Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Taskbar Changed [CLOSED]


  • This topic is locked This topic is locked

#1
Stelth2k1

Stelth2k1

    Member

  • Member
  • PipPipPip
  • 121 posts
My task bar has changed when i got the spysheriff thing and now i cant change it back to normal i can change my wallpaper and everything else but i think it might have deleted the setting or something please help.
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Have you sorted out spysheriff or do you still have it?
  • 0

#3
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
i sorted it out, but i think it deleted something on start menu or something got deleted in the process of removing it
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Reboot pc

Is it now repaired?
  • 0

#5
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
i tried that already and it did not fix it, is there anything else i can do?

BTW thanks for helping me out i really appreciate it.
  • 0

#6
Guest_usetobe_*

Guest_usetobe_*
  • Guest
post a hjt log in this thread
  • 0

#7
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:47:28 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\vaca.dat (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://members.freewebs.com
O15 - Trusted Zone: http://members13.freewebs.com
O15 - Trusted Zone: http://members14.freewebs.com
O15 - Trusted Zone: www.freewebs.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.co...ml/gtdownlr.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098306767654
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downlo...ESS_1058_XP.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: acav - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\vaca.dat (file missing)
O20 - Winlogon Notify: accmain - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\niamcca.dat (file missing)
O20 - Winlogon Notify: bakiis - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\siikab.dat (file missing)
O20 - Winlogon Notify: bakkb - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\bkkab.dat (file missing)
O20 - Winlogon Notify: cabeula - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\aluebac.dat (file missing)
O20 - Winlogon Notify: cdisk - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\ksidc.dat (file missing)
O20 - Winlogon Notify: cmdfont - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\tnofdmc.dat (file missing)
O20 - Winlogon Notify: diskmc - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\cmksid.dat (file missing)
O20 - Winlogon Notify: disknut - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\tunksid.dat (file missing)
O20 - Winlogon Notify: drvlog - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\golvrd.dat (file missing)
O20 - Winlogon Notify: ipnut - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\tunpi.dat (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
  • 0

#8
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Click here to download luna

Unzip it and using windows explorer, MOVE the luna.msstyles which is present in that folder you unzipped to this folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else than that folder!

When you have moved it there, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.

If not, reboot first, and try again to select Windows XPstyle

Let me know if they works
  • 0

#9
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Yup it works, thanks so much usetobe for helping me and spending time to resolve my probleml i really appreciate it thanks a lot.

By the way can you tell me how that happened/why?
  • 0

#10
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We haven't finished yet, i'm working on your log
  • 0

#11
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
ok
  • 0

#12
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Cleanup from here:
Cleanup. Do not run it yet.

Set up PC to show hidden files.(Click link if you do not know how)
Show hidden files

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. This may take some time, so go grab a coffee. Once it finds the first issue tick the box for all. Post the log from the scan here for me.

Then please run HijackThis, click Scan, and check:

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\vaca.dat (file missing)
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downlo...ESS_1058_XP.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: acav - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\vaca.dat (file missing)
O20 - Winlogon Notify: accmain - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\niamcca.dat (file missing)
O20 - Winlogon Notify: bakiis - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\siikab.dat (file missing)
O20 - Winlogon Notify: bakkb - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\bkkab.dat (file missing)
O20 - Winlogon Notify: cabeula - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\aluebac.dat (file missing)
O20 - Winlogon Notify: cdisk - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\ksidc.dat (file missing)
O20 - Winlogon Notify: cmdfont - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\tnofdmc.dat (file missing)
O20 - Winlogon Notify: diskmc - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\cmksid.dat (file missing)
O20 - Winlogon Notify: disknut - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\tunksid.dat (file missing)
O20 - Winlogon Notify: drvlog - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\golvrd.dat (file missing)
O20 - Winlogon Notify: ipnut - C:\DOCUME~1\PETERM~1.000\LOCALS~1\Temp\tunpi.dat (file missing)


Ensure no windows open except HJT and click fix checked.

Using windows explorer locate and delete the following if found

C:\winstall.exe

Now run cleanup to clear out temp files and junk

Reboot pc normaly and rescan with HJT and post the log back together with the ewido log
  • 0

#13
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
will do thanks
  • 0

#14
Stelth2k1

Stelth2k1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
im doing that test now should be done in an hour sorry but i could not do it before i was gone for a while
  • 0

#15
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP