Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email account hacked or compromised - may have spyware and need help


  • Please log in to reply
13 replies to this topic

#1 Sun&Sea

Sun&Sea

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 17 April 2014 - 01:53 AM

Hello,

 

My operating system is Windows XP.

 

I use aol mail online, and have for many years and this has never happened before.

 

Problem started after I was sent an email from a friend that came from his website email with nothing in the subject, so I opened it up.  Upon opening it I realized this was a "spam" email - just had a link in the body of the email...I did not click on the link and instead I immediately deleted the email.  No problem thus far, right?  Not so much.  About a week later after I opened my emails I saw that I had sent myself the same type of email with an erroneous link in it (I didn't really send it though of course).  I saw a handful of my email contacts in the "sent to" line.  I then started getting those Mailer Daemon things in my spam folder and also in my inbox with undeliverable email addresses that were in my email contact list, so I knew that more emails from my address book than I saw in the one in my own inbox were being sent this "spammy" email too.  There was nothing showing up in my sent folder (none of the spammy emails that were sent).

 

I contacted aol help and they advised to change my password and secret question, and to also do a full sytem scan. I did all of that.  Nothing came up in the scan (I have Avast Free Anti-Virus) and I thought all would be fine. Not so much.

 

A few days later it happened again.  Emails were being sent out with my email address to my contact list.  When I changed my password I made it super strong.  It was strong to begin with before I changed it too.  I even made the new answer to my secret question almost impossible to figure out - not a word in the dictionary and I added characters and numbers to it.  I do not have a secondary email address or a phone number attached to my account for password retrieval, and I checked to be sure none were added. 

 

Then it happened to someone else in my address book - they had gotten the spammy link email from me but did not open it or click the link.  And then a few days later now her contact list is getting emails from her as well.  She had changed her password right after she got the spammy email from me and it still happened to her.

 

Oh and I also scanned my computer with Malwarebytes Free, and also Spybot 2.2. Nothing came up as suspicious. I did not do the rootkit scan with Spybot because I do not know what I am doing (had read to not do it if you don't know how to interpret the logs and fix the problem if one is found).

 

I have no idea how this is happening and I am wondering if there could be keylogging on my computer.  Unless there is another way for someone to figure out a very strong password and rock solid answer to my secret question after I changed it.  Or perhaps I don't know enough about how this can happen. In any case I want to get help to be sure there is nothing nerfarious on my computer.  

 

And just to note, I have not noticed anything else strange on my computer since then...everything is behaving as it should, as far as I can tell anyways. 

 

Thank you!

 

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 18 April 2014 - 10:54 PM

Hello we can do further scans and also DO NOT backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 19 April 2014 - 03:06 AM

Hi boopme,  thank you so much for jumping in to help me!  :)

 

Here is my Mini Tool Box Log:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by 'my name' (administrator) on 19-04-2014 at 00:19:13
Running from "C:\Documents and Settings\my name\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : LAPTOP

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . :



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . : hsd1.wa.comcast.net.

        Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

        Physical Address. . . . . . . . . :

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : xxx.xxx.x.xxx

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : xxx.xxx.x.x

        DHCP Server . . . . . . . . . . . : xxx.xxx.x.x

        DNS Servers . . . . . . . . . . . : 75.75.75.75

                                            75.75.76.76

        Lease Obtained. . . . . . . . . . : Friday, April 18, 2014 11:36:14 PM

        Lease Expires . . . . . . . . . . : Saturday, April 19, 2014 11:36:14 PM

Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  173.194.33.69, 173.194.33.71, 173.194.33.78, 173.194.33.67
      173.194.33.73, 173.194.33.64, 173.194.33.70, 173.194.33.72, 173.194.33.66
      173.194.33.68, 173.194.33.65



Pinging google.com [74.125.239.46] with 32 bytes of data:



Reply from 74.125.239.46: bytes=32 time=29ms TTL=55

Reply from 74.125.239.46: bytes=32 time=28ms TTL=55



Ping statistics for 74.125.239.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 28ms, Maximum = 29ms, Average = 28ms

Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=103ms TTL=49

Reply from 98.138.253.109: bytes=32 time=76ms TTL=49



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 76ms, Maximum = 103ms, Average = 89ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 36 1f d9 e5 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 14 a5 6e a4 43 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      xxx.xxx.x.1   xxx.xxx.x.104      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      xxx.xxx.1.0    255.255.255.0    xxx.xxx.x.104   xxx.xxx.x.104      25
    xxx.xxx.x.104  255.255.255.255        127.0.0.1       127.0.0.1      25
    xxx.xxx.x.255  255.255.255.255    xxx.xxx.x.104   xxx.xxx.x.104      25
        224.0.0.0        240.0.0.0    xxx.xxx.x.104   xxx.xxx.x.104      25
  255.255.255.255  255.255.255.255    xxx.xxx.x.104               2      1
  255.255.255.255  255.255.255.255    xxx.xxx.x.104   xxx.xxx.x.104      1
Default Gateway:       xxx.xxx.x.x
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/13/2014 10:59:15 PM) (Source: Application Error) (User: )
Description: Faulting application sdscan.exe, version 2.2.18.177, faulting module rtl150.bpl, version 15.0.3953.35171, fault address 0x0000a116.
Processing media-specific event for [sdscan.exe!ws!]

Error: (03/30/2014 10:37:50 AM) (Source: Application Error) (User: )
Description: Faulting application elementsautoanalyzer.exe, version 12.0.0.0, faulting module dvamarshal.dll, version 11.0.0.0, fault address 0x00031336.
Processing media-specific event for [elementsautoanalyzer.exe!ws!]

Error: (03/07/2014 08:53:34 PM) (Source: Application Error) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.2.0, faulting module libglib-2.0-0.dll, version 2.32.3.0, fault address 0x0006bd5b.
Processing media-specific event for [gimp-2.8.exe!ws!]

Error: (02/28/2014 00:39:46 AM) (Source: Application Error) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.2.0, faulting module libglib-2.0-0.dll, version 2.32.3.0, fault address 0x0006bd5b.
Processing media-specific event for [gimp-2.8.exe!ws!]

Error: (02/20/2014 04:28:26 AM) (Source: Application Error) (User: )
Description: Faulting application inkscape.exe, version 0.48.4.0, faulting module inkscape.exe, version 0.48.4.0, fault address 0x0042304f.
Processing media-specific event for [inkscape.exe!ws!]

Error: (02/14/2014 08:59:44 PM) (Source: Application Error) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.2.0, faulting module libgobject-2.0-0.dll, version 2.32.3.0, fault address 0x0000a2cd.
Processing media-specific event for [gimp-2.8.exe!ws!]

Error: (02/12/2014 02:23:51 AM) (Source: Application Error) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.2.0, faulting module libgio-2.0-0.dll, version 2.32.3.0, fault address 0x000063fb.
Processing media-specific event for [gimp-2.8.exe!ws!]

Error: (02/11/2014 11:47:51 PM) (Source: Application Error) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.2.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011780.
Processing media-specific event for [gimp-2.8.exe!ws!]

Error: (01/28/2014 02:20:08 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/27/2014 01:39:22 AM) (Source: Application Error) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.2.0, faulting module libgdk-win32-2.0-0.dll, version 2.24.10.0, fault address 0x000014e8.
Processing media-specific event for [gimp-2.8.exe!ws!]


System errors:
=============
Error: (04/18/2014 11:36:57 AM) (Source: Service Control Manager) (User: )
Description: The Windows User Mode Driver Framework service failed to start due to the following error:
%%1053

Error: (04/18/2014 11:36:57 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.

Error: (04/18/2014 11:36:57 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (04/18/2014 11:36:57 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (04/18/2014 11:36:56 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (04/17/2014 00:34:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows User Mode Driver Framework service failed to start due to the following error:
%%1053

Error: (04/17/2014 00:34:39 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.

Error: (04/17/2014 00:34:39 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (04/17/2014 00:34:39 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (04/17/2014 00:34:39 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (04/13/2014 10:59:15 PM) (Source: Application Error)(User: )
Description: sdscan.exe2.2.18.177rtl150.bpl15.0.3953.351710000a116

Error: (03/30/2014 10:37:50 AM) (Source: Application Error)(User: )
Description: elementsautoanalyzer.exe12.0.0.0dvamarshal.dll11.0.0.000031336

Error: (03/07/2014 08:53:34 PM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.2.0libglib-2.0-0.dll2.32.3.00006bd5b

Error: (02/28/2014 00:39:46 AM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.2.0libglib-2.0-0.dll2.32.3.00006bd5b

Error: (02/20/2014 04:28:26 AM) (Source: Application Error)(User: )
Description: inkscape.exe0.48.4.0inkscape.exe0.48.4.00042304f

Error: (02/14/2014 08:59:44 PM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.2.0libgobject-2.0-0.dll2.32.3.00000a2cd

Error: (02/12/2014 02:23:51 AM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.2.0libgio-2.0-0.dll2.32.3.0000063fb

