Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Log

Unread postby cyberfreak » January 24th, 2006, 6:07 pm

Okay, I rebooted in normal mode and wasn't able to do anything from normal mode. It takes five minutes for anything to happen in normal mode. So I'm communicating with you from safe mode with networking.
I have a hijact this log, and an exido log, about buster says it successfully removed stuff but it didn't offer me a log and at the end it says it had an error : Run-time error '339' Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid. It says it found a CWS infection.

-----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:53:22 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Documents and Settings\nj\My Documents\hijackthis (1)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://home.microsoft.com/search/search.asp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\nj\My Documents\hijackthis (1)\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.368.36062\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6444716998
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (file missing)
-----------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:14:19 AM, 1/24/2006
+ Report-Checksum: 13DEB727

+ Scan result:

:mozilla.6:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.7:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.14:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.15:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.16:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.17:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.63:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.154:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.158:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.159:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.160:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.165:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.166:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.175:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.203:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.204:C:\Documents and Settings\nj\Application Data\Mozilla\Firefox\Profiles\10djl9tf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3F8CFA57-B4AB-4FA3-9D8E-9BE241\290B3F92-6637-4DE6-AA3D-8147C5 -> Spyware.SpywareNo : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3F8CFA57-B4AB-4FA3-9D8E-9BE241\2F0CC494-A8B1-494B-A0C8-67F311 -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3F8CFA57-B4AB-4FA3-9D8E-9BE241\47247B3D-987E-44B7-81A5-2D4E6F -> Adware.SpySheriff : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3F8CFA57-B4AB-4FA3-9D8E-9BE241\CB6D866E-2E82-43DB-8251-DB9208 -> Adware.SpySheriff : Cleaned with backup


::Report End
----------------------------------------


Ok what next, why is windows running so slow, and am I going to have to take it out back and shoot it?
cyberfreak
Regular Member
 
Posts: 32
Joined: January 14th, 2006, 10:51 pm
Advertisement
Register to Remove

Unread postby Rogue » January 25th, 2006, 1:06 am

Double post. http://www.malwareremoval.com/forum/viewtopic.php?t=6542
I'll notify Admin so nobody duplicates efforts
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware