Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trogan.Win32.Vapsup.nli


  • This topic is locked This topic is locked
2 replies to this topic

#1 BIOHAZARD_78

BIOHAZARD_78

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 03 December 2008 - 12:16 PM

My machine is infected and I'm unsure of how to remove it. Assistance will be greatly appreciated.

Kaspersky says:

Trojan.Win32.Vapsup.nli
C:\Program Files (x86)\Mozilla Firefox\components\nsoffersfortoday.dll

-------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by eric.stevenson at 2008-12-03 12:05:32
Microsoft® Windows Server® 2008 Standard Service Pack 1
System drive C: has 56 GB (37%) free of 153 GB
Total RAM: 8125 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:41 PM, on 12/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\eric.stevenson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: MagicDisc.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://NVIC666.NVICORP.local (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://nvicsrv02.nvicorp.local:4343/office...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://nvicsrv02.nvicorp.local:4343/office...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://nvicsrv02.nvicorp.local:4343/office...stall/setup.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://nvicsrv02.nvicorp.local:4343/office.../RemoveCtrl.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://nvicsrv02.nvicorp.local:4343/SMB/co...root/AtxEnc.cab
O16 - DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in) - http://nvicsrv06/wfcstatic/plugins/jre-1_5...dows-i586-p.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://nvic666.nvicorp.local:1024/VirtualS...tiveXClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NVICORP.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NVICORP.local
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\Windows\system32\vmms.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files (x86)\UltraVNC\WinVNC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11486 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2008-10-28 153008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-08-01 1282048]
"DWPersistentQueuedReporting"=C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE [2007-08-24 437160]
"WinVNC"=C:\Program Files (x86)\UltraVNC\WinVNC.exe [2008-08-30 1544768]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader\Reader_sl.exe [2008-06-12 34672]
"UnlockerAssistant"=C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe []
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2008-09-19 185896]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
"VMware hqtray"=C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [2008-08-08 55856]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2008-11-24 2741680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

C:\Users\eric.stevenson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
RASSFM

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"ShowSuperHidden"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d90c927-78f9-11dd-9b33-001ec946a647}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42a821b-79b7-11dd-8407-001ec946a647}]
shell\AutoRun\command - K:\SETUP.EXE
shell\configure\command - K:\SETUP.EXE
shell\install\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4389e51-6e02-11dd-b168-001ec946a647}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2009-11-27 08:20:29 ----A---- C:\Windows\system32\idmmbc.dll
2008-12-03 12:05:33 ----D---- C:\Program Files (x86)\trend micro
2008-12-03 12:05:32 ----D---- C:\rsit
2008-12-02 15:12:47 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-02 15:12:47 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2008-11-26 14:27:37 ----D---- C:\Users\eric.stevenson\AppData\Roaming\Mozilla
2008-11-26 10:00:03 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-26 10:00:03 ----A---- C:\Windows\system32\connect.dll
2008-11-26 10:00:02 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 10:00:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 10:00:02 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 10:00:01 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-20 12:56:29 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2008-11-18 16:19:46 ----A---- C:\Windows\system32\wups.dll
2008-11-18 16:19:45 ----A---- C:\Windows\system32\wudriver.dll
2008-11-18 16:19:45 ----A---- C:\Windows\system32\wuapi.dll
2008-11-18 16:19:44 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-18 16:19:44 ----A---- C:\Windows\system32\wuapp.exe
2008-11-18 10:08:54 ----D---- C:\ProgramData\Hewlett-Packard
2008-11-12 06:16:50 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 06:16:49 ----A---- C:\Windows\system32\msxml6.dll
2008-11-11 12:58:16 ----D---- C:\vLite
2008-11-11 11:45:03 ----D---- C:\pebuilder3110a
2008-11-11 10:51:08 ----D---- C:\Program Files (x86)\vLite
2008-11-11 09:43:47 ----D---- C:\nLite
2008-11-11 09:40:24 ----D---- C:\Program Files (x86)\nLite
2008-11-10 14:12:22 ----A---- C:\Windows\system32\cont_offersfortoday-remove.exe
2008-11-10 14:12:07 ----A---- C:\Windows\system32\qqiufxdhmhg.exe
2008-11-10 11:10:18 ----D---- C:\Users\eric.stevenson\AppData\Roaming\Amazon
2008-11-10 11:09:04 ----D---- C:\Program Files (x86)\Amazon
2008-11-10 08:58:36 ----D---- C:\Users\eric.stevenson\AppData\Roaming\Google
2008-11-10 08:50:50 ----D---- C:\Program Files (x86)\Google
2008-11-07 10:14:48 ----D---- C:\Users\eric.stevenson\AppData\Roaming\Move Networks
2008-11-07 07:45:59 ----D---- C:\Windows\Minidump
2008-11-06 15:31:05 ----D---- C:\Users\eric.stevenson\AppData\Roaming\VMware
2008-11-06 15:28:44 ----A---- C:\Windows\system32\vmnetdhcp.exe
2008-11-06 15:28:41 ----A---- C:\Windows\system32\vmnat.exe
2008-11-06 15:28:20 ----D---- C:\ProgramData\VMware
2008-11-06 15:28:20 ----D---- C:\Program Files (x86)\VMware
2008-11-06 15:28:19 ----D---- C:\Program Files (x86)\Common Files\VMware
2008-11-06 15:20:22 ----D---- C:\Users\eric.stevenson\AppData\Roaming\moka5
2008-11-06 15:20:22 ----D---- C:\ProgramData\moka5

