Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

can't remove spy sheriff

Started by chrisk45 , Jul 23 2005 12:30 PM

This topic is locked

#1
chrisk45

Posted 23 July 2005 - 12:30 PM

New Member

Member
9 posts

I'm trying to remove spy sheriff from my computer. I ran ewido, ccleaner etc. and I am still getting the red "X" and notification in my toolbar. My Hijack this info is below. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 2:15:16 PM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Chris Campbell\Local Settings\Temp\Temporary
Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp]
c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook
Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} -
http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
- http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O21 - SSODL: Age of Empires 2.0 -
{35DEDA16-EE7E-41D1-EAEA-C8C6490B7AE9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Interface Service (HPConfig) -
Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program
Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: svchost.exe (moto) - Unknown owner -
C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

#2
g2i2r4

Posted 24 July 2005 - 09:22 AM

retired HiJack Helper

Retired Staff
5,080 posts

Welcome chrisk45 to Geeks to Go!

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!

***

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Reverse the process when you’ve carried out the advise.

***

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find the service.

Click once on the service to highlight it.

Click Stop

Right-Click on the service svchost.exe.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

***

Open HiJackThis
click on "None of the above, just start the program".
click on the "Config" button (bottom right),
click on "Misc Tools"
click on "Delete an NT Service" (a window will pop up)
Enter the below item into that field (make sure there are NO spaces before or after the name):

moto

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

***

Download SmitRem
your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\System32\vxh8jkdq2.exe
C:\WINDOWS\system32\init32m.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Edited by g2i2r4, 24 July 2005 - 09:25 AM.

#3
chrisk45

Posted 24 July 2005 - 05:01 PM

New Member

Topic Starter
Member
9 posts

Thanks for your help. The please review the various logs below:

HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 6:56:11 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Chris Campbell\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O21 - SSODL: Age of Empires 2.0 - {35DEDA16-EE7E-41D1-EAEA-C8C6490B7AE9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

SMITFILE

smitRem log file
version 2.2

by noahdfear

The current date is: Sun 07/24/2005
The current time is: 15:50:45.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

winstall.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

winstall.exe

~~~ Wininet.dll ~~~

CLEAN!

PANDA ACTIVESCAN LOG

Incident Status Location

Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\vx.tll
Adware:adware/topspyware No disinfected C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp
Adware:adware/azesearch No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PopUp Blocker.url
Adware:adware/spysheriff No disinfected C:\winstall.exe
Adware:adware/wupd No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIAACCX.DLL
Adware:adware/gator No disinfected HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPUBLISHER\CTLS
Adware:adware/mediatickets No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0\PPCIMDNNNJBEAHEPFABJIPFGINLOEDKG EGCKAK
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\00F2697D-306B-456C-83B7-1E66C1.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\013A6F2D-7749-4524-8FB0-AEC01D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\01B573D6-A0FC-443C-B1ED-79471E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\054CA7A7-73D7-4D4C-9F4F-D76FFB.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0846D9C6-4B30-4F6C-BF6D-202611.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\09702204-0061-48EC-AD4F-8EC71B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\10C0048D-DF39-4C3B-A809-8C921A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\140FAF05-A134-4CCD-B9E0-C7F03C.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\170D1BDE-E9C8-4EC8-963C-F7592B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\17D965DA-4757-40EC-AC51-9AE67A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\181BAE8F-2204-4480-8A1C-61CE3A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\188D270A-87AD-4283-80E4-ADFA87.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1B0E3EF8-3165-4F4B-81BA-08257D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1C0DDA1B-13FA-4314-BAF2-0158E2.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1CD953B7-3E20-48D8-B928-B03526.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1D3D4D31-677B-4FD8-8777-698805.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1DB92BB5-0E3F-41FD-9298-5588AD.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1EA9418F-2E1C-4AF5-8A5E-09D36C.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\23C7C98D-774E-4E1C-A204-24B839.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\24049149-BAD4-41E8-8D62-98B7B1.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2544FCB3-8BA8-47E5-AAAC-15C907.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2AF607EB-4BE2-444B-879C-9E94AB.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\35881320-CABF-4849-95CD-F85248.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3677419D-2409-4242-81FA-75626D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3CCE0C12-783A-4C49-B7B8-A6C2C7.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3E51E2F9-20A3-42F5-A672-1FD7CB.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3F72DD70-9D06-43AD-B998-C577B8.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\408BFDC4-05B2-4F68-A0CE-958293.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\40CCF8A8-C08D-4F83-8531-79721E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\42E50EE5-5401-457A-8A1F-3F2356.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4656BCE6-63D2-4010-A992-C86B30.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4DDDDDAD-93BE-4D8E-A8F0-900300.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\536E85C0-A70C-4E9C-AE9A-919493.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5392D65D-B538-4B9B-A281-F666F0.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5425917F-7000-4C41-B1D8-2B2E97.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5616B204-3C8D-478B-9D01-AF5575.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\56C30D3D-8800-44FF-AB6B-94ED36.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\584657B3-6ED1-4F45-86D3-A894A7.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\58EF5C97-1AE1-4F57-99E0-6A4419.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5BE45302-9C1B-4269-A5D7-EBD5ED.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5CD8D17D-28E3-4701-B579-D891E2.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\601D0EF4-1E3B-4DC8-81F6-76A4AC.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\60AD7CE0-6A0E-4A1F-AC2C-803CAE.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\618DADE0-93A9-48F5-A300-4E719D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6251FB58-A937-4D7C-B88D-9BAF91.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\62B17583-E857-4821-8799-58E6D5.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6453EE8C-2037-4755-8941-A05A96.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\678F5B56-8F66-41F1-A0C2-432E2A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\685FEE0D-4DC5-486D-808C-3E4A59.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6A86FB8B-1857-4A8C-A4EB-869E02.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6AB49D39-8515-4DC3-8254-CC0907.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6DD0CF67-3868-402D-B929-35184E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6DDAA4B6-EC13-4CC7-88B7-95B993.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6ED6CE3D-CA4E-4F0E-A25F-6410D3.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7249D824-4810-424C-9E0C-5C1E5E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\746A67B7-6478-4312-8C32-A63189.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\74AD1306-ACC7-4BAF-A559-658F55.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\74C04225-852D-4126-A8FB-B6579B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\754E6F54-4156-4AE5-BCA3-E5E09A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7669FCEB-947B-419D-BC8E-7F8FE2.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\770F64DE-5291-49B1-912D-EAC816.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\793230A9-CDA0-4F6A-95AF-8AA9E5.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7AD8D32F-9129-4CB7-B89F-33B8A7.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7C499629-0D7E-4687-8741-B7C05E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7D77FFC2-8AD7-48BD-81E2-BCDF7B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\80E4C7DE-DFA7-450B-9903-865614.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\825DD0FF-F3B6-4020-BCE8-455952.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\84BC353D-63FE-41B8-8390-3609B3.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\87260D6B-9CA1-4CAE-93E3-3348C1.