SmartSecurity problem

[sindchg]

Hi All,

I'm  facing this  "SmartSecurity" problem in my pc, It covered my original desktop screen and disable the "right click" and also the display property.

Here is my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 12:19:44 PM, on 03/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
E:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ULTRAE~1\uedit32.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Borland\Delphi 3\BIN\delphi32.exe
C:\WinPos RFP Install1\ePointRFP.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Microsoft AntiSpyware helper - {37D6DCE7-85A1-4C99-B20F-E002187F6393} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {37D6DCE7-85A1-4C99-B20F-E002187F6393} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A0316590-19E2-417C-80F6-62402D7782AD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A0316590-19E2-417C-80F6-62402D7782AD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BF531648-A3E2-409C-B6B3-E11B2F25D2E8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BF531648-A3E2-409C-B6B3-E11B2F25D2E8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C71171FC-4E25-4F57-9BD0-5101E6E41429} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C71171FC-4E25-4F57-9BD0-5101E6E41429} - (no file) (HKCU)
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://211.152.52.102/duba/antiscan/update/OCX/KAVClean.CAB
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINNT\System32\CTSVCCDA.EXE (file missing)
O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Unknown owner - E:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Please help and thank you very much  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />
Sind

[guestolo]

Sorry for the delay

Download Registrar Lite from here:
http://www.resplendence.com/download/reglite.exe

Put it in its own folder

Copy and paste the following text in bold into the address bar of RegLite, then hit 'Go':
or manually navigate to the User Shell Folders key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

With the User Shell Folders highlighted
You should see entries on the Right Hand side
Let me know if DESKTOP has a value set as
%USERPROFILE%\Desktop

or is it just \Desktop
or is it set too
%ALLUSERSPROFILE%\Desktop
Do you see others on the right hand side with the %ALLUSERSPROFILE% value
Eg....Custom Desktop


Could you also put the next bolded entry into RegLite and hit GO
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

Left click once to Highlight Policies
Click FILE at the top and then EXPORT
Name the file as Policies
and save it to a folder of your choice

Navigate to the file you exported>>It will be named
Policies.reg
Left click once on Policies.reg to Highlight it
and then use FILE>>>EDIT at the top to open it
Copy and paste the contents of Policies.reg back here

Along with a fresh hijackthis log