Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Somethin nasty sent out spam

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Somethin nasty sent out spam

Unread postby pawsibleclaws » April 21st, 2010, 10:19 pm

The other day i used thunderbird to send some emails, the following day everyone in my contact list got spammed. soon as it happened i changed my email pw, have not used thunderbird since (i dont use it regularly anyways.)

here are my logs, let me know if there's anything else you need! thanks!!

hjt log:

Logfile of IObit HijackScan v1.0.0.0
Scan saved at 19:48:24, on 2010-4-21

Running processes:

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common

O2 - BHO: DigitalPersona Fingerprint Software Extension -

{395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-

A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74

-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-

794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1

\YahooMessenger.exe" -quiet
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ISUSPM]

"C:\Program Files (x86)\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Google



xe" /c
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:

[WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\:


O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Dell

Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam

Central\WebcamDell.exe" /mode2
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[PCMService] "C:\Program Files (x86)

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Dell

DataSafe Online] "C:\Program Files (x86)\Dell DataSafe

Online\DataSafeOnline.exe" /m
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Ad-

Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research

In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)

\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe

Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe

ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\:

[QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit

Security 360] "C:\Program Files (x86)\IObit\IObit Security 360

\IS360tray.exe" /autostart
O9 - Extra button: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-

B25EAC5965F5} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in

1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Java Plug-in

1.6.0_07 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Java Plug-in

1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-


1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea

Electronics Corporation - C:\Windows\System32

O23 - Service: AuthenTec Fingerprint Service (ATService) -

AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown -

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown

O23 - Service: Dock Login Service (DockLoginService) - Stardock

Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) -

DigitalPersona, Inc. - C:\Program Files (x86)

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: Windows Media Center Service Launcher (ehstart) -

Unknown - %windir%\system32\svchost.exe
O23 - Service: Group Policy Client (gpsvc) - Unknown -
O23 - Service: Google Update Service (gupdate) (gupdate) - Google

Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%

\Microsoft.NET\Framework64\v3.0\Windows Communication

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown -

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware

Service) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\Program Files\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

O23 - Service: McAfee Personal Firewall Service (MpfService) -

McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler

4.0) - Unknown - C:\Program Files (x86)\Common Files\Nero\Nero

BackItUp 4\NBService.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) -

Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows

Communication Foundation\SMSvcHost.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) -

Unknown - %windir%\system32\svchost.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown -

C:\Program Files (x86)\Common Files\Roxio Shared\9.0

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%

O23 - Service: Audio Service (STacSV) - IDT, Inc. -


O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown

O23 - Service: Windows Modules Installer (TrustedInstaller) -

Unknown -
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown

- C:\Windows\System32\WLTRYSVC.EXE %SystemRoot%\System32

O23 - Service: Windows Media Player Network Sharing Service

(WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media

O23 - Service: IS360service (IS360service) - IObit - C:\Program

Files (x86)\IObit\IObit Security 360\IS360srv.exe

Uninstall list:

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced Audio FX Engine
Apple Software Update
ArtistScope Plugin FX 42
AuthenTec Fingerprint System
Banctec Service Agreement
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
Browser Address Error Redirector
Browser Address Error Redirector
Canon MP Navigator EX 1.0
Canon MX300 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comcast Access
Comcast Access
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Coupon Printer for Windows
Dell DataSafe Online
Dell Getting Started Guide
Dell Video Chat (remove only)
Dell Webcam Central
DVD Shrink 3.2
Flickr Uploadr 3.2.1
Google Gears
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IObit Security 360
Java(TM) 6 Update 18
Java(TM) 6 Update 7
LimeWire 5.5.7
Live! Cam Avatar Creator
McAfee SecurityCenter
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pando Media Booster
PIXMA Extended Survey Program
Presto! PageManager 7.15.16
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 9
Stream Torrent 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp Remote
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Active Member
Posts: 1
Joined: April 21st, 2010, 10:08 pm
Register to Remove

Re: Somethin nasty sent out spam

Unread postby NonSuch » April 21st, 2010, 10:50 pm

Please read the instructions for creating and posting a HijackThis log, and do not use IOBit, use Trend Micro's HijackThis:

http://malwareremoval.com/forum/viewtop ... 81#p491381

Turn off Word Wrap in the Notepad report before copying and posting the log in a new topic. Your log is unreadable in it's present state. To turn Word Wrap off, click on "format" at the top of the text document and uncheck Word Wrap. Save the change.

This topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Posts: 27574
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 77 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware