Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Somethin nasty sent out spam

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Somethin nasty sent out spam

Unread postby pawsibleclaws » April 21st, 2010, 10:19 pm

The other day i used thunderbird to send some emails, the following day everyone in my contact list got spammed. soon as it happened i changed my email pw, have not used thunderbird since (i dont use it regularly anyways.)

here are my logs, let me know if there's anything else you need! thanks!!

hjt log:

Logfile of IObit HijackScan v1.0.0.0
Scan saved at 19:48:24, on 2010-4-21

Running processes:

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension -

{395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)

\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-

A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74

-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-

794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet

Explorer\0.5.36.0\gears.dll
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1

\YahooMessenger.exe" -quiet
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ISUSPM]

"C:\Program Files (x86)\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Google

Update]

"C:\Users\CareaBearaSara\AppData\Local\Google\Update\GoogleUpdate.e

xe" /c
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[DirectPlayerCore]

"C:\Users\CareaBearaSara\Desktop\DirectPlayerCore.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Dell

Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam

Central\WebcamDell.exe" /mode2
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[PCMService] "C:\Program Files (x86)

\Dell\MediaDirect\PCMService.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Dell

DataSafe Online] "C:\Program Files (x86)\Dell DataSafe

Online\DataSafeOnline.exe" /m
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4

\OpwareSE4.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Ad-

Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research

In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)

\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe"

/runkey
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe

Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe

ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0

\AdobeARM.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

atboottime
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit

Security 360] "C:\Program Files (x86)\IObit\IObit Security 360

\IS360tray.exe" /autostart
O9 - Extra button: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-

B25EAC5965F5} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in

1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Java Plug-in

1.6.0_07 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Java Plug-in

1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in

1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

windows-i586.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea

Electronics Corporation - C:\Windows\System32

\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) -

AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint

Sensor\ATService.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown -

C:\Windows\SysWOW64\CSHelper.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown

-
O23 - Service: Dock Login Service (DockLoginService) - Stardock

Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) -

DigitalPersona, Inc. - C:\Program Files (x86)

\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: Windows Media Center Service Launcher (ehstart) -

Unknown - %windir%\system32\svchost.exe
O23 - Service: Group Policy Client (gpsvc) - Unknown -
O23 - Service: Google Update Service (gupdate) (gupdate) - Google

Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%

\Microsoft.NET\Framework64\v3.0\Windows Communication

Foundation\infocard.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown -

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware

Service) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-

Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program

Files\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\Program Files\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -

McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler

4.0) - Unknown - C:\Program Files (x86)\Common Files\Nero\Nero

BackItUp 4\NBService.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) -

Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows

Communication Foundation\SMSvcHost.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) -

Unknown - %windir%\system32\svchost.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown -

C:\Program Files (x86)\Common Files\Roxio Shared\9.0

\SharedCOM\RoxLiveShare9.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%

\system32\svchost.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. -

C:\Windows\System32

\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown

-
O23 - Service: Windows Modules Installer (TrustedInstaller) -

Unknown -
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown

- C:\Windows\System32\WLTRYSVC.EXE %SystemRoot%\System32

\bcmwltry.exe
O23 - Service: Windows Media Player Network Sharing Service

(WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media

Player\wmpnetwk.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program

Files (x86)\IObit\IObit Security 360\IS360srv.exe



Uninstall list:

Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced Audio FX Engine
AnyDVD
Apple Software Update
ArtistScope Plugin FX 42
AuthenTec Fingerprint System
Banctec Service Agreement
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
Browser Address Error Redirector
Browser Address Error Redirector
Canon MP Navigator EX 1.0
Canon MX300 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloneDVD2
Comcast Access
Comcast Access
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Coupon Printer for Windows
Dell DataSafe Online
Dell Getting Started Guide
Dell Video Chat (remove only)
Dell Webcam Central
DVD Shrink 3.2
EDocs
Flickr Uploadr 3.2.1
Google Gears
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IObit Security 360
ITECIR
Java(TM) 6 Update 18
Java(TM) 6 Update 7
LimeWire 5.5.7
Live! Cam Avatar Creator
McAfee SecurityCenter
MediaDirect
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (2.0.0.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Pando Media Booster
PIXMA Extended Survey Program
Presto! PageManager 7.15.16
QuickTime
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 9
Stream Torrent 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Winamp Remote
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
pawsibleclaws
Active Member
 
Posts: 1
Joined: April 21st, 2010, 10:08 pm
Advertisement
Register to Remove

Re: Somethin nasty sent out spam

Unread postby NonSuch » April 21st, 2010, 10:50 pm

Please read the instructions for creating and posting a HijackThis log, and do not use IOBit, use Trend Micro's HijackThis:

http://malwareremoval.com/forum/viewtop ... 81#p491381

Turn off Word Wrap in the Notepad report before copying and posting the log in a new topic. Your log is unreadable in it's present state. To turn Word Wrap off, click on "format" at the top of the text document and uncheck Word Wrap. Save the change.

This topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware