My e-mail is spamming people?

Afran · Aug 11, 2011

Seems really strange, my computer doesn't appear to be infected at all (ran malwarebytes, spybot S&D, ad-aware) as well as had hjt/gmer/dds analyzed elsewhere and my e-mail is only accessed from my own computer, I've changed my password although it wasn't easy to guess in the first place, to a 30+ character mix of letters and numerals both capital and lowercase but it's still happening ;o basically my account is sending links to online shops (obviously fake) for tablets n shit and the e-mail goes out to everyone on my list of contacts

Any ideas? Oo

GimmlyThe3rd · Aug 11, 2011

If you changed your pass you obviously are infected so why didn't you post in tech section? what e-mail client etc?

Download hijackthis (google) do a full scan and post the log.

Deebs · Aug 11, 2011

Moved to Techie Discussion.

Afran · Aug 11, 2011

Never even noticed this sub-forum, must be somewhat new!

It's hotmail gimmly, used the same account since 2001 and never had an issue with it, here's the log from hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:32, on 11/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3535433742-1277517825-2844441449-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3535433742-1277517825-2844441449-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 4566 bytes

GimmlyThe3rd · Aug 11, 2011

Can't see much there tbh, but try this and post this log to be sure

Bleeping Computer Downloads: DDS

You have Zone alarm and spybot S&D installed I take it?

ST^ · Aug 11, 2011

Did you do a scan in safe mode?

Which contacts list is it spamming? Hotmail/MSN or an email client or what?

Afran · Aug 11, 2011

ST^ - for malware/spybot I did in both normal and safe mode

The contact list it's spamming is my hotmail/msn contacts and any e-mail contact I've saved

Gimmly - Indeed have those installed. DDS produced two logs, not sure which is relevant so here's both;

"Attach"

DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/07/2011 19:07:07
System Uptime: 11/08/2011 13:21:23 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-UD2H
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | Socket 1156 | 2926/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 133.32 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2804&SUBSYS_80860101&REV_1000\4&35A89E12&0&0301
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2804&SUBSYS_80860101&REV_1000\4&35A89E12&0&0301
Service: HdAudAddService
.
==== System Restore Points ===================
.
RP40: 29/07/2011 13:00:58 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP41: 29/07/2011 13:01:57 - Installed Java(TM) 6 Update 22
RP42: 29/07/2011 13:02:26 - Installed OpenOffice.org 3.3
RP43: 30/07/2011 03:58:23 - Installed Microsoft Visual C++ 2005 Redistributable
RP45: 30/07/2011 03:59:23 - Installed DirectX
RP46: 30/07/2011 22:26:49 - Windows Update
RP47: 09/08/2011 23:14:37 - Scheduled Checkpoint
RP48: 10/08/2011 12:40:18 - Windows Update
RP49: 10/08/2011 13:01:08 - Windows Update
RP50: 11/08/2011 02:15:50 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Eraser 6.0.8.2273
Fraps (remove only)
Heroes of Newerth
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
League of Legends
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Morrowind
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 275.33
NVIDIA 3D Vision Driver 275.33
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.3.5
NVIDIA Update Components
OpenOffice.org 3.3
Pando Media Booster
RIFT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Spybot - Search & Destroy
TeamSpeak 3 Client
TES Construction Set

"DDS"

