# [SOLVED] Program accessing e-mail address



## Dizzee (Dec 30, 2002)

Help I have a program that is constantly trying to access me address book in outlook. Out look is asking me to grant permission for this program, which I deny, but I do not know which program this is. How can I find out which program is trying to access my Address book in outlook.
Thank you


----------



## rivincarn (Feb 19, 2003)

Hi

Im not sure but you might want to try housecall.antivirus.com and scan for a virus.


----------



## Corrosive (Jan 9, 2003)

Yes, this sounds like a virus, or a little more precisely, a worm. It's trying to access you're address book in a bid to spread to more people. Use Housecall (the link above), and then update you're virus definitions for the antivirus program you *should* be running to prevent this sort of thing happening again. Remember to do this regularly, as new virii are appearing all the time.


----------



## Dizzee (Dec 30, 2002)

I have done that and came up clean,
I do run AVG from www.grisoft.com regularly

I have restarted a few times and run ad-aware yet it is still trying to acecss my address book


----------



## ~Candy~ (Jan 27, 2001)

Go here and download the startup list, run, it and paste your results.

http://www.lurkhere.com/~nicefiles/


----------



## Dizzee (Dec 30, 2002)

StartupList report, 10/03/2003, 18:42:28
StartupList version: 1.52
Started from : C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.719\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.719\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
CyberBuddy.lnk = C:\Program Files\CyberBuddy\CyberBud.exe
GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

hpsysdrv = c:\windows\system\hpsysdrv.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
PS2 = C:\WINDOWS\system32\ps2.exe
PCTVOICE = pctspk.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
Ad-aware = C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
AVG_CC = C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\FHM100~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\NewDotNet\newdotnet4_80.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - c:\windows\googletoolbar_en_1.1.70-big.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Download Program Files:

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2003030601/housecall.antivirus.com/housecall/xscan53.cab

[{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}]
CODEBASE = http://toolbar.google.com/data/GoogleActivate.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37602.2957638889

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Measurement Service Client]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MSC.ocx
CODEBASE = http://ccon.madonion.com/global/msc.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #5: C:\Program Files\NewDotNet\newdotnet4_80.dll
Protocol #1: C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Protocol #2: C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Protocol #29: C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Protocol #30: C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\System32\upnpui.dll

--------------------------------------------------
End of report, 6,972 bytes
Report generated in 0.265 seconds

I hope it makes some sense to you
Thanks for the assistance


----------



## ~Candy~ (Jan 27, 2001)

It doesn't to make too much sense to me either  I just know enough about that to ask for it 

But I'm sure others will have some input........

For starters you have Newdot, I know that has to go. And you have a bunch of stuff on startup that can go as well.


----------



## Dizzee (Dec 30, 2002)

lol  thanks
I await guidance and instructions
how do I rid myself of Newdot for a start.
and what is the other crap I should scrap?


----------



## ~Candy~ (Jan 27, 2001)

I'm surprised no one has jumped on this yet. I'll look around for some others who normally answer these type of questions.

For starters, I believe you should be able to access add/remove programs and un-install the NewDot application from there.


----------



## Corrosive (Jan 9, 2003)

If you go back to the lurkhere site and download Spybot - Search & Destroy you'll be able to scan you're PC and remove any spyware. Like AcaCandy says, Newdot does have an Add/Remove Programs entry. Use this first, and then get rid of the remains with SS&D.


----------



## mamabear (Mar 10, 2003)

You might want to run a HiJackThis scan and see if anything "suspicious" shows up there. Also, RegCleaner is a "user friendly" registry cleaner.


----------



## Dizzee (Dec 30, 2002)

Problem solved,
I'd dread to hide on my machine now; I've got more Seek 'n' Destroy apps than the militry.
Thanks Ya'll


----------

