Logfile of random's system information tool 1.06 (written by random/random)
Run by prefered at 2009-03-29 03:13:23
Microsoft® Windows Vista™ Home Basic
System drive C: has 50 GB (66%) free of 76 GB
Total RAM: 894 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:58 AM, on 3/29/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\prefered\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\prefered.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://buyreturnsnow.com/smf3/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Spurl! -
http://www.spurl.net/rclick.phpO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Mister Wong -
http://www.mister-wong.de/_stuff/toolbar_ie/en/2.htmlO8 - Extra context menu item: StumbleUpon PhotoBlog It! -
res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} -
http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra 'Tools' menuitem: Mister Wong - {11607749-0F7E-4096-B930-D5DEBAE0E281} -
http://www.mister-wong.de/_stuff/toolbar_ie/en/1.html (file missing)
O9 - Extra button: Add to folkd.com - {5AFEB5C2-0729-44C8-ABD7-9207A416010B} - C:\Program Files\Folkd-Browser-Extension\WebBand.dll
O9 - Extra button: folkd.com - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\Program Files\Folkd-Browser-Extension\WebBand.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} -
http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra 'Tools' menuitem: Bookmark this site - {A155F079-EE37-4149-B33B-8CBD12A2D39A} -
http://www.mister-wong.de/_stuff/toolbar_ie/en/2.html (file missing)
O9 - Extra button: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} -
http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra 'Tools' menuitem: Favorites - {C40F2310-B898-47fb-9E19-3326285CF42C} -
http://www.mister-wong.de/_stuff/toolbar_ie/en/3.html (file missing)
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} -
http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} -
http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://signin3.valueactive.eu/Register ... lashax.cabO16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) -
http://cainternetsecurity.net/scanner/cascanner.cabO16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) -
https://plugins.valueactive.eu/flashax/iefax.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{F2D96F96-157B-499D-9A19-D5A0EDE5B74A}: NameServer = 68.94.156.1 206.13.30.12
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 9168 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{4EE868AD-AC3F-417F-8D18-EAC134B38C78}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}]
StumbleUpon Launcher - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-12-02 1185096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-02 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-02 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-02 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-02 251504]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-12-02 1185096]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-11-29 1006264]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2009-02-27 374000]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-02-27 271600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2007-06-06 79368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-03-29 03:13:23 ----D---- C:\rsit
2009-03-18 21:31:01 ----D---- C:\Program Files\Folkd-Browser-Extension
2009-03-18 15:14:06 ----D---- C:\Users\prefered\AppData\Roaming\InstallShield
2009-03-17 22:09:56 ----D---- C:\Users\prefered\AppData\Roaming\Sun
2009-03-17 21:22:04 ----A---- C:\Windows\system32\javaws.exe
2009-03-17 21:22:04 ----A---- C:\Windows\system32\javaw.exe
2009-03-17 21:22:04 ----A---- C:\Windows\system32\java.exe
2009-03-17 21:20:45 ----D---- C:\Program Files\Java
2009-03-17 21:16:43 ----D---- C:\Program Files\Common Files\Java
2009-03-17 10:37:06 ----D---- C:\Program Files\Trend Micro
2009-03-13 14:18:45 ----A---- C:\Windows\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2009-03-29 03:13:42 ----D---- C:\Windows\Prefetch
2009-03-29 03:13:36 ----D---- C:\Windows\Temp
2009-03-29 02:33:36 ----D---- C:\Windows\tracing
2009-03-28 14:55:17 ----SHD---- C:\System Volume Information
2009-03-28 13:57:49 ----D---- C:\Windows\System32
2009-03-28 13:57:48 ----D---- C:\Windows\inf
2009-03-28 13:57:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-28 10:19:26 ----D---- C:\Program Files\Mozilla Firefox
2009-03-27 11:03:18 ----RD---- C:\Program Files
2009-03-22 15:42:31 ----D---- C:\Windows\system32\WDI
2009-03-18 16:36:22 ----D---- C:\Windows
2009-03-18 15:18:05 ----D---- C:\Windows\system32\drivers
2009-03-18 15:17:57 ----D---- C:\Windows\system32\catroot
2009-03-18 15:16:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-17 21:28:18 ----SHD---- C:\Windows\Installer
2009-03-17 21:16:43 ----D---- C:\Program Files\Common Files
2009-03-17 00:58:50 ----D---- C:\Windows\system32\catroot2
2009-03-13 14:18:56 ----D---- C:\Windows\Minidump
2009-03-10 16:07:51 ----D---- C:\Windows\winsxs
2009-03-07 03:11:21 ----SD---- C:\Windows\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2008-08-06 72184]
R1 VETEFILE;VET File Scan Engine; C:\Windows\system32\drivers\VETEFILE.sys [2008-12-06 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\Windows\system32\drivers\VETFDDNT.sys [2009-02-27 21488]
