wrattus suggested, it's just that we will have to ring xtra for our password as no one can remember it and ringing xtra as you all know can be a hassel. Any other thoughts? Thanks guys |
radium (8645) | ||
| 560766 | 2007-06-20 04:58:00 | Maybe do a HJT scan and post the logfile so Speedy can have a look and see if there's anything suspicious. | beeswax34 (63) | ||
| 560767 | 2007-06-20 05:49:00 | Hi Speedy I can find any thing dodgy but maybe you can. Thanks Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:52:51 p.m., on 20/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\CAP4RSK.EXE C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\TEMP\HTB518.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK .EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK .EXE C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Nzcas\cas5.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Dimocks Retravision\My Documents\Hijacthis\HiJackThis_v2.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [keyboardswipe] C:\nzcas\disableR.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK .EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wave.co.nz/cgi-bin/signupcd.cgi O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe O24 - Desktop Component 0: (no name) - www.monacocorp.co.nz O24 - Desktop Component 1: (no name) - www.panasonic.co.nz -- End of file - 4762 bytes It is a work computer so I cant change too much but if theres something in there that may be causing this problem, that would be great. Cheers |
radium (8645) | ||
| 560768 | 2007-06-20 08:22:00 | Looks ok to me but u can tick these entries then tick fix checked. Put HJT in its own folder first and close browser/s. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN I dont know what u did for these to be here. O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present Unless most of the PC is locked down. Uninstall all versions of Sun Java. The latest is in my sig below. I dont know why these are in the log O24 - Desktop Component 0: (no name) - www.monacocorp.co.nz O24 - Desktop Component 1: (no name) - www.panasonic.co.nz It could be the virus scanner changing the things u posted. Check the virus scanner options. Under the email scanning. |
Speedy Gonzales (78) | ||
| 560769 | 2007-06-20 08:58:00 | Have a look at this (solutionfile.trendmicro.com) It could be Officescan thats causing this prob. As it states: Due to the architecture of the Internet mail scan function, the account name and the name of the incoming POP3 server changes. However, if you are using a supported Internet mail client such as Outlook 98 or above, Outlook Express, Netscape Messenger, or Eudora, OfficeScan will automatically make these changes and will not affect you receiving mail. If you are using an unsupported Internet mail client, in the mail configuration settings refer to your mail client documentation) you must manually change the incoming server to localhost and change the account name to name/pop3server (name is your account name and pop3server is the POP3 mail server name). |
Speedy Gonzales (78) | ||
| 560770 | 2007-06-20 10:44:00 | Wicked thanks Speedy Looks like Office Scan is the culprit I will get rid of office scan. and install avast and I will remove those HJT entires Thanks again. |
radium (8645) | ||
| 560771 | 2007-06-20 10:52:00 | No worries HTH Radium :) Hope Avast fixes it! |
Speedy Gonzales (78) | ||
| 1 | |||||