TechSpot

My hotmail sending unwanted messages

By tcbrb46
Sep 22, 2010
  1. Ocassionally my hotmail account sends unwanted emails to my friends on my account. My name is in the subject line and the message wants to have the receivers click on another site. Any suggestions where to start to eliminate this problem.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If someone has your email address in their Contacts and gets one of the mass mailing Worms, it will send email using everyone in that address book, including yours and the email would appear to have been sent by you.

    But you post isn't clear as you say your name is on the Subject line. Are you sure you don't mean the 'From' line.

    For instance:
    From: tcb@internet.com (your name)
    Subject: spam mail
    Received: date

    But you say:
    From: ????
    Subject: tcp@internet.com (your name)

    Which is it?
     
  3. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    I was wrong. When mail is received it has my name in the From block. It appears something or someone has my email address. The spam appears to come from me. Would changing password work? Is there any way to stop this stuff from being sent out.

    I have been helped by you in the past. Thanks for your response
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    1. "The spam appears to come from me.">> It will if your name is in the From: section- no matter which system it came from.
    2. " Would changing password work? ">> Probably not. That only works on your system. If it's going out from someone else's address book, the password isn't being used.
    3. "Is there any way to stop this stuff from being sent out. ">> If it is actually being sent from your computer due to a Worm, yes, we can find the Worm and remove it. If it's from another system, you won't be able to stop it but it usually eventually runs out.
    Hotmail is a free, web-base email and subject to a lot of abuse. You might want to consider switching to Yahoo- also free, web-based, but more secure than Hotmail. Or using Outlook Express or another program.

    Let's check your system for malware: NOTE: We have changed the preliminary programs so make note of that. If you still have Malwarebytes on the system from last time, uninstall it and install new version in the thread.
    Run this first:
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Follow with the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply . Please paste the logs into your next reply.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  5. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Malwarebytes attached. Could not halt AVG antivirus. Could not find where to disable.

    ESET Online scan

    C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL Win32/Adware.FunWeb application
    C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL Win32/Adware.FunWeb application
    C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL a variant of Win32/Toolbar.MyWebSearch.B application
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Win32/Adware.FunWeb application
    C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL a variant of Win32/Toolbar.MyWebSearch.D application
    C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE Win32/Adware.FunWeb application
    C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application
    C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL a variant of Win32/Toolbar.MyWebSearch.J application
    C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application
    C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL a variant of Win32/Toolbar.MyWebSearch.K application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
    C:\Windows\System32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application
    Operating memory multiple threats
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, you have the MyWebSearch adware. Had you check the line for removal in Malwarebytes, most of it would have been removed. Instead, it shows No Action Taken.

    Please update and run Malwarebytes again, paying particular attention to the line:
    Be sure that everything is checked, and click Remove Selected.

    Follow this with a rescan of the Eset online scanner- most, if not all of these entries should have been found and quarantined.. If any others are found, I'll more them. Since so many files were infected, you most likely have other malware:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Please paste the Combofix report into your next reply. Okay to split and use another posts if needed.

    Important note: Stay away from the Fun Web Products site and any related to it. > 3D cursors, Smilies, Scrren saers all being junk with them!
     
  7. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4686

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    9/25/2010 4:13:36 PM
    mbam-log-2010-09-25 (16-13-36).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 327793
    Time elapsed: 1 hour(s), 6 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Much better:
    Please run this Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    
    DirLook::
    C:\b8412ac7da1e52623b
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"=-
    
    Driver::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Follow with Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  9. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    I think I did it right.

    Is antivirus Avair better than AVG?
     

    Attached Files:

  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    To disable the AVG Resident Shield:
    Please open the AVG Control Center
    • Double-click on the "AVG Resident Shield" component [​IMG])
    • Deselect the "Turn on AVG Resident Shield" checkmark
    • Save the setting.
    ==============================
    I would recommend either of these over AVG: Both of the following programs are free and known to be good:
    Avira Free
    Avast Home
    =============================
    Please run Eset online again. It did not scan.
    =============================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\program files\Viewpoint\Common\ViewpointService.exe
    Folder::
    c:\users\Public\AppData\Local\temp
    c:\users\IUSR_NMPR\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\bandit\AppData\Local\temp
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    
    Driver::
    Viewpoint Manager Service 
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    When you have finished Combofix and the Eset scan:
    Renable the AVG Resident Shield
    • Open the AVG Control Cente
    • Double-click on the "AVG Resident Shield" component
    • Select the "Turn on AVG Resident Shield" checkmark
    • Save the setting.
    ====================
    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Please paste the logs into your next reply- okay to use more than one post if needed.
     
  11. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    I think this should do it.
     

    Attached Files:

  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Will finish up when HijackThis log is available.

    Question: Are you using an HP computer and/or do you have a program named Soft Thinks?

    Any more reports on the email going out? Did you check in your Sent Folder to see if the mail is showing there?
     
  13. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    I have HP.

    Just missed the hijackthis part of message. Not able to get this done as fast as I would like. Rushing too much.
     

    Attached Files:

  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Didn't mean for you to feel rushed! Take your time. I won't be back tonight.

    Please reopen HijackThis to 'do system scan only.'. Check each of the following, if present:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    02 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


    Close all windows Except HijackThis and click on "Fix Checked."
    ===================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON"=-
    "UpdReg"=-
    "HP Health Check Scheduler"=-
    "SunJavaUpdateReg"=-
    "HP Software Update"=-
    "SunJavaUpdateSched"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . No log needed.
    ====================
    Check Java please. I don't think you have the most recent version which is v6u21:

    Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ===========================================
    Let's do one more online AV scan. If clean, I'll have you remove the tools we used.

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =
     
  15. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Have had problems with Hijackthis. Finally seemed to work. Would not let me make a log because of previous file. Could not get it to work with Vista steps. Had to go to Run programs and delete a file. I see there is still one problem after running EST. Did not find RO Hklm file to check. Checked Java up to date.
     

    Attached Files:

  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please paste in the full Eset log- don't breaks off the entry. I need to be sure that all of the earlier entries are no longer there.check times and dates also. You've had problems with some of the programs. I will move the entry when I see the log.

    As for the problem with HJT, feel free to ask me if problems come up> if you get error messages, I need to know what they are.

    Have you decided to use Avira as your antivirus program? There are numerous AVG backups still on the system. I cam move them but you should run the following to remove AVG:
    AVG Removal: Note: You may have to reinstall AVG to uninstall it fully.

    Are you still hearing about emails being sent from your system? Is there anything else hat you notice from the malware? I'm concerned that we may not have all MyWebSearch off the system.
     
  17. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Should I redue the last steps you requested over again. I can try to get it done Saturday To replace the full log? My present log just shows the only one virus left. I may have to redue ESet

    Hjt Ok I will next time. It worked after I deleted a previous file. But it took me awhile.

    I changed over to Avair prior to the last scans. I will do the Avg remove you put in the last post

    No recent unwanted emails but the last Eset scan I did yesteday still had one virus
    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application

    Thanks for your response
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      
      :Files  
      C:\Program Files\Windows Live\Messenger\msimg32.dll
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  19. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Followed your recent directions. Tried it twice computer froze nothing would work except mouse would move. All processes killed. Unable to use control alt delete. Unable to shut computer off with main switch. Had to unplug computer twice. I don't see any recent files for today.

    Found this on my desktop. Labeled as desktopini
    Don't know what these are. [.ShellClassInfo]

    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

    Also found this.

    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183
    [LocalizedFileNames]
    Launch Internet Explorer Browser.lnk=@%windir%\System32\ie4uinit.exe,-733
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go to the Control Panel> Folder Options> View tab> check Hide protected operating system files-Recommended'> check 'do not show hidden files and folders'> Apply> OK.

    These files and folders should remain in the 'hidden' position at all times except when specifically looking for a file that is hidden, such as malware.

    Reboot and see if they are now gone from the desktop.

    You have had problems running some of the programs such as HijackThis. Have you tried to change setting? At what point did the freeze begin? Did you remove the files in the script? Did you find the full eset log?
     
  21. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Ran Malwarebytes today. Looks good.
    Will be out of town next five days. Not able to check computer until i returns



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4746

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    10/5/2010 9:07:16 AM
    mbam-log-2010-10-05 (09-07-16).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 332590
    Time elapsed: 1 hour(s), 6 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  22. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Files gone after reboot. Some reason the setting changed after running Moveit. Thought I solved the problem with hijack when I sent files from previous post. The freeze occurred when I followed your post to run OTMOVEIT.
    just sent log on malwarebytes today. I could check hijack again if u want. I wil be around for the rest of today then gone for five days. Thanks
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you hid the system files and the desktop entries are gone, try OTMoveIt again. That's the only thing left to do. Or if this freezes the system for some unknown reason, run the Eset scan again but check for removal.

    [*] Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is checked

    This is a one time thing- I prefer to move the files myself. I don't understand why these programs are giving you problems-what it could be on the system.
     
  24. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Just ran OTM worked fine ????


    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    File/Folder C:\Program Files\Windows Live\Messenger\msimg32.dll not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: bandit
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 57333183 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109229 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 55.00 mb


    OTM by OldTimer - Version 3.1.16.1 log created on 10052010_151008

    Files moved on Reboot...
    C:\Users\bandit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AJ9FTX96\msn_com[1].htm moved successfully.
    C:\Users\bandit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AJ9FTX96\newreply[1].htm moved successfully.
    C:\Users\bandit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2MJ8BXHU\Include[1].htm moved successfully.
    C:\Users\bandit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2MJ8BXHU\Sync[1].htm moved successfully.
    C:\Users\bandit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Let me know your status when you get back.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...