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Elinae at 14:07:44 on 2011-08-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3579.2205 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{61613FE9-E03A-4C38-9458-8273346B6894} : DhcpNameServer = 192.168.1.254
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elinae\appdata\roaming\mozilla\firefox\profiles\svenxrep.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en&complete=1
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-10 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-11 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-11 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-10 22712]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-10 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-12 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-11 1343400]
.
=============== Created Last 30 ================
.
2011-08-11 01:29:20 -------- d-----w- c:\users\elinae\appdata\local\ElevatedDiagnostics
2011-08-10 12:00:57 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 11:59:53 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-10 11:59:53 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 11:59:53 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 11:59:53 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 11:59:53 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 11:59:53 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 11:40:29 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00767787-2b82-4f43-a6e6-d3675d7b95dc}\mpengine.dll
2011-08-10 11:27:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-10 11:27:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 11:27:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 12:05:27 -------- d-----w- c:\users\elinae\appdata\roaming\OpenOffice.org
2011-07-29 12:02:49 -------- d-----w- c:\program files\OpenOffice.org 3
2011-07-29 04:05:10 -------- d-----w- c:\users\elinae\riotsGamesLogs
2011-07-22 00:10:21 -------- d-----w- C:\Fraps
2011-07-21 00:25:34 -------- d-----w- c:\users\elinae\appdata\roaming\LolClient
2011-07-20 17:45:58 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-07-20 17:45:58 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-07-20 17:45:57 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-20 16:32:03 -------- d-----w- c:\users\elinae\appdata\local\PMB Files
2011-07-20 16:32:02 -------- d-----w- c:\programdata\PMB Files
2011-07-20 16:31:47 -------- d-----w- c:\program files\Pando Networks
2011-07-20 03:34:36 -------- d-----w- c:\program files\Heroes of Newerth
2011-07-19 04:17:21 -------- d-----w- c:\program files\Bethesda Softworks
2011-07-19 04:16:49 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-07-19 04:16:49 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-07-19 04:16:49 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2011-07-19 04:16:49 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-07-19 04:12:38 -------- d-----w- c:\program files\Alcohol Soft
2011-07-19 04:09:02 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-07-15 01:08:41 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-07-15 01:08:37 222080 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 00:05:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-11 17:18:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-11 02:41:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 12:26:44 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-20 21:35:28 304744 ----a-w- c:\windows\system32\nvStreaming.exe
.
============= FINISH: 14:08:25.46 ===============

GimmlyThe3rd · Aug 11, 2011

hmmmm

GimmlyThe3rd · Aug 11, 2011

Can't see anything tbh, change your passwords, should be ok.

Afran · Aug 11, 2011

Very odd

Changed it yet again, absolutely no way someone can figure this out! So far it has seemed to do it every roughly 24 hours, will post again tomorrow should it re occur

MYstIC G · Aug 11, 2011

Is there a way in Hotmail to sign out all your old sessions like there is in google mail?

MYstIC G · Aug 11, 2011

If not try enabling the forced SSL connection and changing your password again.

https://account.live.com/ManageSSL

dysfunction · Aug 11, 2011

Try combofix as well. It sometimes finds things that the other ones don't. It also creates a log that you can post on here for someone like gimmly to look at.

Bleeping Computer Downloads: ComboFix Download

caLLous · Aug 11, 2011

Also, have you considered this?

Zarjazz · Aug 12, 2011

How do you know it's even your actual Hotmail account doing the spamming?

It's incredibly easy to fake the email sender address and it's very common for spammers to do this with "real" email addresses to try and avoid spam filters.

Kryten · Aug 12, 2011

Hotmail is one of the easiest targets for spammers, and it's usually just a case of a comprimised account rather than an actual infection.

Afran · Aug 12, 2011

did make me laugh caLLous

Zarjazz; I've been getting around 100 delivery notification failures from the automated postmaster thing (its been sending them to long disactivated email addresses)

didn't happen this time, shall check again tomorrow :eek:

My e-mail is spamming people?

Afran

Part of the furniture

GimmlyThe3rd

Banned

Deebs

Chief Arsewipe

Afran

Part of the furniture

GimmlyThe3rd

Banned

ST^

Can't get enough of FH

Afran

Part of the furniture

GimmlyThe3rd

Banned

GimmlyThe3rd

Banned

Afran

Part of the furniture

MYstIC G

Official Licensed Lump of Coal™ Distributor

MYstIC G

Official Licensed Lump of Coal™ Distributor

dysfunction

FH is my second home

caLLous

I am a FH squatter

Zarjazz

Identifies as a horologist.

Kryten

Old Cow.

Afran

Part of the furniture

Users who are viewing this thread