Jump to content


Photo

rewardamazon spyware


  • Please log in to reply
7 replies to this topic

#1 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 July 2007 - 10:13 PM

I have exactly the same problem described as in thread
http://forums.spywar...howtopic=101914

basically something in explorer is causing stuff to pop up, mainly from rewardamazon, clickbooth, etc. The window has highest priority and has a windows XP close button that is about half as big as normal. it cannot be minimized.

I ran adaware and spybot, and deleted everything adaware told me to. spybot couldn't delete a few things, even at startup.

thanks for the help!

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes, 06 July 2007 - 02:57 AM.


#2 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 July 2007 - 07:09 PM

I have exactly the same problem described as in thread
http://forums.spywar...howtopic=101914

basically something in explorer is causing stuff to pop up, mainly from rewardamazon, clickbooth, etc. The window has highest priority and has a windows XP close button that is about half as big as normal. it cannot be minimized.

I ran adaware and spybot, and deleted everything adaware told me to. spybot couldn't delete a few things, even at startup.

thanks for the help!

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.


AVG anti-spyware (ewido)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:03:01 PM 7/6/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP687\A0103729.exe -> Adware.PurityScan : No action taken.
C:\WINDOWS\b122.exe -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103789.dll -> Adware.Viewpoint : No action taken.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP686\A0103510.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103766.exe -> Downloader.Agent.bls : No action taken.
C:\2F7.tmp -> Downloader.PurityScan.eg : No action taken.
C:\WINDOWS\b104.exe -> Downloader.Small.buy : No action taken.
C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : No action taken.
:mozilla.6:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.10:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.143:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.230:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@arn.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.24:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.25:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.34:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.188:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.189:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.52:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.35:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.64:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.36:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.51:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.87:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : No action taken.
:mozilla.88:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : No action taken.
:mozilla.114:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.115:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@search.msn[1].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.38:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.39:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.40:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.41:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.158:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.159:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.174:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.175:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.176:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.185:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.186:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.83:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.194:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.195:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.196:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.197:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.198:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.33:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.209:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.210:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.219:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.220:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.221:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.177:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.178:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.179:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.180:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.181:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103765.vbs -> Trojan.Small : No action taken.
C:\WINDOWS\SmFtZXMgQWxicmVjaHQ\mAIQtrg0kqU2wAp3uJk.vbs -> Trojan.Small : No action taken.
C:\WINDOWS\system32\wnscpicomsv.exe -> Trojan.Small : No action taken.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\UnInstall.exe -> Trojan.Small.oa : No action taken.


::Report end

hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 8:06:15 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\Kerberos\leash32.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\James Albrecht\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

/autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program

Files\Kerberos\leash32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown

owner - C:\DOCUME~1\JAMESA~1\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner -

C:\WINDOWS\SmFtZXMgQWxicmVjaHQ\command.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program

Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

#3 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 July 2007 - 07:11 PM

oops all those say no action taken, all of these were dealt with except 4 which were automatically ignored.
I still have my problem though

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:04:07 PM 7/6/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP687\A0103729.exe -> Adware.PurityScan : Ignored.
C:\WINDOWS\b122.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103789.dll -> Adware.Viewpoint : Ignored.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP686\A0103510.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103766.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\2F7.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.24:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.188:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.189:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.52:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.35:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.64:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.51:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.87:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.88:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.114:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.115:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.38:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.158:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.159:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.174:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.175:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.176:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.185:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.186:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.194:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.195:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.196:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.33:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.209:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.210:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.219:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.220:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.221:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.177:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.178:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.179:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.180:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.181:C:\Documents and Settings\James Albrecht\Application Data\Mozilla\Firefox\Profiles\jevs6qz1.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\James Albrecht\Local Settings\Temp\Cookies\james albrecht@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\James Albrecht\Cookies\james_albrecht@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{FC159545-6D4E-49C0-832D-252B60CACBD5}\RP688\A0103765.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SmFtZXMgQWxicmVjaHQ\mAIQtrg0kqU2wAp3uJk.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnscpicomsv.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\James Albrecht\Local Settings\Temp\UnInstall.exe -> Trojan.Small.oa : Cleaned with backup (quarantined).


::Report end

#4 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 July 2007 - 07:54 PM

these problems couldn't be fixed by spybot even at startup:
Command Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Smitfraud-C.CoreService
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

#5 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 July 2007 - 08:35 PM

these problems couldn't be fixed by spybot even at startup:
Command Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Smitfraud-C.CoreService
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core



The command service thing is now gone thanks to some other application, but the smit thing is still there. Do you guys know if the smit thing is what is causing all my problems, or something else?

in the meantime I'll try to get rid of the smit thing

#6 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 07 July 2007 - 02:05 AM

alright I ran some crazy program and it got rid of everything, thx anyway

i'll let you know if I have more problems

#7 genralyoda

genralyoda

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 07 July 2007 - 12:55 PM

FYI the program that fixed it was "combofix.exe"

it did some crazy shit through the CMD, but it worked. pretty easy to use.

#8 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 08 July 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button