Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is slower and more and more spam arrive in my mailbox


  • Please log in to reply
5 replies to this topic

#1 bombicri

bombicri

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bucharest, Romania
  • Local time:04:07 PM

Posted 15 August 2012 - 11:32 AM

OS: Windows XP Professional.
My computer started to be slow.
From a time I receive more and more spam.
Strange is that I receive spam with my email address instead of sender address.
I observed also that spam started also to use, like sender address, addresses from my address book.
Please help me to clean my computer.
Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 15 August 2012 - 12:17 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 bombicri

bombicri
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bucharest, Romania
  • Local time:04:07 PM

Posted 15 August 2012 - 11:56 PM

Thank you Broni for your fast answer.
Here are the results:

Security Check --- Checkup.txt
================================================================
Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.3.300.271
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````


Farbar Service Scanner (FSS) --- FSS.txt
==========================================================================
Farbar Service Scanner Version: 06-08-2012
Ran by Cristian (administrator) on 16-08-2012 at 01:43:08
Running from "C:\Documents and Settings\Cristian\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox --- Rezult.txt
===================================================================================

MiniToolBox by Farbar Version: 23-07-2012
Ran by Cristian (administrator) on 16-08-2012 at 01:45:04
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.cleanease.com

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection 3 (Connected)
Placa mini WLAN Dell Wireless 1390 = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : homedell Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller Physical Address. . . . . . . . . : 00-19-B9-4C-F4-21 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.7 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.2 DHCP Server . . . . . . . . . . . : 192.168.1.2 DNS Servers . . . . . . . . . . . : 192.168.1.2 Lease Obtained. . . . . . . . . . : 15 august 2012 19:11:23 Lease Expires . . . . . . . . . . : 13 august 2022 19:11:23Ethernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Placă mini WLAN Dell Wireless 1390 Physical Address. . . . . . . . . : 00-19-7D-35-E8-1CServer: UnKnown
Address: 192.168.1.2

Name: google.com
Addresses: 62.231.75.229, 62.231.75.232, 62.231.75.234, 62.231.75.237
62.231.75.239, 62.231.75.242, 62.231.75.244, 62.231.75.247, 62.231.75.249
62.231.75.212, 62.231.75.214, 62.231.75.217, 62.231.75.219, 62.231.75.222
62.231.75.224, 62.231.75.227

Pinging google.com [62.231.75.229] with 32 bytes of data:Reply from 62.231.75.229: bytes=32 time=2ms TTL=61Reply from 62.231.75.229: bytes=32 time=2ms TTL=61Ping statistics for 62.231.75.229: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 2ms, Average = 2msServer: UnKnown
Address: 192.168.1.2

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=200ms TTL=42Reply from 72.30.38.140: bytes=32 time=193ms TTL=42Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 193ms, Maximum = 200ms, Average = 196msServer: UnKnown
Address: 192.168.1.2

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 4c f4 21 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 19 7d 35 e8 1c ...... Placa mini Dell Wireless 1390 WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.7 20
65.54.50.85 255.255.255.255 192.168.1.2 192.168.1.7 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
157.55.56.140 255.255.255.255 192.168.1.2 192.168.1.7 20
169.254.0.0 255.255.0.0 192.168.1.7 192.168.1.7 20
192.168.1.0 255.255.255.0 192.168.1.7 192.168.1.7 20
192.168.1.7 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.7 192.168.1.7 20
224.0.0.0 240.0.0.0 192.168.1.7 192.168.1.7 20
255.255.255.255 255.255.255.255 192.168.1.7 3 1
255.255.255.255 255.255.255.255 192.168.1.7 192.168.1.7 1
Default Gateway: 192.168.1.2
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/15/2012 07:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4126969

Error: (08/15/2012 07:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4126969

Error: (08/15/2012 07:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/15/2012 06:02:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4422

Error: (08/15/2012 06:02:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4422

Error: (08/15/2012 06:02:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/15/2012 06:02:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969

Error: (08/15/2012 06:02:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969

