Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijack this log

Unread postby globalgaming » March 18th, 2009, 8:11 pm

computer is slow
evan after i lear cache
cannot run housecall get error



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:49 PM, on 3/18/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://buyreturnsnow.com/smf3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Mister Wong - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} - http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra 'Tools' menuitem: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} - http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra 'Tools' menuitem: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra button: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} - http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra 'Tools' menuitem: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} - http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D96F96-157B-499D-9A19-D5A0EDE5B74A}: NameServer = 68.94.156.1 206.13.30.12
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8476 bytes
globalgaming
Active Member
 
Posts: 3
Joined: March 17th, 2009, 1:52 pm
Advertisement
Register to Remove

Re: hijack this log

Unread postby Shaba » March 28th, 2009, 9:09 am

Hi globalgaming and sorry for delay.

If you still need help, please post next a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log

Unread postby globalgaming » March 28th, 2009, 7:18 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:59 PM, on 3/28/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://buyreturnsnow.com/smf3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Mister Wong - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} - http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra 'Tools' menuitem: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} - http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra button: Add to folkd.com - {5AFEB5C2-0729-44C8-ABD7-9207A416010B} - C:\Program Files\Folkd-Browser-Extension\WebBand.dll
O9 - Extra button: folkd.com - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\Program Files\Folkd-Browser-Extension\WebBand.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra 'Tools' menuitem: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra button: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} - http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra 'Tools' menuitem: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} - http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D96F96-157B-499D-9A19-D5A0EDE5B74A}: NameServer = 68.94.156.1 206.13.30.12
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8832 bytes
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
This is the new scan hijack this .
less than 5 minutes ago
globalgaming
Active Member
 
Posts: 3
Joined: March 17th, 2009, 1:52 pm

Re: hijack this log

Unread postby Shaba » March 29th, 2009, 2:09 am

  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log

Unread postby globalgaming » March 29th, 2009, 6:29 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by prefered at 2009-03-29 03:13:23
Microsoft® Windows Vista™ Home Basic
System drive C: has 50 GB (66%) free of 76 GB
Total RAM: 894 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:58 AM, on 3/29/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\prefered\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\prefered.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://buyreturnsnow.com/smf3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Mister Wong - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} - http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra 'Tools' menuitem: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} - http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra button: Add to folkd.com - {5AFEB5C2-0729-44C8-ABD7-9207A416010B} - C:\Program Files\Folkd-Browser-Extension\WebBand.dll
O9 - Extra button: folkd.com - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\Program Files\Folkd-Browser-Extension\WebBand.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra 'Tools' menuitem: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} - http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra button: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} - http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra 'Tools' menuitem: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} - http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D96F96-157B-499D-9A19-D5A0EDE5B74A}: NameServer = 68.94.156.1 206.13.30.12
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9168 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{4EE868AD-AC3F-417F-8D18-EAC134B38C78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}]
StumbleUpon Launcher - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-12-02 1185096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-02 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-02 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-02 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-02 251504]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-12-02 1185096]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-11-29 1006264]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2009-02-27 374000]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-02-27 271600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2007-06-06 79368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-29 03:13:23 ----D---- C:\rsit
2009-03-18 21:31:01 ----D---- C:\Program Files\Folkd-Browser-Extension
2009-03-18 15:14:06 ----D---- C:\Users\prefered\AppData\Roaming\InstallShield
2009-03-17 22:09:56 ----D---- C:\Users\prefered\AppData\Roaming\Sun
2009-03-17 21:22:04 ----A---- C:\Windows\system32\javaws.exe
2009-03-17 21:22:04 ----A---- C:\Windows\system32\javaw.exe
2009-03-17 21:22:04 ----A---- C:\Windows\system32\java.exe
2009-03-17 21:20:45 ----D---- C:\Program Files\Java
2009-03-17 21:16:43 ----D---- C:\Program Files\Common Files\Java
2009-03-17 10:37:06 ----D---- C:\Program Files\Trend Micro
2009-03-13 14:18:45 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-03-29 03:13:42 ----D---- C:\Windows\Prefetch
2009-03-29 03:13:36 ----D---- C:\Windows\Temp
2009-03-29 02:33:36 ----D---- C:\Windows\tracing
2009-03-28 14:55:17 ----SHD---- C:\System Volume Information
2009-03-28 13:57:49 ----D---- C:\Windows\System32
2009-03-28 13:57:48 ----D---- C:\Windows\inf
2009-03-28 13:57:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-28 10:19:26 ----D---- C:\Program Files\Mozilla Firefox
2009-03-27 11:03:18 ----RD---- C:\Program Files
2009-03-22 15:42:31 ----D---- C:\Windows\system32\WDI
2009-03-18 16:36:22 ----D---- C:\Windows
2009-03-18 15:18:05 ----D---- C:\Windows\system32\drivers
2009-03-18 15:17:57 ----D---- C:\Windows\system32\catroot
2009-03-18 15:16:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-17 21:28:18 ----SHD---- C:\Windows\Installer
2009-03-17 21:16:43 ----D---- C:\Program Files\Common Files
2009-03-17 00:58:50 ----D---- C:\Windows\system32\catroot2
2009-03-13 14:18:56 ----D---- C:\Windows\Minidump
2009-03-10 16:07:51 ----D---- C:\Windows\winsxs
2009-03-07 03:11:21 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2008-08-06 72184]
R1 VETEFILE;VET File Scan Engine; C:\Windows\system32\drivers\VETEFILE.sys [2008-12-06 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\Windows\system32\drivers\VETFDDNT.sys [2009-02-27 21488]
R1 VET-FILT;VET File System Filter; C:\Windows\system32\drivers\VET-FILT.sys [2009-02-27 26352]
R1 VETMONNT;VET File Monitor; C:\Windows\system32\drivers\VETMONNT.sys [2009-02-27 161008]
R1 VET-REC;VET File System Recognizer; C:\Windows\system32\drivers\VET-REC.sys [2009-02-27 21104]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-11-29 14208]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2008-10-21 203768]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 VETEBOOT;VET Boot Scan Engine; C:\Windows\system32\drivers\VETEBOOT.sys [2008-12-06 108368]
S3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-11-01 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-02-27 128240]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-09-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-09-02 289272]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-02-27 292080]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-02-27 259312]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-02 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-03-29 03:14:09

