spyware attachments

mrsjlangford · 09-04-2009, 06:50 AM

ark.zip

attach.zip

mrsjlangford · 09-04-2009, 07:53 AM

DDS (Ver_09-07-30.01) - NTFSx86
Run by x at 6:29:43.63 on Fri 09/04/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearch Page =
uWindow Title = Road Runner High Speed Online
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: WebManager Class: {d5792aa9-d373-4039-8670-2cdab6a71f15} - c:\program files\torrentsoftware\TorrentManager.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BLUE FILE] c:\docume~1\x\applic~1\mailde~1\one exit.exe
mRun: [Up Balm Ball Bone] c:\documents and settings\all users\application data\tons chin up balm\size tray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Little%20Shop%20of%20Treasures/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199977468194
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\sunset studio\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-04 00:10 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-04 00:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-04 00:10 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-04 00:10 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-04 00:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-04 00:10 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-04 00:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-04 00:10 <DIR> --d----- C:\7fe288633a71c9a780f1e176b723c0fd
2009-09-03 17:34 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-09-03 17:33 <DIR> --d----- c:\program files\Maildebuglink
2009-09-03 17:12 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-26 16:04 <DIR> --d----- c:\program files\MyWebSearch
2009-08-06 22:31 <DIR> --d----- c:\windows\system32\XPSViewer

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll
2008-11-06 12:34 774,144 ac------ c:\program files\RngInterstitial.dll
2008-02-29 20:31 0 ac------ c:\program files\temp01
2008-09-28 13:19 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092820080929\index.dat
2008-10-13 07:15 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat
2009-01-05 06:48 32,768 ac-sh--- c:\windows\temp\history\history.ie5\mshist012008122920090105\index.dat
2009-01-06 01:08 98,304 ac-sh--- c:\windows\temp\history\history.ie5\mshist012009010520090106\index.dat

============= FINISH: 6:34:12.84 ===============

Ried · 09-04-2009, 08:21 AM

Hello mrsjlangford,

Please do not begin multiple threads for the same issue. I've merged your 2 threads together here.

Please tell us what is wrong with the computer and why you've posted logs. The more information you provide, the better we are able to assist you.

The ark.txt you attached is empty. Try again to run the scan as outlined in our pre-posting topic. Follow the instructions step by step:

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark2.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please attach the ark.txt in your next reply

09-04-2009, 06:50 AM	#1 (permalink)
mrsjlangford Registered User Join Date: Sep 2009 Posts: 3 OS: xp	spyware attachments ark.zip attach.zip

09-04-2009, 07:53 AM	#2 (permalink)
mrsjlangford Registered User Join Date: Sep 2009 Posts: 3 OS: xp	dds files DDS (Ver_09-07-30.01) - NTFSx86 Run by x at 6:29:43.63 on Fri 09/04/2009 Internet Explorer: 8.0.6001.18702 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.att.net uSearch Page = uWindow Title = Road Runner High Speed Online uSearch Bar = uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: WebManager Class: {d5792aa9-d373-4039-8670-2cdab6a71f15} - c:\program files\torrentsoftware\TorrentManager.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: TBSB04757 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\freeze.com toolbar\freeze_us.dll TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [BLUE FILE] c:\docume~1\x\applic~1\mailde~1\one exit.exe mRun: [Up Balm Ball Bone] c:\documents and settings\all users\application data\tons chin up balm\size tray.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Little%20Shop%20of%20Treasures/Images/stg_drm.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199977468194 DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\sunset studio\images\armhelper.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-09-04 00:10 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-09-04 00:10 117,760 -------- c:\windows\system32\prntvpt.dll 2009-09-04 00:10 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-09-04 00:10 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-09-04 00:10 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-09-04 00:10 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-09-04 00:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-09-04 00:10 <DIR> --d----- C:\7fe288633a71c9a780f1e176b723c0fd 2009-09-03 17:34 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx 2009-09-03 17:33 <DIR> --d----- c:\program files\Maildebuglink 2009-09-03 17:12 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-08-26 16:04 <DIR> --d----- c:\program files\MyWebSearch 2009-08-06 22:31 <DIR> --d----- c:\windows\system32\XPSViewer ==================== Find3M ==================== 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll 2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll 2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll 2008-11-06 12:34 774,144 ac------ c:\program files\RngInterstitial.dll 2008-02-29 20:31 0 ac------ c:\program files\temp01 2008-09-28 13:19 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092820080929\index.dat 2008-10-13 07:15 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat 2009-01-05 06:48 32,768 ac-sh--- c:\windows\temp\history\history.ie5\mshist012008122920090105\index.dat 2009-01-06 01:08 98,304 ac-sh--- c:\windows\temp\history\history.ie5\mshist012009010520090106\index.dat ============= FINISH: 6:34:12.84 ===============

09-04-2009, 08:21 AM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: spyware attachments Hello mrsjlangford, Please do not begin multiple threads for the same issue. I've merged your 2 threads together here. Please tell us what is wrong with the computer and why you've posted logs. The more information you provide, the better we are able to assist you. The ark.txt you attached is empty. Try again to run the scan as outlined in our pre-posting topic. Follow the instructions step by step: In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "ark2.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please attach the ark.txt in your next reply __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."