Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Email


  • Please log in to reply
7 replies to this topic

#1 jmbtexas

jmbtexas

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 10 March 2012 - 02:02 PM

Hi,

I received a spoofed email supposedly from a friend after her account was hacked. It was one of those "I'm overseas and in trouble, so please wire me some cash" emails. I did not download any images in the email. However, she said her coworkers opened the emails and now the servers were infected. Nothing is apparently wrong with my computer that I have noticed so far, but I would like to make sure their isn't anything on my computer that would allow them to steal any financial information.

Thanks,

Jeff

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs in the topic. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 10 March 2012 - 08:25 PM

Hello, you are probably OK. In these cases you should change your email password.

Lets check the machine.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jmbtexas

jmbtexas
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 11 March 2012 - 02:21 AM

Hi Boopme,

I have pasted the logs for MiniToolBox and Malwarebytes below.

I couldn't figure out how to turn off Microsoft Security Essentials, so I left it on with MWB ran.

Thanks a lot for your help,

Jeff


-------------

MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 11-03-2012 at 00:38:05
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
Astaro SSL VPN Adapter = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : jeff Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : austin.rr.comEthernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Astaro SSL VPN Adapter Physical Address. . . . . . . . . : 00-FF-F2-35-3E-7EEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : austin.rr.com Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-13-72-B3-78-C5 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 Lease Obtained. . . . . . . . . . : Saturday, March 10, 2012 10:39:01 PM Lease Expires . . . . . . . . . . : Sunday, March 11, 2012 10:39:01 PMServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.227.103, 74.125.227.104, 74.125.227.105, 74.125.227.110
74.125.227.96, 74.125.227.97, 74.125.227.98, 74.125.227.99, 74.125.227.100
74.125.227.101, 74.125.227.102

Pinging google.com [74.125.227.101] with 32 bytes of data:Reply from 74.125.227.101: bytes=32 time=18ms TTL=53Reply from 74.125.227.101: bytes=32 time=16ms TTL=53Ping statistics for 74.125.227.101: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 16ms, Maximum = 18ms, Average = 17msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.127.62, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=17ms TTL=52Reply from 209.191.122.70: bytes=32 time=18ms TTL=52Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 17ms, Maximum = 18ms, Average = 17msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff f2 35 3e 7e ...... Astaro SSL VPN Adapter - Packet Scheduler Miniport
0x3 ...00 13 72 b3 78 c5 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
255.255.255.255 255.255.255.255 192.168.1.100 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/09/2012 09:16:09 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/04/2012 02:10:49 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/27/2012 09:19:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/27/2012 09:14:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/27/2012 09:03:20 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/27/2012 08:45:20 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (02/27/2012 08:45:19 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/27/2012 08:26:09 PM) (Source: Application Hang) (User: )
Description: Hanging application Skype.exe, version 5.5.0.124, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/27/2012 00:21:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/27/2012 09:46:31 AM) (Source: Application Error) (User: )
Description: Faulting application Skype.exe, version 5.5.0.124, faulting module Flash10w.ocx, version 10.3.183.7, fault address 0x0057bc88.
Processing media-specific event for [Skype.exe!ws!]


System errors:
=============
Error: (03/09/2012 09:16:08 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.121.1179.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/09/2012 09:01:11 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.100 on the
Network Card with network address 001372B378C5.

Error: (03/05/2012 09:02:36 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F2353E7E-88AE-4543-8621-D781913A2EDF} because another computer on the network has the same name. The server could not start.

Error: (03/05/2012 09:02:36 AM) (Source: 0) (User: )
Description: JEFF :2010.242.2.1810.0.0.2

Error: (03/05/2012 09:02:36 AM) (Source: 0) (User: )
Description: JEFF :010.242.2.1810.0.0.2

Error: (03/05/2012 09:02:28 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.242.2.26 for the Network Card with network address 00FFF2353E7E has been
denied by the DHCP server 10.242.2.17 (The DHCP Server sent a DHCPNACK message).