======Uninstall list======

-->MsiExec.exe /X{166478EA-A017-43C0-BE42-7560BD5A646B}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
CA Anti-Virus-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
folkd IE Browser Extension 0.40 gamma-->"C:\Program Files\Folkd-Browser-Extension\uninstall.exe"
Full Tilt Poker.Net-->"C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0009 -removeonly
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mister Wong Toolbar-->C:\Program Files\Mister Wong\Uninstall.exe
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Spurl.net-->MsiExec.exe /X{D1353FE0-8846-4B2F-BA25-1931C4D6937F}
StumbleUpon IE Toolbar-->C:\Program Files\StumbleUpon\uninstall.exe
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Wyzo 0.5.3-->C:\Program Files\Wyzo\uninst.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

200.124.131.116 casinocontroller.com

======Security center information======

AV: CA Anti-Virus
AS: Windows Defender

======System event log======

Computer Name: prefered-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 39356
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090328205049.000000-000
Event Type: Warning
User:

Computer Name: prefered-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 39357
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090328205101.000000-000
Event Type: Warning
User:

Computer Name: prefered-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
to the user prefered-PC\prefered SID (S-1-5-21-3714868822-800702114-1746234850-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 39375
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090328205445.000000-000
Event Type: Error
User: prefered-PC\prefered

Computer Name: prefered-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
to the user prefered-PC\prefered SID (S-1-5-21-3714868822-800702114-1746234850-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 39395
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090328232310.000000-000
Event Type: Error
User: prefered-PC\prefered

Computer Name: prefered-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016369AF643. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 39436
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090329093153.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: prefered-PC
Event Code: 0
Message:
Record Number: 6958
Source Name: AtBroker
Time Written: 20090326171416.000000-000
Event Type: Warning
User:

Computer Name: prefered-PC
Event Code: 0
Message:
Record Number: 6959
Source Name: AtBroker
Time Written: 20090326171416.000000-000
Event Type: Warning
User:

Computer Name: prefered-PC
Event Code: 0
Message:
Record Number: 6960
Source Name: AtBroker
Time Written: 20090326171416.000000-000
Event Type: Warning
User:

Computer Name: prefered-PC
Event Code: 20227
Message: CoID={B9964002-341A-4E03-9983-464A7627A3CB}: The user prefered-PC\prefered dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.
Record Number: 7029
Source Name: RasClient
Time Written: 20090327155722.000000-000
Event Type: Error
User:

Computer Name: prefered-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4218f393-bedb-4203-9aaf-66cb5297139d}
Record Number: 7076
Source Name: VSS
Time Written: 20090327180135.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: prefered-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 12055
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329093226.566314-000
Event Type: Audit Failure
User:

Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12056
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.013901-000
Event Type: Audit Failure
User:

Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12057
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.096904-000
Event Type: Audit Failure
User:

Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12058
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.186742-000
Event Type: Audit Failure
User:

Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12059
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.268768-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1

-----------------EOF-----------------
globalgaming
Active Member
 
Posts: 3
Joined: March 17th, 2009, 1:52 pm

Re: hijack this log

Unread postby Shaba » March 29th, 2009, 7:31 am

Reason for slowness is here:

Total RAM: 894 MB (34% free)

You have a little RAM for Vista. So my recommendation is to add more.

I can also suggest which startup programs you can disable if you like to?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log

Unread postby NonSuch » April 4th, 2009, 3:48 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware