Got the same spysheriff problem

kideka · 06-19-2005, 08:18 AM

I did use ad-Aware SE personnal and spybot to recover my pc. However, i am not sure tht did i clean it all? N i still hav some problems can't slove by myself. Plx Help!~

i dun why my bar is like this now (down)...i can't change the colour to the noraml xp form. N also, many software are gone in the right down there......dun know where they gone.
Also, i find tht i hard 2 download from internet N I can't use the link on the internet (with blue colour) and can't use java.
Many thanks!~
kideka

sUBs · 06-19-2005, 09:29 AM

Please download HiJackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HiJackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit "Scan" and then click on "Save log".
3. Post the HiJackThis.log file here. Do not fix anything in HiJackThis since they may be harmless.

kideka · 06-19-2005, 10:44 AM

do u mean like this?

Logfile of HijackThis v1.99.1
Scan saved at 5:39:44:PM, on 19/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\ICQ\Icq.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B4BD976-8E83-4535-B41C-60D6E2BD66B3}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

sUBs · 06-19-2005, 11:06 AM

Your list seems incomplete.
Please do not remove entries from it nor run it in Safe Mode. It should be run from Normal Windows mode.

Kindly furnish us with another copy.

Thank you.

kideka · 06-19-2005, 03:24 PM

no. i got it from normal mode. I post it 2 u again.
I found tht the main problem is i can't use the pc smoothly. It seems like alright, but i am still worrying abt it.
First, i dun know how to set the control bar( in the bottle) back 2 normal form. The colour and style is different than be4.
Second, I can't use flashget automatically when everytime i check down via flashget on right chick.
All software had stopped by something. But most of them are opening with windows start up be4.

Logfile of HijackThis v1.99.1
Scan saved at 10:17:38:PM, on 19/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B4BD976-8E83-4535-B41C-60D6E2BD66B3}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Lookin forward the sloution

sUBs · 06-19-2005, 03:34 PM

I don't see any signs of SpySheriff in your log. Please tell me why you believe that you're infected with it.

Have you been fixing it on your own using HiJackThis? Please list down the entries you have fixed...

kideka · 06-19-2005, 05:02 PM

i am not knowledge in pc. So could u tell me how to slove the above problems.
the first question is:

The second question is:

Sorry to ask so many questions. But i really need some helps!~
Many thanks

sUBs · 06-19-2005, 11:05 PM

We have a slight communication problem. Nevertheless, I will still endeavour to help you as best as I can.

From what I have been able to understand, these are your current problems..

Javascript is not working
Flashget isn't working as intended
You have a problem with Desktop display.
Some of the programs that are supposed to autostart with Windows aren't doing so. These programs aren't appearing in you system notification area.

Here's what I suggest you do...

~~~~~~~~~~~~~~~

# Problem 1

Go to this site >> http://jdl.sun.com/webapps/getjava/B...ww.java.com:80. Install Sun Java on your machine. That should resolve your java troubles..

~~~~~~~~~~~~~~~

# Problem 2

Close all other windows.
Run a HiJackThis Scan & Select(tick) the following, if present:

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

Click "Fix checked" for HJT to fix them

To regain functionality of Flashget, you'll may have to re-install it.

~~~~~~~~~~~~~~~

# Problem 3

Right click this & choose "Save As...". Save it as RepairDesktop.reg to Desktop.

Double click RepairDesktop.reg & answer "Yes" when asked to merge into the Registry.

Right click on your Desktop and go to Properties. Next go to Desktop tab>Customize Desktop button>Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.

Reboot your computer

