My Outlook has been hacked!

I have run SuperAnti-Spy and AVG and they found zilch, but my Outlook program is STILL sending hundreds of spam emails out, I got over 2000 bounce messages this morning! I ran a hijackthis log. Have posted it below, very grateful for any help. I am running Windows 2000 (cheap company I work for) with Office XP.


:cry

 

Hi Geminisoup,
Welcome to Major Geeks!

Your computer is infected. Please work through the instructions in the READ & RUN ME FIRST and attach the requested logs
so we can get a more thorough picture than what your HJT log indicates.

Before you start, check your add/remove programs for Outerinfo and if found, uninstall it. Also, you don't have to run SuperAntiSpyware again if you just ran it. If you have the log for it, you can attach that with the others.

Thanks.
abri

 

Thanks for the response. I will read and follow the suggested list and repost. But I cannot get into Add/Remove Progs, it hangs and I have to reboot to get the "populating" screen to go away.:confused

 

Ok, I ran Spybot Search and Destroy, it found NOTHING! Just finished running MBAM and here is the log:

Malwarebytes' Anti-Malware 1.11
Database version: 693

Scan type: Quick Scan
Objects scanned: 30267
Time elapsed: 23 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I will be running ComboFix in a minute.

Anybody got a clue why I can't get into Add/Remove Programs?

 

Okay, here's ComboFix's results:

 

Okay,

Just finished MGTools. Log is attached. I hope this fixes it. But I don't know how to tell unless I just keep getting returned Spam messages....any help (especially on that Add/Remove Programs matter) is greatly appreciated. i LOVE geeks! :drool

 

Hi geminisoup,

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS

After you click fix, just close hijackthis.

2) Now run CCleaner at the default setting with the Windows tab as the top one.


If you're still having the same problems, continue with step 3. Otherwise skip down to step 4.

3) Please follow the instructions in Running BitDefender Online Scan . The steps for getting a usable log are described in this. It's a thorough scan, so please allow yourself plenty of time. When you finish, it if finds anything, please attach the log.

4) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip

Thanks.
abri