Jump to content
CCleaner Community Forums

Bujar

Experienced Members
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Bujar

  • Rank
    Member
  1. Hi, I am having a problem with Microsoft Office.I wanted to update it,when the update finnished and the installation started it asked me for windows office 2003 cd,which i dont have,so i pressed cancel.Now when i try to open any excel or word files i can't do that ,cause when i click enter that installation window opens so i click cancel. Any sugestion of what should i do? Heres what regseeker found with name recovery which is related to my problem i belive,anyone now what can i deltete to solve that problem:
  2. I belive i solved the problem. I opened excel through Start/Run,it opened and i went on Help meny and clicked Detect and reapir and i selected only "Discard my customized settings and restore default settings" and clicked Start,than it told me to close all office files, i did so,and it did something...now excel is working the only thing is that it has removed my customized settings from all my office programs so i had to make few changes,it also restored default settings on Outlook(which i use for my email)which was quite bad ,it took a while until i customized it ,the worst thing was that i lost all my contacts,so i had to add them manually,i couldn't find the nowhere(should they have been saved somewhere else?).But now that is working without any problem. So yes everything seems fine now. Thanks for your replays guys
  3. But why should i reinstall Microsoft Office? I never uninstall it! The reason why this happened is that on microsoft Outlook 2002 under Help menu i clicked "Detect And Repair.."....and i got that message than i clicked cancel... Is the only why to fix this problem to reinstall the whole Ofiice again?, there most by another why to fix this(i hope). Edit:One more thing ,i am abble to open Word,Power Point.... and other office documents,but i'm not abble to open Excel documents only!
  4. When i try to open Excel and Word files i am geting this:I_pres_cancel_here_since_I_don.doc I have always been able to open them without any problem but now i cant do it anymore!? How can i stop this? I_pres_cancel_here_since_I_don.doc
  5. I have restarted my modem few times ,that dosen't solve the problem,and i have nothing else pluged in my pc,and there is only one pc pluged on internet
  6. I have a broadband connection whith modem
  7. Sorry but that dosen't solve the problem either!
  8. thanks for you replys cowboy ...that's skype...thats not dangeraous...but is there anyone else on this forum who can sugest me something?
  9. i have posted an hijack this log file here,but everything seems to be fine according to logfile,so i don't know where the problem is!
  10. I have contacted my ISP to ask why i have these problems with internet(when i try to send attachments through outlook ,the whole internet connection stops,and time after time my internet connection is stoping...its like something is steeling my internet connection) and they said everything is fine,they also doubt that something could be steeling my internet connection,some unwanted program,software...! So can you please tell me how/where can i find out why am i having these problems with internet? I have scaned my pc with up to date versions of Ad-Aware Se,Norman Antivirus and CCleaner...i regulary scan my pc with these,but these didn't solve the problem. Please see if you can help Thanks Bujar
  11. I'm glad my machine is finnaly cleaned.And i thank you so much for your great assistance. I will follow all the steps you mentioned,so i can prevent my machine from getting infected. Again,thanks very much. Whish you all the best. Bujar
  12. Panda: Incident Status Location Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[.com.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Sami\Application Data\Mozilla\Firefox\Profiles\wwsvb58v.default\cookies.txt[.spylog.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sami\Cookies\sami@atdmt[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sami\desctops\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sami\My Documents\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sami\My Documents\SmitfraudFix.zip[smitfraudFix/Process.exe] Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Potentially unwanted tool:Application/Processor Not disinfected C:\unzipped\SmitfraudFix\SmitfraudFix\Process.exe Logfile of HijackThis v1.99.1 Scan saved at 4:20:04.MD, on 09-06-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijacthis\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6B2A2F-3046-4633-8CDB-B449261EFD4D}: NameServer = 82.114.64.3,82.114.64.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  13. Here are my reports: SmitFraudFix v2.45 Scan done at 14:06:57,21, 07-06-2006 Run from C:\unzipped\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] ???????????????????????? Killing process ???????????????????????? Deleting infected files ???????????????????????? Deleting Temp Files ???????????????????????? Registry Cleaning Registry Cleaning done. ???????????????????????? End Logfile of HijackThis v1.99.1 Scan saved at 2:02:12.MD, on 07-06-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\WinZip\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6B2A2F-3046-4633-8CDB-B449261EFD4D}: NameServer = 82.114.64.3,82.114.64.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  14. Sorry for the late reply ,i haven't been in front of PC for a long time.Anyway here are my scan reports: SmitFraudFix v2.45 Scan done at 15:18:18,67, 26-05-2006 Run from C:\Documents and Settings\Sami\My Documents\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] ???????????????????????? C:\ ???????????????????????? C:\WINDOWS ???????????????????????? C:\WINDOWS\system ???????????????????????? C:\WINDOWS\Web ???????????????????????? C:\WINDOWS\system32 C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! ???????????????????????? C:\Documents and Settings\Sami\Application Data ???????????????????????? Start Menu ???????????????????????? C:\DOCUME~1\Sami\FAVORI~1 ???????????????????????? Desktop ???????????????????????? C:\Program Files ???????????????????????? Corrupted keys ???????????????????????? Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://images.ratemybody.com/mainPics/b/be/BerrySexay_thumb.jpg"'>http://images.ratemybody.com/mainPics/b/be/BerrySexay_thumb.jpg" "SubscribedURL"="http://images.ratemybody.com/mainPics/b/be/BerrySexay_thumb.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://images.ratemybody.com/mainPics/b/be/BerrySexay.jpg"'>http://images.ratemybody.com/mainPics/b/be/BerrySexay.jpg" "SubscribedURL"="http://images.ratemybody.com/mainPics/b/be/BerrySexay.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" ???????????????????????? Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware" [HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32] @="C:\WINDOWS\System32\sbnudh.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32] @="C:\WINDOWS\System32\sbnudh.dll" ???????????????????????? Scanning wininet.dll infection ???????????????????????? End KASPERSKY ON-LINE SCANNER REPORT Friday, May 26, 2006 4:59:41 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 26/05/2006 Kaspersky Anti-Virus database records: 196482 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 40655 Number of viruses found 23 Number of infected objects 83 Number of suspicious objects 0 Duration of the scan process 00:41:43 Infected Object Name Virus Name Last Action C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\WPUFC5QV\hbtools[1].exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\WPUFC5QV\hbtools[1].exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\WPUFC5QV\hbtools[1].exe NSIS: infected - 2 skipped C:\Program Files\2search\get.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\Program Files\2search\main.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\Program Files\2search\uninstall.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\Program Files\IM Names\1.exe/data.rar/main.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\Program Files\IM Names\1.exe/data.rar/uninstall.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\Program Files\IM Names\1.exe/data.rar/get.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\Program Files\IM Names\1.exe/data.rar/2search.dll Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\Program Files\IM Names\1.exe/data.rar Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\Program Files\IM Names\1.exe RarSFX: infected - 5 skipped C:\Program Files\IM Names\IM-svr.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped C:\Program Files\IM Names\IMNames.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped C:\Program Files\IM Names\main.exe Infected: not-a-virus:AdWare.Win32.2Search.g skipped C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:AdWare.Win32.MySearch.g skipped C:\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.q skipped C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped C:\Program Files\Starware\bin\Starware.dll Infected: not-a-virus:AdWare.Win32.Comet.ay skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP49\A0032282.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/IM-svr.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/IMNames.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/main.exe Infected: not-a-virus:AdWare.Win32.2Search.g skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/1.exe/data.rar/main.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/1.exe/data.rar/uninstall.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/1.exe/data.rar/get.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/1.exe/data.rar/2search.dll Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/1.exe/data.rar Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar/1.exe Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe/data.rar Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP67\A0041916.exe RarSFX: infected - 10 skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP68\A0041939.dll Infected: not-a-virus:AdWare.Win32.Comet.ay skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP68\A0041940.dll Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044028.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044029.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044030.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044032.exe/data.rar/main.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044032.exe/data.rar/uninstall.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044032.exe/data.rar/get.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044032.exe/data.rar/2search.dll Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044032.exe/data.rar Infected: not-a-virus:AdWare.Win32.2Search.f skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044032.exe RarSFX: infected - 5 skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044033.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044034.exe Infected: not-a-virus:AdWare.Win32.2Search.g skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044035.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped C:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP77\A0047159.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped D:\Buci\Programe\Warwsi\New WinZip File.zip/WarezP2P_DLC.exe/stream/data0038 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\Buci\Programe\Warwsi\New WinZip File.zip/WarezP2P_DLC.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\Buci\Programe\Warwsi\New WinZip File.zip/WarezP2P_DLC.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\Buci\Programe\Warwsi\New WinZip File.zip ZIP: infected - 3 skipped D:\Buci\Programe\Warwsi\WarezP2P.exe/stream/data0040 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\Buci\Programe\Warwsi\WarezP2P.exe/stream/data0041 Infected: not-a-virus:AdWare.Win32.Lop.ai skipped D:\Buci\Programe\Warwsi\WarezP2P.exe/stream Infected: not-a-virus:AdWare.Win32.Lop.ai skipped D:\Buci\Programe\Warwsi\WarezP2P.exe NSIS: infected - 3 skipped D:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044039.exe/stream/data0040 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044039.exe/stream/data0041 Infected: not-a-virus:AdWare.Win32.Lop.ai skipped D:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044039.exe/stream Infected: not-a-virus:AdWare.Win32.Lop.ai skipped D:\System Volume Information\_restore{00A29188-831D-40E3-A72E-E0B9401D21AA}\RP76\A0044039.exe NSIS: infected - 3 skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 4:23:38.MD, on 29-05-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\IM Names\IM-svr.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Sami\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...jk1x83abx9kn1dQ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...sSUF9ADMervFCs= R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\System32\hp1BF8.tmp (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [iMprocess] C:\Program Files\IM Names\IM-svr.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm185YYYU O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6B2A2F-3046-4633-8CDB-B449261EFD4D}: NameServer = 82.114.64.3,82.114.64.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  15. Before i scaned the pc with hijack this ,i have scaned it with Ewido Anti-Malware than with SmitfraudFix,almost in the same way as you are saying,and heres my scan repoprt of SmitfraudFix: SmitFraudFix v2.45 Scan done at 18:29:51,60, 22-05-2006 Run from C:\Documents and Settings\Sami\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] ???????????????????????? Killing process ???????????????????????? Deleting infected files C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\Sami\FAVORI~1\Antivirus Test Online.url Deleted ???????????????????????? Deleting Temp Files ???????????????????????? Registry Cleaning Registry Cleaning done. ???????????????????????? End Also after i did all those scanings (with Ewido Anti-Malware and SmitfraudFix and last one with HijackThis),i don't seem to have those pop-ups showing on the desktop telling me i'm infected,i should download antispyware...,so i don't know ,it could be that those scanings have cleaned my machine.
×
×
  • Create New...