~~~~~~~~~~~~~~~

# Problem 4

I can't help you unless I know what programs are supposed to be there. You have to provide me with a list of these programs.

~~~~~~~~~~~~~~~

After you have rebooted your computer, I want you to do an online scan at one of the following:

Take note the names and locations of any file it detects but fails to clean.

Note: Turn off the real time scanner of any existing antivirus program while performing the online scan

Run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply.

In your next post, please include:

Copy of KRC HijackThis Analyzer log
Ewido's log
List of files that online scans failed to disinfect

kideka · 06-20-2005, 03:02 AM

this is my up-dated log.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:59

AM, on 20/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B4BD976-8E83-4535-B41C-60D6E2BD66B3}: NameServer = 205.188.146.145

End of KRC HijackThis Analyzer Log.

sUBs · 06-20-2005, 03:06 AM

How are your problems coming along? Did the online scanner come up with any results?

kideka · 06-20-2005, 03:53 AM

no, it has no result which is abt virus.

sUBs · 06-20-2005, 03:56 AM

How is your computer behaving now?

kideka · 06-20-2005, 01:29 PM

The problem/ trouble i am now facing are:

From the pics, u can see that the mode is still in troditional mode. I hav no idea wht should i do to fix it.

Tht is wht i want 2 be.

And also, i still can't use all the links which are with java.
The download becomes extremely slow now

But anyway, U r a nice man. Give me many suggestions and ideas which are helpful and useful. Thanks a lot.

MicroBell · 06-20-2005, 01:51 PM

RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop.

Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.

Right click on the desktop..select properties...desktop..customize desktop...web..and uncheck anything listed. Now highlight and delete any entry that says security..or anything other then the default "My Current Homepage". Leave that entry be.

Now click on "Theme's" and in the box select "Windows XP" theme and click apply. Then click on "Appearence" tab and make sure "Windows XP" is selected in the Windows and Buttons box.

If that doesn't work or Windows XP theme is missing....

Download the Luna theme from either of these sites:

http://users.pandora.be/bluepatchy/luna.zip
http://castlecops.com/zx/flrman1/luna.zip
http://www.greyknight17.com/spy/luna.zip
http://www.kellys-korner-xp.com/regs.../Resources.zip

Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else other than that folder!

When moved it there, rightclick on your desktop > properties ... and look if Windows XP style is now present again. Choose apply and OK.

Reboot the PC

You should now be able to choose XP Theme for your desktop. Let me know the outcome.

kideka · 06-20-2005, 03:02 PM

thanks!~ i solved it out now.

however, I am still logging with the java's problem.
For example, i can't chick the link on the hotmail in the left hand size. e.g. inbox, sent item, rubblish,etc.
I did post it in the above.
But anyway, thanks a lot!~

06-19-2005, 08:18 AM	#1 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	Got the same spysheriff problem I did use ad-Aware SE personnal and spybot to recover my pc. However, i am not sure tht did i clean it all? N i still hav some problems can't slove by myself. Plx Help!~ i dun why my bar is like this now (down)...i can't change the colour to the noraml xp form. N also, many software are gone in the right down there......dun know where they gone. Also, i find tht i hard 2 download from internet N I can't use the link on the internet (with blue colour) and can't use java. Many thanks!~ kideka

06-19-2005, 09:29 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	Please download HiJackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HiJackThis.exe there. Double click on the program to run it. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit *"Scan"* and then click on *"Save log". 3. Post the HiJackThis.log file here. Do not fix anything in HiJackThis since they may be harmless*. __________________ Question - what have you done for the community today?

06-19-2005, 11:06 AM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	Your list seems incomplete. Please do not remove entries from it nor run it in Safe Mode. It should be run from Normal Windows mode. Kindly furnish us with another copy. Thank you. __________________ Question - what have you done for the community today?

06-19-2005, 03:34 PM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	I don't see any signs of SpySheriff in your log. Please tell me why you believe that you're infected with it. Have you been fixing it on your own using HiJackThis? Please list down the entries you have fixed... __________________ Question - what have you done for the community today? Last edited by sUBs; 06-19-2005 at 03:43 PM.

06-19-2005, 11:05 PM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	We have a slight communication problem. Nevertheless, I will still endeavour to help you as best as I can. From what I have been able to understand, these are your current problems.. Javascript is not working Flashget isn't working as intended You have a problem with Desktop display. Some of the programs that are supposed to autostart with Windows aren't doing so. These programs aren't appearing in you system notification area. Here's what I suggest you do... ~~~~~~~~~~~~~~~ # Problem 1 Go to this site >> http://jdl.sun.com/webapps/getjava/B...ww.java.com:80. Install Sun Java on your machine. That should resolve your java troubles.. ~~~~~~~~~~~~~~~ # Problem 2 Close all other windows. Run a HiJackThis Scan & Select(tick) the following, if present: O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) Click "Fix checked" for HJT to fix them To regain functionality of Flashget, you'll may have to re-install it. ~~~~~~~~~~~~~~~ # Problem 3 Right click this & choose *"Save As...". Save it as RepairDesktop.reg* to Desktop. Double click RepairDesktop.reg & answer *"Yes"* when asked to merge into the Registry. Right click on your Desktop and go to Properties. Next go to Desktop tab>Customize Desktop button>Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK. Reboot your computer ~~~~~~~~~~~~~~~ # Problem 4 I can't help you unless I know what programs are supposed to be there. You have to provide me with a list of these programs. ~~~~~~~~~~~~~~~ After you have rebooted your computer, I want you to do an online scan at one of the following: Panda BitDefender Take note the names and locations of any file it detects but fails to clean. Note: Turn off the real time scanner of any existing antivirus program while performing the online scan Run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. In your next post, please include: Copy of KRC HijackThis Analyzer log Ewido's log List of files that online scans failed to disinfect __________________ Question - what have you done for the community today?

06-19-2005, 10:44 AM	#3 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	do u mean like this? Logfile of HijackThis v1.99.1 Scan saved at 5:39:44:PM, on 19/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AOL Companion\companion.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\Program Files\ICQ\Icq.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\HJT\HijackThis.exe O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B4BD976-8E83-4535-B41C-60D6E2BD66B3}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

06-19-2005, 03:24 PM	#5 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	no. i got it from normal mode. I post it 2 u again. I found tht the main problem is i can't use the pc smoothly. It seems like alright, but i am still worrying abt it. First, i dun know how to set the control bar( in the bottle) back 2 normal form. The colour and style is different than be4. Second, I can't use flashget automatically when everytime i check down via flashget on right chick. All software had stopped by something. But most of them are opening with windows start up be4. Logfile of HijackThis v1.99.1 Scan saved at 10:17:38:PM, on 19/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B4BD976-8E83-4535-B41C-60D6E2BD66B3}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe Lookin forward the sloution

06-19-2005, 05:02 PM	#7 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	i am not knowledge in pc. So could u tell me how to slove the above problems. the first question is: The second question is: Sorry to ask so many questions. But i really need some helps!~ Many thanks

06-20-2005, 03:02 AM	#9 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	this is my up-dated log. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:59AM, on 20/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\AOL 9.0b\waol.exe C:\Program Files\AOL 9.0b\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O8 - Extra context menu item: 使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B4BD976-8E83-4535-B41C-60D6E2BD66B3}: NameServer = 205.188.146.145 End of KRC HijackThis Analyzer Log.

06-20-2005, 03:06 AM	#10 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	How are your problems coming along? Did the online scanner come up with any results? __________________ Question - what have you done for the community today?

06-20-2005, 03:53 AM	#11 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	no, it has no result which is abt virus.

06-20-2005, 03:56 AM	#12 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	How is your computer behaving now? __________________ Question - what have you done for the community today?

06-20-2005, 01:29 PM	#13 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	The problem/ trouble i am now facing are: From the pics, u can see that the mode is still in troditional mode. I hav no idea wht should i do to fix it. Tht is wht i want 2 be. And also, i still can't use all the links which are with java. The download becomes extremely slow now But anyway, U r a nice man. Give me many suggestions and ideas which are helpful and useful. Thanks a lot.

06-20-2005, 01:51 PM	#14 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop. Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES. Right click on the desktop..select properties...desktop..customize desktop...web..and uncheck anything listed. Now highlight and delete any entry that says security..or anything other then the default "My Current Homepage". Leave that entry be. Now click on "Theme's" and in the box select "Windows XP" theme and click apply. Then click on "Appearence" tab and make sure "Windows XP" is selected in the Windows and Buttons box. If that doesn't work or Windows XP theme is missing.... Download the Luna theme from either of these sites: http://users.pandora.be/bluepatchy/luna.zip http://castlecops.com/zx/flrman1/luna.zip http://www.greyknight17.com/spy/luna.zip http://www.kellys-korner-xp.com/regs.../Resources.zip Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna Don't move it to anywhere else other than that folder! When moved it there, rightclick on your desktop > properties ... and look if Windows XP style is now present again. Choose apply and OK. Reboot the PC You should now be able to choose XP Theme for your desktop. Let me know the outcome. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder Last edited by sUBs; 08-27-2005 at 07:41 PM.

06-20-2005, 03:02 PM	#15 (permalink)
kideka Registered User Join Date: Jun 2005 Posts: 12 OS: xp pro. sp2	thanks!~ i solved it out now. however, I am still logging with the java's problem. For example, i can't chick the link on the hotmail in the left hand size. e.g. inbox, sent item, rubblish,etc. I did post it in the above. But anyway, thanks a lot!~