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\87737A9B-8E11-494F-9540-4A6482.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\87DEA4FC-87CC-4FA7-A049-D4C310.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\88762213-C9C7-4DB3-9EFF-0C1506.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\89ACAE5A-5233-484C-B2FA-0A3C76.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8AC6C400-6E2A-4DBF-8595-C34ADE.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8BEE8E66-F34E-49F8-97B9-45585F.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8E8A9DC0-CAC5-4705-9F72-DD6BB1.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\901C4BFE-D80B-4875-91F8-AB5375.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\91AE7FB1-DFC1-44A3-AED4-0496D1.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\92C09D9A-D8C3-435F-B7E5-9D1368.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9345DB6F-D9A6-47D4-A45F-12F5C0.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\93C1B88E-1F4A-440E-95E1-32C52A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\95B2E1DB-AC12-4289-BC4B-239A9B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\975388C0-C2FA-4B52-B1DC-EB96F4.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9E996B2B-D60C-435E-B7AA-5C1FE5.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9F8FD028-37F7-455D-8FC0-5C633C.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A244FBD9-E1E7-4E05-B1AC-D71E12.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A62F378C-3C19-4229-8D9D-F2F9C0.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A92C7416-DD0C-4307-A299-1E92E1.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A99D397C-EA41-4B9C-BFA3-19F82F.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ABDB7B0A-571C-48FB-842E-B620DA.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AEA4BC24-1B29-4E84-82A4-CC1F8E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AEC44024-4151-4FEF-AA28-1BD912.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B02C30EE-275F-444E-BB72-0C380E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B174CE6B-7935-4157-B2B5-18DF6C.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B20B238E-C8CE-42E3-8C4D-7ADB90.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B49FA4C0-9672-4338-AB6D-EC0886.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B5A42CE2-F3A3-4BC3-87C3-771096.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B786B872-FA51-4E26-91B0-4E4372.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B7FAF10B-B7C9-423C-B6B0-B32BD6.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B90DE904-2E6E-4EEA-B375-743457.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BEB4022A-B7B0-49E2-852D-C81355.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C09AE8A3-135C-4864-8FB3-269A2A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C0AAEC9C-E34C-4BE9-8D12-CE8B8A.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C188B54D-6B99-4BDB-913B-AE5FD4.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C3261790-6D84-4243-A9B0-53DCA5.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C56975B8-4A89-4AFF-B389-427CCA.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C595F4D8-6886-4334-A97E-DAB936.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C92466EE-3993-4928-BF15-AE7969.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C92DBB57-D07C-4CD8-846F-8F08BC.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C9928B0B-ABAD-4F3E-B1B5-078288.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C9FF327E-C287-4BF1-AC91-4A1F29.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\CEB2C2E5-088B-4D3C-9F5F-209E26.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D0B49075-740A-45CC-97FA-8849E9.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D1E1DE83-7049-4FC4-BD43-F8A762.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D37596F1-298B-4654-B1ED-27DEF5.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D47A160A-16A2-4EC8-BC75-96EF45.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D4B3CA24-ECED-432E-BA53-67AB59.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D96A55C4-7326-4E0F-B243-4CDB4B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DB700A23-624A-49F6-A6A2-A7AF35.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DCC3A61E-5E0E-4EC6-B689-C55456.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E2975454-42B3-4A9F-85CA-FFD00D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E333C0D2-AAF1-4E8B-879C-A3004D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E348CD75-41C4-40BE-896A-5ABF0B.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E57B9F69-1FE0-4691-9807-69AF3E.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E897CB5F-B8D6-4449-97B8-210BB9.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E92BEA3E-D6EA-42B4-9895-1F9067.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EA7983D4-4C69-464F-8E3C-8EDD6D.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EBFB9FB3-4585-489A-96BB-616597.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EEB99F70-40C5-4A39-BBC3-7F51D9.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EF5FDAAD-A324-42CE-A60F-FFDCD6.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F5F92F22-5A46-4987-B280-1E9925.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F710D14A-B5B2-4961-BB8D-8AA6DF.asq
Virus:Trj/Downloader.DJV Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FB3A4C10-036B-45BB-9FAC-7D1949.asq
Adware:Adware/CWS.Aboutblank No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\vxgame6.exe
EWIDO LOG

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:49:12 PM, 7/24/2005
+ Report-Checksum: 23653A87

+ Scan result:

No infected objects found.

::Report End

#4
g2i2r4

Posted 25 July 2005 - 01:12 PM

retired HiJack Helper

Retired Staff
5,080 posts

We are nearly there. Let's remove some leftovers.

Please update AdAware SE 1.06 to the latest definitions.

Reboot to safe mode.

Run AdAware to do a full scan and remove items found in red.

Rerun the smitrem tool.

The HijackThis log is clean.

Reboot to normal mode.

Rescan using Panda.

Post me the smitfiles.txt and the latest scan using Panda to check.

#5
chrisk45

Posted 25 July 2005 - 07:40 PM

New Member

Topic Starter
Member
9 posts

Thanks again. I ran adware and removed all instances of unwanted files.

SMITFILE

smitRem log file
version 2.2

by noahdfear

The current date is: Mon 07/25/2005
The current time is: 18:33:15.86

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

winstall.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

winstall.exe