R1 VET-FILT;VET File System Filter; C:\Windows\system32\drivers\VET-FILT.sys [2009-02-27 26352]
R1 VETMONNT;VET File Monitor; C:\Windows\system32\drivers\VETMONNT.sys [2009-02-27 161008]
R1 VET-REC;VET File System Recognizer; C:\Windows\system32\drivers\VET-REC.sys [2009-02-27 21104]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-11-29 14208]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2008-10-21 203768]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 VETEBOOT;VET Boot Scan Engine; C:\Windows\system32\drivers\VETEBOOT.sys [2008-12-06 108368]
S3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-11-01 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-02-27 128240]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-09-10 1141240]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-10-21 801272]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-09-02 289272]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-02-27 292080]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-02-27 259312]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-02 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-03-29 03:14:09
======Uninstall list======
-->MsiExec.exe /X{166478EA-A017-43C0-BE42-7560BD5A646B}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
CA Anti-Virus-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
folkd IE Browser Extension 0.40 gamma-->"C:\Program Files\Folkd-Browser-Extension\uninstall.exe"
Full Tilt Poker.Net-->"C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0009 -removeonly
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mister Wong Toolbar-->C:\Program Files\Mister Wong\Uninstall.exe
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Spurl.net-->MsiExec.exe /X{D1353FE0-8846-4B2F-BA25-1931C4D6937F}
StumbleUpon IE Toolbar-->C:\Program Files\StumbleUpon\uninstall.exe
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Wyzo 0.5.3-->C:\Program Files\Wyzo\uninst.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Hosts File======
200.124.131.116 casinocontroller.com
======Security center information======
AV: CA Anti-Virus
AS: Windows Defender
======System event log======
Computer Name: prefered-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 39356
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090328205049.000000-000
Event Type: Warning
User:
Computer Name: prefered-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 39357
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090328205101.000000-000
Event Type: Warning
User:
Computer Name: prefered-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
to the user prefered-PC\prefered SID (S-1-5-21-3714868822-800702114-1746234850-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 39375
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090328205445.000000-000
Event Type: Error
User: prefered-PC\prefered
Computer Name: prefered-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
to the user prefered-PC\prefered SID (S-1-5-21-3714868822-800702114-1746234850-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 39395
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090328232310.000000-000
Event Type: Error
User: prefered-PC\prefered
Computer Name: prefered-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016369AF643. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 39436
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090329093153.000000-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: prefered-PC
Event Code: 0
Message:
Record Number: 6958
Source Name: AtBroker
Time Written: 20090326171416.000000-000
Event Type: Warning
User:
Computer Name: prefered-PC
Event Code: 0
Message:
Record Number: 6959
Source Name: AtBroker
Time Written: 20090326171416.000000-000
Event Type: Warning
User:
Computer Name: prefered-PC
Event Code: 0
Message:
Record Number: 6960
Source Name: AtBroker
Time Written: 20090326171416.000000-000
Event Type: Warning
User:
Computer Name: prefered-PC
Event Code: 20227
Message: CoID={B9964002-341A-4E03-9983-464A7627A3CB}: The user prefered-PC\prefered dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.
Record Number: 7029
Source Name: RasClient
Time Written: 20090327155722.000000-000
Event Type: Error
User:
Computer Name: prefered-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4218f393-bedb-4203-9aaf-66cb5297139d}
Record Number: 7076
Source Name: VSS
Time Written: 20090327180135.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: prefered-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 12055
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329093226.566314-000
Event Type: Audit Failure
User:
Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12056
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.013901-000
Event Type: Audit Failure
User:
Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12057
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.096904-000
Event Type: Audit Failure
User:
Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12058
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.186742-000
Event Type: Audit Failure
User:
Computer Name: prefered-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\KmxAgent.sys
Record Number: 12059
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329101346.268768-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
-----------------EOF-----------------