Error: (02/11/2014 11:47:51 PM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.2.0ntdll.dll5.1.2600.605500011780

Error: (01/28/2014 02:20:08 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.3.37hungapp0.0.0.000000000

Error: (01/27/2014 01:39:22 AM) (Source: Application Error)(User: )
Description: gimp-2.8.exe2.8.2.0libgdk-win32-2.0-0.dll2.24.10.0000014e8


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Adobe Flash Player 13 Plugin (Version: 13.0.0.182)
Adobe Photoshop Elements 12 (Version: 12.0)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AiO_Scan (Version: 43.0.217.000)
Animated Clipart
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.1.0.18)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.16-050713a1-025450C)
avast! Free Antivirus (Version: 9.0.2013)
Bonjour (Version: 2.0.4.0)
CCleaner (Version: 4.03)
CCScore (Version: 6.02.1001.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant AC-Link Audio
CutePDF Writer 3.0 (Version:  3.0)
Data Fax SoftModem with SmartCP
DIGReqEx (Version: 9.0.0917.2)
Download Updater (AOL LLC)
Elements 12 Organizer (Version: 12.0)
eReg (Version: 1.20.138.34)
ESSBrwr (Version: 6.04.0000.0001)
ESSCDBK (Version: 6.04.0000.0001)
ESScore (Version: 6.04.0000.0003)
ESSgui (Version: 6.04.0000.0001)
ESSini (Version: 6.04.0000.0001)
ESSPCD (Version: 6.04.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.04.0000.0001)
fflink (Version: 6.02.1001.0001)
GIMP 2.8.2 (Version: 2.8.2)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.23.9)
Hoyle Puzzle Games 2004 (Version: 1.00.0000)
HP Help and Support (Version: 3.200.16.1)
HP Image Zone 4.2 (Version: 4.2)
hp photosmart printer series (Remove only)
HP PSC & OfficeJet 4.2
hp psc 1310 series
HP Update (Version: 5.003.001.001)
HP User Guides 0001 (Version: 1.00.0003)
HP Wireless Assistant 1.01 A2 (Version: 1.01 A2)
HPODiscovery (Version: 1.0.0.0)
HpSdpAppCoreApp (Version: 3.00.0000)
Inkscape 0.48.4 (Version: 0.48.4)
InterVideo WinDVD (Version: 5.0-B11.637)
iTunes (Version: 10.1.1.4)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Learning Essentials for Microsoft Office (Version: 2.0)
LS_HSI (Version: 1.0.21.1)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
McAfee Anti-Theft (Version: 1.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector for MSN (Version: 1.0.5378)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSN
MSN Encarta Plus Support Files (Version: 9.0.0801)
MSN Messenger 7.5 (Version: 7.5.0324.0)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Music Now Download Manager (Version: 5.1.0.48)
Napster (Version: 4.6.3.4)
Napster Burn Engine (Version: 3.5.0000)
netbrdg (Version: 6.04.0000.0001)
OfotoXMI (Version: 6.04.0000.0001)
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PSE12 STI Installer (Version: 12.0)
QFolder (Version: 1.00.0000)
Quick Launch Buttons 5.10 B2 (Version: 5.10 B2)
RealPlayer Basic
Rhapsody
Scan (Version: 4.1.0.0)
SFR (Version: 6.04.0000.0001)
SHASTA (Version: 6.04.0000.0001)
skin0001 (Version: 6.04.0000.0004)
SKINXSDK (Version: 6.02.1001.0001)
Spybot - Search & Destroy (Version: 2.2.25)
staticcr (Version: 6.04.0000.0005)
Synaptics Pointing Device Driver (Version: 7.13.0.1)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.09.0000)
TIxx21 (Version: 1.09.0000)
tooltips (Version: 6.04.0000.0001)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
VPRINTOL (Version: 6.04.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 6.04.0000.0001)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 638.48 MB
Available physical RAM: 376.63 MB
Total Pagefile: 1558.1 MB
Available Pagefile: 1175.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.25 GB) (Free:7.45 GB) NTFS
2 Drive d: (PuzzleGames2004) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\LAPTOP

Administrator            ASPNET                   Guest                    
HelpAssistant            my name          SUPPORT_388945a0         


**** End of log ****
 



#4 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 19 April 2014 - 03:21 AM

I ran the TDSSKiller and it came up as no threats found.  I clicked on the report as I wasn't sure if you still needed to see that, but it won't allow me to copy it - nothing happens when I highlight and right click to copy. 

 

Other logs on their way...

