Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud - Help[CLOSED]


  • This topic is locked This topic is locked

#31
lszou

lszou

    New Member

  • Member
  • Pip
  • 2 posts
Thanks very much, my display properties has returned to normal.
  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Did you remove SpySpotter as suggested in my previous post? If not, I highly recommend doing that... The smitfraud infection is gone so there may be something else wrong with your computer (corrupted system file(s), etc.)

Go to Start > Run and type:

sfc /scannow

*note* Make sure there is a space between sfc and /

This has to be done in normal mode, it won't work in Safe Mode. Also if your background is still black and you right-click on your desktop and go to properties and there are only 2 tabs, then there is a System folder with restrictions in them that hide the property tabs and prevent you from changing the desktop. I'll be right back!
  • 0

#33
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Copy everything in the code box below and paste it into Notepad. Make sure there is NO blank line above REGEDIT4 Change the "Save as type" to "All files" and save it as tabs.reg on your desktop. Close notepad.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Locate tabs.reg on your desktop and doubleclick on it. When it ask if you would like to merge it with the registry click YES.

Now right-click on your desktop and let me know if all your tabs are back and if you can change the background.
  • 0

#34
fixmenow

fixmenow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
:tazz: Great, Thanks ;)

The tabs are back and I changed the desktop.

I am not sure how much more needs to be done. What program/s would you advise for running anti spyware. I have the aol that obviously is not very effective. Should I purchase Ewido? I also subscibe to McAfee through AOL, is it worth it?

Thank you for your help and advice.
  • 0

#35
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Will you post a new HiJackThis log please. Are you still having problems running programs?

I'll give you a list of recommended anti-spyware after we make sure your computer is clean :tazz:

I really like Ewido, but the freeware version after the 14 day trial of the plus version is still great! So, that's up to you!
  • 0

#36
fixmenow

fixmenow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello

I am posting the hijack log below. You asked if I deleted spybot. I could not delete it automatically so I had to manually delete sub files and files. I hope that got it but I am not sure.

Logfile of HijackThis v1.99.1
Scan saved at 4:22:48 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://ramc.mlxchang...ectComboBox.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...77/mcinsctl.cab
O16 - DPF: {63BE9F48-B516-11D1-87CD-00A02476EC4D} (Labelselector Control) - http://rmls.rexplorer.net/rex$rea/cab/LabelSelector.cab
O16 - DPF: {6B1B6D11-E497-11D3-BE0C-005004AD2E83} (ImageStation Home Printing Control) - http://www.imagestat...rintActiveX.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://ramc.mlxchang...ClientUtils.cab
O16 - DPF: {845A8B24-D89F-11D1-9DA4-0080C885B976} (Galaxy PrintDC Class) - http://rmls.rexplorer.net/rex$rea/cab/Galaxy.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple...TSWeb/msrdp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,18/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...1.10/ttinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://hpeapps.doh.s...tivexviewer.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#37
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I hope you meant that you deleted SpySpotter and not SpyBot! Are you still having problems running programs?
  • 0

#38
fixmenow

fixmenow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Correct... Sypspotter and not Spybot.

Things seem to be running well. There are programs that will not run in normal mode such as hijack.
  • 0

#39
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HiJackThis and place a check next to the following item and click FIX CHECKED:

O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot

Close HiJackThis.

Delete this folder if it's still there:
C:\Program Files\SpySpotter

After that, your log is clean. Did you run the sfc /scannow from my previous post?
  • 0

#40
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP