• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
genralyoda

rewardamazon spyware

8 posts in this topic

I have exactly the same problem described as in thread

http://forums.spywareinfo.com/index.php?showtopic=101914

 

basically something in explorer is causing stuff to pop up, mainly from rewardamazon, clickbooth, etc. The window has highest priority and has a windows XP close button that is about half as big as normal. it cannot be minimized.

 

I ran adaware and spybot, and deleted everything adaware told me to. spybot couldn't delete a few things, even at startup.

 

thanks for the help!

 

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes

Share this post


Link to post
Share on other sites

I have exactly the same problem described as in thread

http://forums.spywareinfo.com/index.php?showtopic=101914

 

basically something in explorer is causing stuff to pop up, mainly from rewardamazon, clickbooth, etc. The window has highest priority and has a windows XP close button that is about half as big as normal. it cannot be minimized.

 

I ran adaware and spybot, and deleted everything adaware told me to. spybot couldn't delete a few things, even at startup.

 

thanks for the help!

 

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

 

AVG anti-spyware (ewido)

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 8:03:01 PM 7/6/2007

 

+ Scan result:

 

 

 

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP687\A0103729.exe -> Adware.PurityScan : No action taken.

C:\WINDOWS\b122.exe -> Adware.Softomate : No action taken.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103789.dll -> Adware.Viewpoint : No action taken.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP686\A0103510.exe -> Downloader.Agent.bls : No action taken.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103766.exe -> Downloader.Agent.bls : No action taken.

C:\2F7.tmp -> Downloader.PurityScan.eg : No action taken.

C:\WINDOWS\b104.exe -> Downloader.Small.buy : No action taken.

C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : No action taken.

:mozilla.6:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.

:mozilla.10:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.11:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.12:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.13:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.143:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.14:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.15:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.230:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.69:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.7:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.8:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.9:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@arn.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.

:mozilla.24:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.25:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.34:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.

:mozilla.188:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.

:mozilla.189:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.

:mozilla.52:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.

:mozilla.35:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.

:mozilla.64:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.36:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Cnn : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.

:mozilla.51:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.87:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : No action taken.

:mozilla.88:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : No action taken.

:mozilla.114:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.115:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@search.msn[1].txt -> TrackingCookie.Msn : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.

:mozilla.38:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.39:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.40:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.41:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.

:mozilla.158:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.159:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.174:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.175:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.176:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.185:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.186:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.83:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.

:mozilla.194:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.195:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.196:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.197:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.198:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.33:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.

:mozilla.209:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.210:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.219:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.220:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.221:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.

:mozilla.177:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.

:mozilla.178:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.

:mozilla.179:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.

:mozilla.180:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.

:mozilla.181:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@zedo[1].txt -> TrackingCookie.Zedo : No action taken.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103765.vbs -> Trojan.Small : No action taken.

C:\WINDOWS\SmFtZXMgQWxicmVjaHQ\mAIQtrg0kqU2wAp3uJk.vbs -> Trojan.Small : No action taken.

C:\WINDOWS\system32\wnscpicomsv.exe -> Trojan.Small : No action taken.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\UnInstall.exe -> Trojan.Small.oa : No action taken.

 

 

::Report end

 

hijack this:

Logfile of HijackThis v1.99.1

Scan saved at 8:06:15 PM, on 7/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MIT\KLP\klptray.exe

C:\Program Files\Kerberos\krbcc32s.exe

C:\Program Files\Kerberos\leash32.exe

C:\Program Files\Java\jre1.6.0\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Documents and Settings\James Albrecht\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

 

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

 

Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

 

Files\Java\jre1.6.0\bin\ssv.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

 

-osboot

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

 

7.5\avgas.exe" /minimized

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

 

/autocheck

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

 

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

 

7.0\Reader\reader_sl.exe

O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe

O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program

 

Files\Kerberos\leash32.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

 

Files\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

 

Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

 

Files\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

 

C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

 

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

 

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG

 

Anti-Spyware 7.5\guard.exe

O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown

 

owner - C:\DOCUME~1\JAMESA~1\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner -

 

C:\WINDOWS\SmFtZXMgQWxicmVjaHQ\command.exe (file missing)

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program

 

Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

 

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Share this post


Link to post
Share on other sites

oops all those say no action taken, all of these were dealt with except 4 which were automatically ignored.

I still have my problem though

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 8:04:07 PM 7/6/2007

 

+ Scan result:

 

 

 

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP687\A0103729.exe -> Adware.PurityScan : Ignored.

C:\WINDOWS\b122.exe -> Adware.Softomate : Ignored.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103789.dll -> Adware.Viewpoint : Ignored.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP686\A0103510.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103766.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\2F7.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).

C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).

C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).

:mozilla.6:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.10:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.11:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.12:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.13:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.143:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.14:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.15:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.230:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.69:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.7:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.8:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.9:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.24:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.25:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.34:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.

:mozilla.188:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.189:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.

:mozilla.52:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.35:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.64:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.36:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.51:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.87:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.

:mozilla.88:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.

:mozilla.114:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.115:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.38:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.39:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.40:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.41:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.158:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.159:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.174:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.175:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.176:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.185:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.186:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.83:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.194:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.195:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.196:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.197:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.198:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.33:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.209:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.210:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.219:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.220:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.221:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.177:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.178:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.179:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.180:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

:mozilla.181:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103765.vbs -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\SmFtZXMgQWxicmVjaHQ\mAIQtrg0kqU2wAp3uJk.vbs -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\wnscpicomsv.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\Documents and Settings\James Albrecht\Local Settings\Temp\UnInstall.exe -> Trojan.Small.oa : Cleaned with backup (quarantined).

 

 

::Report end

Share this post


Link to post
Share on other sites

these problems couldn't be fixed by spybot even at startup:

Command Service

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Smitfraud-C.CoreService

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

Share this post


Link to post
Share on other sites

these problems couldn't be fixed by spybot even at startup:

Command Service

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Smitfraud-C.CoreService

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

 

 

The command service thing is now gone thanks to some other application, but the smit thing is still there. Do you guys know if the smit thing is what is causing all my problems, or something else?

 

in the meantime I'll try to get rid of the smit thing

Share this post


Link to post
Share on other sites

FYI the program that fixed it was "combofix.exe"

 

it did some crazy shit through the CMD, but it worked. pretty easy to use.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0