~~~ Wininet.dll ~~~

CLEAN!

PANDA SCAN

Incident Status Location

Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\vx.tll
Adware:adware/topspyware No disinfected C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp
Adware:adware/azesearch No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PopUp Blocker.url
Adware:adware/spysheriff No disinfected C:\winstall.exe
Adware:adware/wupd No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIAACCX.DLL
Adware:adware/gator No disinfected HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPUBLISHER\CTLS
Adware:adware/mediatickets No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0\PPCIMDNNNJBEAHEPFABJIPFGINLOEDKG EGCKAK
Adware:Adware/CWS.Aboutblank No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\vxgame6.exe

#6
g2i2r4

Posted 26 July 2005 - 01:49 PM

retired HiJack Helper

Retired Staff
5,080 posts

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\SYSTEM32\vx.tll
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PopUp Blocker.url
C:\winstall.exe
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\system32\vxgame6.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Open Notepad.
Copy the purple text to an empty file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIAACCX.DLL]

[-HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPUBLISHER\CTLS]

[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0\PPCIMDNNNJBEAHEPFABJIPFGINLOEDKG EGCKAK]

Save it to the desktop.
Name: panda.reg
type : all types

Close Notepad.

Double-click panda.reg
Grant permissions to add it to the Registry.

Reboot to normal mode. Can you rerun panda to see if it is clean?

#7
chrisk45

Posted 26 July 2005 - 10:51 PM

New Member

Topic Starter
Member
9 posts

I ran Panda again and these are my results...still not clean.

Incident Status Location

Adware:adware/azesearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\ZSEARCHCO
Adware:adware/mediatickets No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0\PPCIMDNNNJBEAHEPFABJIPFGINLOEDKG EGCKAK

#8
g2i2r4

Posted 27 July 2005 - 06:42 AM

retired HiJack Helper

Retired Staff
5,080 posts

IN IE go to TOOLS > Internet Options > click "delete files"

Open AntiSpyware and delete the DeactivatedItems.

Download CleanUp!.
If that doesn’t work, use this link.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Scan local drives for temporary files
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close.

Let the system reboot.

On reboot you may receive a message asking you if you want to uninstall mediatickets. We do want that.

Check:
c:\documents and setting\username\local settings\temp to see if it really emptie. Delete any leftovers (files and folders) if present.

***

Also do this please:
Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.

#9
chrisk45

Posted 27 July 2005 - 04:21 PM

New Member

Topic Starter
Member
9 posts

i ran cleanup and now my system is not performing properly. i the toolbars on all of my screens (IE, desktop, file folders) are no longer present or at a bare minimum........

#10
g2i2r4

Posted 27 July 2005 - 04:38 PM

retired HiJack Helper

Retired Staff
5,080 posts

rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.

Let me know if this helped.

#11
chrisk45

Posted 31 July 2005 - 07:39 PM

New Member

Topic Starter
Member
9 posts

When I change the settings it won't stick. I also can't get to my task manager.......

#12
g2i2r4

Posted 01 August 2005 - 12:12 PM

retired HiJack Helper

Retired Staff
5,080 posts

Download XP Styles by Miekiemoes.

Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else than that folder!

When moved it there, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.

If not, reboot first, and try again to select Windows XPstyle

Let me know if this helped.

#13
chrisk45

Posted 05 August 2005 - 12:41 PM

New Member

Topic Starter
Member
9 posts

XP Style is present, however when I choose it, click apply, and click ok it reverts to a modified theme......

#14
g2i2r4

Posted 05 August 2005 - 01:57 PM

retired HiJack Helper

Retired Staff
5,080 posts

The smitrem tool has been updated. Can you remove the smitrem from your computer and download the new version:

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Then reboot to safe mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.