======List of files/folders modified in the last 1 months======

2008-12-03 12:05:41 ----D---- C:\Windows\Prefetch
2008-12-03 12:05:33 ----RD---- C:\Program Files (x86)
2008-12-03 12:05:07 ----RD---- C:\Downloads
2008-12-03 10:49:42 ----D---- C:\Windows\Temp
2008-12-03 10:40:30 ----D---- C:\Windows\System32
2008-12-03 10:40:30 ----D---- C:\Windows\inf
2008-12-03 10:35:18 ----D---- C:\Users\eric.stevenson\AppData\Roaming\DMCache
2008-12-02 15:12:47 ----HD---- C:\ProgramData
2008-12-02 15:12:14 ----SHD---- C:\Windows\Installer
2008-12-02 15:12:12 ----RSD---- C:\Windows\Fonts
2008-12-02 15:12:12 ----D---- C:\Program Files (x86)\Solid Edge Viewer V20
2008-12-02 14:55:03 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2008-12-02 14:55:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-11-27 03:06:57 ----D---- C:\Program Files (x86)\Internet Download Manager
2008-11-27 03:05:14 ----D---- C:\Windows\SysWOW64
2008-11-26 14:27:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-11-26 14:27:39 ----D---- C:\Windows
2008-11-26 10:06:11 ----D---- C:\ProgramData\Microsoft Help
2008-11-26 10:06:03 ----D---- C:\Windows\winsxs
2008-11-26 07:52:40 ----D---- C:\Users\eric.stevenson\AppData\Roaming\IDM
2008-11-26 07:51:19 ----D---- C:\Program Files (x86)\Minefield
2008-11-20 14:00:51 ----D---- C:\Windows\ccmsetup
2008-11-20 12:56:51 ----D---- C:\Users\eric.stevenson\AppData\Roaming\Adobe
2008-11-20 12:56:29 ----D---- C:\Program Files (x86)\Common Files
2008-11-20 12:56:28 ----D---- C:\ProgramData\Adobe
2008-11-20 12:46:44 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-11-20 12:44:21 ----D---- C:\Program Files (x86)\Adobe
2008-11-20 12:42:13 ----D---- C:\Windows\rescache
2008-11-18 16:20:05 ----D---- C:\Windows\system32\en-US
2008-11-11 12:55:06 ----RD---- C:\Program Files
2008-11-10 09:28:36 ----SD---- C:\Users\eric.stevenson\AppData\Roaming\Microsoft
2008-11-06 15:28:26 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 hvboot;Hypervisor/Virtual Machine Support Driver; C:\Windows\system32\drivers\hvboot.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys []
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [2007-03-23 24880]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
R3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
R3 isoparser;@%systemroot%\system32\drivers\isoparser.sys,-10010; C:\Windows\system32\drivers\isoparser.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 255424]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 passthruparser;@%systemroot%\system32\drivers\passthruparser.sys,-10010; C:\Windows\system32\drivers\passthruparser.sys []
R3 storvsp;Microsoft Virtual Disk Server Driver; C:\Windows\system32\DRIVERS\storvsp.sys []
R3 vhdbus;Microsoft Virtual Server Storage Bus; C:\Windows\system32\DRIVERS\vhdbus.sys []
R3 vhdparser;@%systemroot%\system32\drivers\vhdparser.sys,-10010; C:\Windows\system32\drivers\vhdparser.sys []
R3 Vid;Virtualization Infrastructure Driver; C:\Windows\system32\DRIVERS\Vid.sys []
R3 vmbus;Virtual Machine Bus; C:\Windows\system32\DRIVERS\vmbus.sys []
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
R3 VMSMP;Microsoft Virtual Network Switch Adapter; C:\Windows\system32\DRIVERS\vmswitch.sys []
S3 axmqc85a;axmqc85a; C:\Windows\system32\drivers\axmqc85a.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 VMSP;Microsoft Virtual Network Switch Protocol; C:\Windows\system32\DRIVERS\vmswitch.sys []
S3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\drivers\bxvbda.sys []
S4 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 ioatdma;Intel® QuickData Technology Device; C:\Windows\system32\drivers\qd260x64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 s3cap;Microsoft Emulated S3 Device Cap Driver; C:\Windows\system32\drivers\s3cap.sys []
S4 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S4 UMPass;Microsoft UMPass Driver; C:\Windows\system32\drivers\umpass.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ccmsetup;ccmsetup; C:\Windows\ccmsetup\ccmsetup.exe [2007-08-16 612216]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe []
R2 nvspwmi;@%systemroot%\system32\nvspwmi.dll,-10812; C:\Windows\system32\svchost -k nvspwmi []
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 vhdsvc;@%systemroot%\system32\vhdsvc.dll,-16022; C:\Windows\system32\svchost -k virtsvcs []
R2 Virtual Server;Virtual Server; C:\Program Files\Microsoft Virtual Server\vssrvc.exe [2007-05-24 6018936]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2008-08-08 109104]
R2 vmms;@%systemroot%\system32\vmms.exe,-10; C:\Windows\system32\vmms.exe []
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-08-08 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-08-08 150064]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 winvnc;VNC Server; C:\Program Files (x86)\UltraVNC\WinVNC.exe [2008-08-30 1544768]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-20 654848]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 vmh;Virtual Machine Helper; C:\Program Files\Microsoft Virtual Server\vmh.exe [2007-05-24 269208]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696]
S3 FCRegSvc;@%SystemRoot%\system32\FCRegSvc.dll,-5000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 RSoPProv;@gpapi.dll,-114; C:\Windows\system32\RSoPProv.exe []
S3 sacsvr;@%systemroot%\system32\sacsvr.dll,-500; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 slanAccel;SAN/LAN Transfer Virtualization Accelerator; C:\Windows\System32\slanAccel.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-03 12:05:42