Error: (08/15/2012 06:02:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2012 07:43:31 PM) (Source: MsiInstaller) (User: HOMEDELL)HOMEDELL
Description: Product: Dell Resource CD -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (08/15/2012 07:13:42 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Error: (08/15/2012 07:13:42 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (08/15/2012 07:13:42 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (08/15/2012 07:13:41 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Error: (08/15/2012 07:13:41 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (08/15/2012 07:13:41 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (08/15/2012 07:11:57 PM) (Source: 0) (User: )
Description: E:

Error: (08/15/2012 02:24:45 AM) (Source: 0) (User: )
Description: E:

Error: (08/15/2012 02:12:10 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Error: (08/15/2012 02:12:10 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.


Microsoft Office Sessions:
=========================
Error: (08/15/2012 07:11:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4126969

Error: (08/15/2012 07:11:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4126969

Error: (08/15/2012 07:11:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/15/2012 06:02:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4422

Error: (08/15/2012 06:02:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4422

Error: (08/15/2012 06:02:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/15/2012 06:02:40 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969

Error: (08/15/2012 06:02:40 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969

Error: (08/15/2012 06:02:40 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2012 07:43:31 PM) (Source: MsiInstaller)(User: HOMEDELL)HOMEDELL
Description: Product: Dell Resource CD -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

5600 (Version: 50.0.206.000)
5600_Help (Version: 50.0.206.000)
5600Trb (Version: 50.0.206.000)
Adobe Acrobat 7.0 Professional (Version: 7.0.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Photoshop Lightroom 3 (Version: 3.0.2)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AiOSoftware (Version: 50.0.206.000)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AVG PC TuneUp 10.0.0.27 PreCracked
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.11)
BufferChm (Version: 53.0.13.000)
CameraHelperMsi (Version: 13.30.1395.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D110 MDC V.92 Modem
CorelDRAW 10
CorelDRAW 10 (Version: 10)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Resource CD (Version: 1.00.0000)
Dell Wireless WLAN Card (Version: 4.80.28.5)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 5.2.0.0)
DraftSight (Version: 8.4.274)
Enterprise (Version: 50.0.227.000)
erLT (Version: 1.20.138.34)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
FileZilla Client 3.5.3 (Version: 3.5.3)
Freeware PDF Unlocker (Version: 1.0.4)
Google Chrome (Version: 21.0.1180.79)
HP Extended Capabilities 5.3 (Version: 5.3)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP PSC & OfficeJet 5.3.B
HP PSC & Officejet 5.3.B Corporate Edition
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HPProductAssistant (Version: 53.0.13.000)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 53.0.13.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Office Visio Professional 2003 (Version: 11.0.3216.5614)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 1.0
Modem Helper (Version: 3.01)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Nero Suite
NewCopy (Version: 50.0.206.000)
Nitro PDF Professional (Version: 6.1.2.1)
No-IP DUC (Version: 3.0.4)
Notepad++ (Version: 6.1.3)
Open Metronome (Version: 1.0.0.0)
Opera 12.00 (Version: 12.00.1467)
PDF Settings (Version: 1.0)
ProductContext (Version: 50.0.206.000)
Protect Folder Plus 2.2 (Version: 2.2)
QuickSet (Version: 7.1.12)
Readme (Version: 50.0.206.000)
Samsung Kies (Version: 2.2.0.12014_18)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
SigmaTel Audio (Version: 5.10.4803.0)
Skype™ 5.10 (Version: 5.10.116)
SolutionCenter (Version: 50.0.152.000)
Status (Version: 53.0.13.000)
System Requirements Lab for Intel (Version: 4.4.24.0)
TeamViewer 7 (Version: 7.0.12189)
TEFView 2.64
TrayApp (Version: 53.0.13.000)
UC-232A USB-to-Serial
Ultimate Submitter Kit 4 Pro
Unload (Version: 5.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Vuze (Version: 4.7)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) (Version: 07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) (Version: 07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) (Version: 07/14/2005 1.00.02.04)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip (Version: 9.0 SR-1 (6224))
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Your Uninstaller! 7 (Version: 7.3.2011.2)
Zoner Photo Studio 14 FREE (Version: 14.0.1.4)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 1014.37 MB
Available physical RAM: 296.76 MB
Total Pagefile: 2441.2 MB
Available Pagefile: 1421.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.78 GB) (Free:33.45 GB) NTFS
3 Drive e: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1862.28 GB) NTFS
4 Drive f: (Philips External Hard Disk) (Fixed) (Total:232.88 GB) (Free:42.32 GB) NTFS

========================= Users: ========================================

User accounts for \\HOMEDELL

Administrator ASPNET Cristian
Guest HelpAssistant SUPPORT_388945a0
ZendUser


**** End of log ****



MBAM --- mbam-log-2011-12-19 (22-29-58).txt
=========================================================================
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.12.2011 22:29:58
mbam-log-2011-12-19 (22-29-58).txt

Scan type: Quick scan
Objects scanned: 160018
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Cristian\local settings\Temp\FH\extension.exe (PUP.Soge) -> Quarantined and deleted successfully.
c:\documents and settings\Cristian\local settings\Temp\FH\filehunter-win32.exe (PUP.FileHunter) -> Quarantined and deleted successfully.


aswMBR --- aswMBR.txt
=======================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 02:34:17
-----------------------------
02:34:17.546 OS Version: Windows 5.1.2600 Service Pack 3
02:34:17.546 Number of processors: 2 586 0xE08
02:34:17.546 ComputerName: HOMEDELL UserName: Cristian
02:34:20.109 Initialize success
02:35:36.484 AVAST engine defs: 12081503
02:36:26.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:36:26.000 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001D Size: 114473MB BusType: 3
02:36:26.015 Disk 0 MBR read successfully
02:36:26.015 Disk 0 MBR scan
02:36:26.078 Disk 0 Windows XP default MBR code
02:36:26.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
02:36:26.093 Disk 0 scanning sectors +234420480
02:36:26.171 Disk 0 scanning C:\WINDOWS\system32\drivers
02:36:43.812 Service scanning
02:37:10.718 Modules scanning
02:37:18.015 Disk 0 trace - called modules:
02:37:18.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:37:18.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b6dab8]
02:37:18.046 3 CLASSPNP.SYS[f766dfd7] -> nt!IofCallDriver -> \Device\0000006e[0x86bd1510]
02:37:18.046 5 ACPI.sys[f74d4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b5e940]
02:37:19.656 AVAST engine scan C:\WINDOWS
02:37:27.000 AVAST engine scan C:\WINDOWS\system32
02:41:41.078 AVAST engine scan C:\WINDOWS\system32\drivers
02:42:02.937 AVAST engine scan C:\Documents and Settings\Cristian
02:46:44.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cristian\My Documents\Downloads\MBR.dat"
02:46:44.296 The log file has been saved successfully to "C:\Documents and Settings\Cristian\My Documents\Downloads\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 16 August 2012 - 10:05 AM

I don't see anything malicious there.
You may consider creating new topic in Windows forum.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 bombicri

bombicri
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bucharest, Romania
  • Local time:04:07 PM

Posted 17 August 2012 - 01:59 AM

There were two infections but seams that they were removed:
Files Infected:
c:\documents and settings\Cristian\local settings\Temp\FH\extension.exe (PUP.Soge) -> Quarantined and deleted successfully.
c:\documents and settings\Cristian\local settings\Temp\FH\filehunter-win32.exe (PUP.FileHunter) -> Quarantined and deleted successfully.

Please tell me where to open a new topic or where to find guidance for fighting against the huge quantity of spam. As I wrote, I am receiving spam "Buy Viagra now" and other alike, with my email address in the sender address and with other addresses from my address book in sender address. In this situation I can not use Outlook rules.
Thanks a lot.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 17 August 2012 - 10:10 AM

You could set some filters using certain words like "Viagra".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users