Now, with all windows closed except
HiJackThis, click "
Fix checked".
Locate and
delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
Search for...
%SystemRoot%\system32\mobsync.exe
...using "
Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
-
[your name].
Message Edited by zbestwun2001 on 04-29-2005 05:35 PM
Hi, i have execute your procedure. But, in the screen property, i still miss interface(screen saver, desktop). CWShredder didnt find anything and there are no "Webrelated" in my add/remove program. Here's my HijackThis log now.
Logfile of HijackThis v1.99.1 Scan saved at 09:10:00, on 2005-05-16 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Open this link and save it to your desktop in Notepad.
Smitfraud
Fix Reg File
# After you have saved it to your desktop, double-click on the smitfraud.reg file
on your Desktop. When it asks if you want to merge the information, allow
it to do so.
# Reboot and you can now change your desktop properties back to the way you
want to. If you have trouble with some settings, click on the Themes tab
in the display settings and change the theme to Windows 2000 to
use the default settings
Now post a new log and see if that Smitfraud has disappeared?
After you have saved it to your desktop, double-click on the smitfraud.reg file on your Desktop. When it asks if you want to merge the information, allow it to do so.
Reboot and you can now change your desktop properties back to the way you want to. If you have trouble with some settings, click on the Themes tab in the display settings and change the theme to Windows 2000 to use the default settings
Now post a new log and see if that Smitfraud has disappeared?
zbestwun2001
3 Apprentice
•
8.8K Posts
0
April 29th, 2005 23:00
Download, unzip to your desktop CWShredder and run it, then:
1. Click " Check For Update"
( If an update isn't available, skip to step #4.)
2. Click " Click here to Download the upate".
3. When the new version has been downloaded, click " Save".
4. Click " Fix ->"
Go to Add/Remove programs and remove(uninstall) the following, if present:
Web Related
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup155.cab
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
Search for...
%SystemRoot%\system32\mobsync.exe
...using " Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
[your name].
Message Edited by zbestwun2001 on 04-29-2005 05:35 PM
Denillenium
10 Posts
0
May 16th, 2005 12:00
Hi,
i have execute your procedure. But, in the screen property, i still miss interface(screen saver, desktop). CWShredder didnt find anything and there are no "Webrelated" in my add/remove program. Here's my HijackThis log now.
Logfile of HijackThis v1.99.1
Scan saved at 09:10:00, on 2005-05-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\userinit.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = DEVINCI2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\program files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {60B469BF-625D-4515-A929-9C8EB2AE953C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60B469BF-625D-4515-A929-9C8EB2AE953C} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = devinci.com
O17 - HKLM\Software\..\Telephony: DomainName = devinci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = devinci.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 16th, 2005 12:00
Let's try and clear up the Smitfraud problem
Open this link and save it to your desktop in Notepad.
Smitfraud
Fix Reg File
# After you have saved it to your desktop, double-click on the smitfraud.reg file
on your Desktop. When it asks if you want to merge the information, allow
it to do so.
# Reboot and you can now change your desktop properties back to the way you
want to. If you have trouble with some settings, click on the Themes tab
in the display settings and change the theme to Windows 2000 to
use the default settings
Now post a new log and see if that Smitfraud has disappeared?
Then post a new log and we will go from there.
Steve
Denillenium
10 Posts
0
May 18th, 2005 12:00
Which link? You dont have a link in you message.
Thanks
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 18th, 2005 13:00
Open this link and save it to your desktop in Notepad.
Smitfraud
Fix Reg File
on your Desktop. When it asks if you want to merge the information, allow
it to do so.
want to. If you have trouble with some settings, click on the Themes tab
in the display settings and change the theme to Windows 2000 to
use the default settings
Now post a new log and see if that Smitfraud has disappeared?
Then post a new log and we will go from there.
Steve