 

I downloaded the Adwcleaner and I briefly saw it in my downloads folder but then I went back to the board here to get the instructions and when I went back to my downloads, it no longer was there.  I looked in my downloads history and it is showing it failed.  What do I do from there? 


Edited by Sun&Sea, 19 April 2014 - 03:35 AM.


#5 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 19 April 2014 - 04:26 AM

Here's the Junkware Removal Tool Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by 'my name' on Sat 04/19/2014 at  1:45:17.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-799611555-2003426138-3504581747-1006\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL


~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"


~~~ Files


~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/19/2014 at  1:54:45.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 19 April 2014 - 09:41 AM

Try Adwcleaner after ESET..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 19 April 2014 - 01:25 PM

ok, will do.  I ran the ESET and it found 2 infected files and cleaned them for me.  Should I check the box on the eset window to delete the quarantined files?

 

C:\Documents and Settings\my name\My Documents\Downloads\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined

 

C:\Documents and Settings\my name\My Documents\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined

 

I will try to download the adwcleaner next....stay tuned.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 19 April 2014 - 07:45 PM

They can be deleted.

You did change your Email password(s)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 19 April 2014 - 10:09 PM

Are you asking me if I changed my email password?  If so, after I saw the email from me sent to those in my contact list I had contacted my email provider and they said to change the password and secret question, and so I did that. But then it happened again and so I changd it once again (along with the secret question again too). I made it a very strong password (both times). I contacted my email provider again and told them it happened again and they bumped my account offline and said that should do the trick.  Since then it has not happened again, though a day or so after that I did receive an email from someone I don't know at all and not in my contact list that was the same type of email with the erroneous link...I deleted it and didn't even open the email.  Since then I have not had anything else happen.  

 

After reviewing my logs, are you seeing any type of keylogger or spyware or anything else that was on there?

 

 

I was able to download the adwcleaner this time - here's my results:

 

# AdwCleaner v3.100 - Report created 19/04/2014 at 19:42:19
# Updated 20/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username :
# Running from : C:\Documents and Settings\my name\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A6069B8-1B69-11D2-A099-00A0C9B6359A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\my name\Application Data\Mozilla\Firefox\Profiles\0j6yho2g.default-1372416091437\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

[ File : C:\Documents and Settings\my name\Application Data\Mozilla\Firefox\Profiles\d9u9ezsd.MF1 - troubleshoot\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\my name\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3618 octets] - [19/04/2014 16:31:41]
AdwCleaner[S0].txt - [3595 octets] - [19/04/2014 19:42:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3655 octets] ##########

 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 20 April 2014 - 02:41 PM

I see no loggers I suspect you were what is called spoofed. They luckily and by chance grabbed your email and it worked.
There may be a few straggler replies.

This is out of date and can be exploited by malware. Remove it from Control Panel, Add/Remove and reboot
Java 7 Update 51 (Version: 7.0.510)
Now go HERE
Scroll to Java SE 7u55 and click
JRE
Download JRE

Accept License Agreement
Click Windows x86 Offline 29.67 MB  jre-8u5-windows-i586.exe (4th up from bottom)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 20 April 2014 - 04:36 PM

Thanks boopme - I'll update the Java.

 

But I am wondering...if my email was "spoofed", then how did they get into my email address contact list to send out the email to them? I thought spoofing was just getting a hold of someone's email address and sending out the nefarious links to anyone and everyone they already have emails for (not those in my contact list which they'd have to have access to my email account to see). I just want to have a better understanding of how that happened.  Could it have been on my email carrier's end...where they accessed my contact list via their server or such?  (and therefore did not need my password and security question)

 

EDIT TO ASK:  I follwed the Java update instructions you provided but there is nothing for 29.67 MB and no jre-8u5-windows-i586.exe showing on the list. Instead the fourth one up from the bottom is as follows:

 

Windows x86 Offline 27.81 MB jre-7u55-windows-i586.exe

 

Is that the one I need?

 

Oh and also, just curious as to why I need the "offline" one?


Edited by Sun&Sea, 20 April 2014 - 04:46 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 20 April 2014 - 11:22 PM

Yes use that one you found.

Perhaps Spoof was the wrong choice but I meant they were in to appoint where they got a list of emails.. they have been ousted. I cannot say if they had a the breach for sure but they stopped it,

The offline installer package will often complete successfully even though the online installer package has encountered a problem.
So we just recommend Offline to avoid having to do it twice if the error occurs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 21 April 2014 - 04:18 PM

ok, thanks boopme!  Very helpful as always :) 



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:13 AM

Posted 21 April 2014 - 07:21 PM

You're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users