======Uninstall list======

-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ACDSee 9 Photo Manager-->MsiExec.exe /X{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis Disk Director Server-->MsiExec.exe /X{F0E8F664-CAC6-4104-A4F9-4373F0633495}
Add or Remove Adobe Creative Suite 3 Web Premium-->C:\Program Files (x86)\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Setup.exe
Adobe Acrobat 8 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{5764B025-75A6-4EBE-95A6-BF46974A8E0E}
Contextual Tool Offersfortoday-->C:\Windows\system32\cont_offersfortoday-remove.exe
GMail Drive Shell Extension-->rundll32.exe C:\Windows\system32\ShellExt\GMailFS.dll,Uninstall C:\Windows\system32\ShellExt\GMailFS.inf
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Magic ISO Maker v5.3 (build 0225)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRO /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{90120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Trial-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nLite 1.4.9.1-->"C:\Program Files (x86)\nLite\unins000.exe"
PE Builder 3.1.10a-->"c:\pebuilder3110a\unins000.exe"
PSC WebClient 10.1C-->C:\Program Files (x86)\InstallShield Installation Information\{205CA278-0133-4680-BCBA-C73B736300A6}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RON Tool Offersfortoday-->C:\Windows\system32\qqiufxdhmhg.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Visio 2007 (KB947590)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
SequoiaView-->C:\Program Files\SequoiaView\Uninstal.exe
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Visio 2007 Help (KB957251)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {24F43C74-6200-432B-98C7-85AC1CF1A7AF}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0014-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Windows Imaging\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:16 PM

Posted 15 December 2008 - 10:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:16 PM

Posted 25 December 2008 - 03:13 PM

Due to the lack of feedback, this Topic is now closed.

In you still have problems, please Start a new topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users