WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


hotmail hijacked

2 posters

descriptionhotmail hijacked Emptyhotmail hijacked16th October 2010, 11:52 am

more_horiz
Hi,

There is malware, or a virus, or something that is sending out malicious emails from my wife's hotmail account. This seems to be infecting many of our friend accounts, as we often get similar emails from them.

Any help would be greatly appreciated.

Thanks!

descriptionhotmail hijacked EmptyRe: hotmail hijacked16th October 2010, 8:30 pm

more_horiz
Hi

ComboFix

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix hotmail hijacked Combofix from BleepingComputer.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

hotmail hijacked Query_RC

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
hotmail hijacked RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionhotmail hijacked EmptyRe: hotmail hijacked18th October 2010, 8:57 pm

more_horiz
Hi,

Here is the combofix log;

ComboFix 10-10-17.04 - Kathleen 10/18/2010 17:12:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -4:00]
Running from: c:\documents and settings\Kathleen\desktop\combo-fix.exe
Command switches used :: /killall
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pswi_preloaded.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\documents and settings\Tim\Application Data\Intel
2010-10-14 15:47 . 2010-10-14 15:47 -------- d-----w- c:\program files\Common Files\Intel
2010-10-14 15:44 . 2010-10-14 15:44 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-10-14 15:43 . 2010-10-14 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-10-14 15:43 . 2010-10-14 15:43 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Intel
2010-10-14 15:27 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2010-10-14 15:27 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2010-10-14 15:27 . 2010-08-16 14:26 6607744 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2010-10-14 15:18 . 2009-10-26 13:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-10-14 15:18 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-10-14 15:18 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-10-13 20:33 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 20:33 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 20:33 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 20:33 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 16:43 . 2010-10-12 16:43 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Canon
2010-10-12 16:23 . 2009-10-19 20:29 307200 ----a-w- c:\windows\system32\CNC870L.dll
2010-10-12 16:23 . 2009-10-05 22:09 1310720 ----a-w- c:\windows\system32\CNC870C.dll
2010-10-12 16:23 . 2009-10-05 22:08 110592 ----a-w- c:\windows\system32\CNC870I.dll
2010-10-12 16:23 . 2009-10-05 22:05 102400 ----a-w- c:\windows\system32\CNC870U.dll
2010-10-12 16:23 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-10-12 14:19 . 2010-10-13 02:59 -------- d-----w- c:\program files\Cisco Systems
2010-10-12 14:07 . 2010-10-12 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2010-10-11 21:28 . 2010-10-11 21:28 -------- d-----w- c:\documents and settings\Kathleen\Application Data\Canon Easy-WebPrint EX
2010-10-11 21:21 . 2009-10-26 09:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA7.DLL
2010-10-11 21:21 . 2009-10-26 09:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA7.DLL
2010-10-11 21:21 . 2009-10-26 09:00 276992 ----a-w- c:\windows\system32\CNMLMA7.DLL
2010-10-11 21:21 . 2010-10-11 21:21 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-10-11 21:21 . 2009-09-10 09:00 179200 ----a-w- c:\windows\system32\CNMIUA7.DLL
2010-10-11 21:20 . 2010-10-11 21:20 -------- d--h--w- c:\program files\CanonBJ
2010-10-11 21:20 . 2010-10-11 21:20 -------- d-----w- c:\windows\system32\STRING
2010-10-11 21:20 . 2009-10-09 15:01 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-10-11 21:20 . 2009-10-09 15:01 354816 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-10-11 21:20 . 2010-10-11 21:20 -------- d-----w- c:\windows\system32\CHM
2010-10-08 11:11 . 2010-10-08 11:11 -------- d-----w- c:\windows\A13A764803C54B6AB7C118CB04588E52.TMP
2010-10-05 17:56 . 2010-10-05 17:56 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\AVG Security Toolbar
2010-10-05 17:51 . 2010-10-05 17:51 -------- d-----w- c:\documents and settings\Tim\Application Data\AVG10
2010-10-05 10:09 . 2010-10-05 10:09 -------- d-----w- c:\documents and settings\Kathleen\Local Settings\Application Data\AVG Security Toolbar
2010-10-05 01:33 . 2010-10-05 01:33 -------- d-----w- C:\$AVG
2010-10-05 01:10 . 2010-10-05 01:10 -------- d-----w- c:\documents and settings\Kathleen\Application Data\AVG10
2010-10-05 01:09 . 2010-10-05 01:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-05 01:08 . 2010-10-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-05 00:55 . 2010-10-05 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-29 01:56 . 2010-09-29 01:56 -------- d-----w- c:\documents and settings\Kathleen\Local Settings\Application Data\Help
2010-09-26 20:38 . 2010-09-26 20:38 -------- d-----w- c:\program files\Fisher-Price

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 23:09 . 2009-06-24 21:32 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-31 23:09 . 2009-06-24 21:32 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-31 23:09 . 2009-06-24 21:32 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-06-24 21:32 . 2009-06-24 21:32 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-07-03 410248]
"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-07-03 307848]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-07-03 455304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-09-28 185688]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-19 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-28 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=
"c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 14\\tmproxy.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/8/2007 9:19 PM 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/8/2007 9:19 PM 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/8/2007 9:20 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/8/2007 9:19 PM 566872]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/14/2010 11:27 AM 6607744]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/8/2007 9:20 PM 280392]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [11/28/2007 11:01 AM 98952]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/28/2009 10:41 AM 18560]
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Kathleen\Application Data\Mozilla\Firefox\Profiles\jqa8kn38.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Kathleen\Application Data\Mozilla\Firefox\Profiles\jqa8kn38.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - f:\malwarebytes' anti-malware\mbam.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(4500)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldfcoms.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\TRENDM~1\INTERN~1\PccGuide.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-10-18 17:26:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-18 21:26
ComboFix2.txt 2009-11-08 15:46

Pre-Run: 198,041,202,688 bytes free
Post-Run: 198,501,785,600 bytes free

- - End Of File - - C1719FA8536714783F0E5ECFDC476471

descriptionhotmail hijacked EmptyRe: hotmail hijacked18th October 2010, 10:32 pm

more_horiz
hotmail hijacked Bf_new Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.

descriptionhotmail hijacked EmptyRe: hotmail hijacked19th October 2010, 1:18 am

more_horiz
Hi,

Thanks again for your help. Here is the log from the malwarebytes scan.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4876

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/18/2010 9:13:24 PM
mbam-log-2010-10-18 (21-13-24).txt

Scan type: Quick scan
Objects scanned: 151375
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionhotmail hijacked EmptyRe: hotmail hijacked19th October 2010, 5:16 am

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionhotmail hijacked EmptyRe: hotmail hijacked19th October 2010, 8:25 pm

more_horiz
EST log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=dc32a0f384231148a616efef3fa54cd3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-19 05:32:03
# local_time=2010-10-19 01:32:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777175 100 0 29116993 29116993 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109949
# found=0
# cleaned=0
# scan_time=5029

descriptionhotmail hijacked EmptyRe: hotmail hijacked20th October 2010, 8:14 am

more_horiz
Now, would be a good time to change the password on the Hotmail account.

descriptionhotmail hijacked EmptyRe: hotmail hijacked

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum