AOL account sending spam mail

[rePete]

The email has a link to LINK REMOVED: LDT

I have temporarily deleted all of my AOL contacts to prevent the spam messages. How do I remove the virus from the AOL email program? Thanks for your assistance... I have the Attach and Ark text files if you need them.

Pete

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7755

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

9/25/2011 6:47:39 PM

mbam-log-2011-09-25 (18-47-39).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 291977

Time elapsed: 50 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Peter at 19:31:50 on 2011-09-25

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2008.550 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM13Mon.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{A7520D54-3B62-4713-BE8D-1DB91040CCF9} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{F3946FDD-A82D-495E-95ED-23CE5680A04D} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\mkeewnfy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN&q=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z006&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q=

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\peter\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft Default Manager: DefaultManager@Microsoft - %profile%\extensions\DefaultManager@Microsoft

FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-4 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-4 482432]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110923.030\IDSvix86.sys [2011-9-23 368248]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-3 105592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-20 22216]

.

=============== Created Last 30 ================

.

2011-09-25 00:29:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f31f6b1-beec-48dd-9e02-2e24ecca60fd}\offreg.dll

2011-09-23 20:37:03 -------- d-----w- c:\program files\CCleaner

2011-09-23 20:26:02 -------- d-----w- c:\programdata\AVS4YOU

2011-09-23 20:26:00 -------- d-----w- c:\users\peter\appdata\roaming\AVS4YOU

2011-09-23 20:25:32 24576 ----a-w- c:\windows\system32\msxml3a.dll

2011-09-23 20:25:32 -------- d-----w- c:\program files\common files\AVSMedia

2011-09-23 20:25:31 -------- d-----w- c:\program files\AVS4YOU

2011-09-23 12:31:05 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f31f6b1-beec-48dd-9e02-2e24ecca60fd}\mpengine.dll

2011-09-20 15:14:09 -------- d-----w- c:\users\peter\appdata\roaming\Malwarebytes

2011-09-20 15:14:01 -------- d-----w- c:\programdata\Malwarebytes

2011-09-20 15:13:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-20 15:13:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 14:59:50 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-20 02:16:26 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-09-20 02:16:20 -------- d-----w- c:\program files\Panda Security

2011-09-19 14:23:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-19 14:23:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-14 17:58:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-08-31 02:26:38 -------- d-----w- c:\program files\iPod

2011-08-31 02:26:37 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 19:33:43.64 ===============

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!