Jump to content

Recommended Posts

My hotmail account was recently hacked. It's a personal thing and I know who's doing it, it's not random or a bot or anything like that. I did change my password and did all that sort of security thing yet he's still getting in. I've had a bunch of people wonder if there's a keystroke tracker on my comp. They told me to run a scan and post the log here and you could tell me if it found one or not. If I was mis-informed I apologize but I'd appreciate help if I can get it, thanks!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7606

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

29/08/2011 11:20:34 PM

mbam-log-2011-08-29 (23-20-34).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)

Objects scanned: 310164

Time elapsed: 8 hour(s), 10 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 1

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\Bonnie\my documents\downloads\popularscreensavers.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b4fcc538-56b8-4db4-8e4c-bcb597076135}\RP1111\A0170473.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b4fcc538-56b8-4db4-8e4c-bcb597076135}\RP1111\A0170474.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b4fcc538-56b8-4db4-8e4c-bcb597076135}\RP1111\A0170475.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

You need to contact your local authorities about this person.

If there is a hardware keylogger in place, I cannot detect it (though you could look for one connected to your computer).

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.