Error: (02/27/2012 00:21:22 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.121.435.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/26/2012 00:22:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.121.435.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/26/2012 02:02:48 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.2261.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/26/2012 02:02:48 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.2261.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ASPCA Reminder by We-Care.com v5.0.5.1 (Version: 5.0.5.1)
Astaro SSL VPN Client 1.3 (Version: 1.3)
Audacity 1.2.6
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 2.0.5.0)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (Version: 1.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.3.0.14)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.1.0.27)
Canon Personal Printing Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC (Version: 7.4.0.9)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities MyCamera DC (Version: 7.2.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities ZoomBrowser EX (Version: 6.3.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Critical Update for Windows Media Player 11 (KB959772)
Digidesign Free Bomb Factory Plug-Ins 7.4 (Version: 7.4)
Digidesign Pro Tools LE 7.4 (Version: 7.4)
Digidesign Shared Plug-Ins 7.4 (Version: 7.4)
EarMaster Pro 5 (Version: 5.0)
ESET Online Scanner v3
Google Talk Plugin (Version: 2.7.5.6365)
GoToMeeting 5.0.0.799 (Version: 5.0.0.799)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
Homestead SiteBuilder
hp LaserJet 1010 Series (Version: 3.00.0000)
Intel® PRO Network Connections Drivers
Interlok driver setup x32 (Version: 5.7.2.2923)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Lame Front-End 1.7 (Version: 1.7)
LightScribe Diagnostic Utility (Version: 1.18.24.1)
LightScribe System Software (Version: 1.18.24.1)
Logitech Audio Echo Cancellation Component (Version: 10.45.1124)
Logitech Vid HD (Version: 7.2 (7230))
Logitech Video Enumerator (Version: 10.45.1124)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Logitech® VoIP Driver
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Expression Blend 3 SDK (Version: 1.0.1343.0)
Microsoft Expression Blend 4 (Version: 4.0.20525.0)
Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20525.0)
Microsoft Expression Design 4 (Version: 7.0.20516.0)
Microsoft Expression Encoder 4 (Version: 4.0.1639.0)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1639.0)
Microsoft Expression Studio 4 (Version: 4.0.20525.0)
Microsoft Expression Web 4 (Version: 4.0.1303.0)
Microsoft Expression Web 4 Service Pack 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50401.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mixer
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MP3 Player Utilities 4.18 (Version: 4.18)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Photodex Presenter
Pinnacle VideoSpin (Version: 2.0.1.674)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Rosetta Stone Version 3 (Version: 3.3.5.2)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.71102)
Samsung PC Studio 3 (Version: 3.1.3.71102)
SigmaTel Audio (Version: 5.10.4600.0)
Skype™ 5.8 (Version: 5.8.158)
SnagIt 8 (Version: 8.2.3)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
SUPERAntiSpyware (Version: 4.54.1000)
TradeStation 9.0 (Version: 9.0.0.8925)
TrueCrypt (Version: 6.1a)
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VCRedistSetup (Version: 1.0.0)
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
VLC media player 1.1.11 (Version: 1.1.11)
Wake up News 5.0 (Version: 5.0)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 12.1 (Version: 12.1.8519)
WinZip Self-Extractor
WPF Toolkit February 2010 (Version 3.5.50211.1) (Version: 3.5.50211.1)

========================= Devices: ================================

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 2550.07 MB
Available physical RAM: 1946.52 MB
Total Pagefile: 4541.04 MB
Available Pagefile: 4062.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.86 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:14.11 GB) NTFS
3 Drive e: (DRV4_VOL2) (Fixed) (Total:111.26 GB) (Free:109.63 GB) NTFS
4 Drive f: (DRV4_VOL1) (Fixed) (Total:37.79 GB) (Free:22.65 GB) NTFS
5 Drive g: () (Removable) (Total:3.82 GB) (Free:2.95 GB) FAT32

========================= Users: ========================================

User accounts for \\JEFF

Administrator ASPNET Guest
HelpAssistant Jeff B SUPPORT_388945a0


**** End of log ****



-------------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.11.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: JEFF [administrator]

3/11/2012 12:45:46 AM
mbam-log-2012-03-11 (00-45-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288779
Time elapsed: 27 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 11 March 2012 - 09:17 PM

You're welcome Jeff. Looks clean. The mails should stop as you changed the password.
Remove this as its outdated HiJackThis (Version: 1.0.0)

Are you able to successfulli run Windows Update as I see errors?

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Select your Platform.
  • Under Which should I choose?, check the box for Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe (or jre-6u30-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jmbtexas

jmbtexas
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 12 March 2012 - 10:37 PM

Hi Boopme,

Ok, I removed old versions of Java and updated to the latest. I also used Secunia to scan for other outdated programs, and I updated them as well.

Your instructions mentioned Windows 7 and Vista, but I'm still on XP Pro.

By the way, I noticed you quoted II Timothy 4:3 in your signature. That's a great passage! Very timely for our world today.

Is there anything else we should do?

Thanks,

Jeff

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 13 March 2012 - 04:43 PM

Good job on those updates.

I didn't see an Antivirus,is that correct?


Thats only an IF,as then you will need to Run it as Administrator.

Yes it is timely and very current. I do not lidt the text,in hopes that someone interested will Google and read the whole thing..

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jmbtexas

jmbtexas
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 13 March 2012 - 10:45 PM

Hey Boopme,

I'm using Microsoft Security Essentials for anti-virus. Is that acceptable?

10-4 on the restore point and disk cleanup. I did that stuff, and I don't use any P2P/Gaming/Porn and other questionable sites. During a previous problem, I updated IE with the security settings, and I use FF almost exclusively with NoScript and AdBlockerPlus.

Thanks for the USB tip. I turned off auto-run. I heard on 60 Minutes the Stuxnet was a usb virus.

Jeff

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 14 March 2012 - 10:32 AM

Ok ,that's good,I just missed ir and wanted to be sure there was one.

have a great day!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users