Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen from Malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 dgbeeby

dgbeeby

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 03 December 2008 - 07:52 AM

Hi there,

I'm wondering if you could please help with a huge problem with my next door neighbours computer.
They recently had what i think is a huge amount of malware on there computer which has been causing their computer to crash and get a blue screen crush memory dump.
I have been able to use "Maleware Bytes anti-Malware" on their computer to remove "Antivirus 2009" infection as was instructed in the spyware removal section of Bleepingcomputer.com
I have since tried to install ad-adware 2008 and spybot on their computer but without success as they either won't run in "safe mode" or when i try and install them in "normal mode" the computer
turns to blue screen before getting through the installation.

I am now at a bit of a loose end and would really appreciate any assistance in the matter.
I have made sure they have their firewall up now and
I have managed to get a log with RSIT in normalmode and info text file in safemode as can be seen here:




Windows Vista NORMAL MODE log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by GCN1 at 2008-12-03 12:16:16
Microsoft® Windows Vista™ Home Premium
System drive C: has 68 GB (47%) free of 144 GB
Total RAM: 766 MB (26% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - GCN1.job
C:\Windows\tasks\Recovery DVD Creator.job
C:\Windows\tasks\User_Feed_Synchronization-{F10D4E7B-0AE6-4872-9756-3A4F0F4F448C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-08 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-15 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-16 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-10-10 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-07 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-07 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-07 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-08-25 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-08-25 81920]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-09-04 2524416]
"ACROMOUSE"=C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe [2005-04-29 554496]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-08 185872]
"Waiting1690"=C:\Windows\stid1690.exe [2007-06-05 60416]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-10-10 1232896]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed955472-3d1e-11dc-ac55-806e6f6e6963}]
shell\AutoRun\command - D:\autohtml.exe /s


======List of files/folders created in the last 1 months======

2008-12-03 12:07:15 ----D---- C:\rsit
2008-12-03 12:07:15 ----D---- C:\Program Files\trend micro
2008-12-03 11:34:31 ----D---- C:\Program Files\Lavasoft
2008-12-03 11:34:03 ----SHD---- C:\Config.Msi
2008-12-03 11:31:50 ----D---- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-12-03 11:16:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 11:11:43 ----D---- C:\ProgramData\Lavasoft
2008-12-01 21:04:20 ----D---- C:\Windows\Minidump
2008-12-01 20:29:48 ----D---- C:\Users\GCN1\AppData\Roaming\Download Manager
2008-12-01 20:05:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware1
2008-11-26 09:11:05 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-26 09:11:05 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 09:11:04 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-26 09:11:02 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 09:11:01 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 09:11:00 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 09:10:54 ----A---- C:\Windows\system32\connect.dll
2008-11-23 16:44:57 ----SHD---- C:\found.000
2008-11-23 09:53:56 ----D---- C:\Program Files\MyWebSearch(8)
2008-11-22 12:18:08 ----D---- C:\Program Files\Legacy of Kain - Defiance
2008-11-18 10:07:09 ----A---- C:\Windows\system32\wups2.dll
2008-11-18 10:07:09 ----A---- C:\Windows\system32\wucltux.dll
2008-11-18 10:07:09 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-18 10:07:08 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-18 10:06:09 ----A---- C:\Windows\system32\wups.dll
2008-11-18 10:06:09 ----A---- C:\Windows\system32\wudriver.dll
2008-11-18 10:06:09 ----A---- C:\Windows\system32\wuapi.dll
2008-11-18 10:05:51 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-18 10:05:51 ----A---- C:\Windows\system32\wuapp.exe
2008-11-16 23:38:37 ----D---- C:\ProgramData\Google
2008-11-15 22:38:30 ----D---- C:\Users\GCN1\AppData\Roaming\Google
2008-11-15 22:36:25 ----D---- C:\ProgramData\Google Updater
2008-11-15 22:36:23 ----D---- C:\Program Files\Google
2008-11-15 19:13:57 ----D---- C:\Program Files\Common Files\INCA Shared
2008-11-15 18:24:30 ----D---- C:\Ntreev
2008-11-15 13:42:44 ----D---- C:\ProgramData\GameHouse
2008-11-13 18:40:02 ----D---- C:\ProgramData\SSScanAppDataDir
2008-11-13 18:39:49 ----D---- C:\ProgramData\MSScanAppDataDir
2008-11-12 10:37:51 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 10:37:50 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-12 10:37:46 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 10:37:45 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-11 17:03:26 ----D---- C:\Banesoft
2008-11-10 15:54:38 ----D---- C:\Program Files\JPEG Camera
2008-11-09 22:23:26 ----D---- C:\ProgramData\Zylom
2008-11-08 23:09:43 ----A---- C:\Windows\cdplayer.ini
2008-11-08 23:08:37 ----D---- C:\Program Files\Common Files\xing shared
2008-11-08 23:08:28 ----A---- C:\Windows\system32\rmoc3260.dll
2008-11-08 23:08:12 ----A---- C:\Windows\system32\pndx5032.dll
2008-11-08 23:08:12 ----A---- C:\Windows\system32\pndx5016.dll
2008-11-08 23:08:09 ----D---- C:\Program Files\Real
2008-11-08 23:08:08 ----A---- C:\Windows\system32\pncrt.dll
2008-11-08 23:08:02 ----D---- C:\Program Files\Common Files\Real
2008-11-08 23:08:01 ----D---- C:\Users\GCN1\AppData\Roaming\Real
2008-11-05 15:44:43 ----D---- C:\Program Files\Tech
2008-11-04 10:10:06 ----D---- C:\Users\GCN1\AppData\Roaming\Nero

======List of files/folders modified in the last 1 months======

2008-12-03 12:16:20 ----D---- C:\Windows\Temp
2008-12-03 12:16:04 ----D---- C:\ProgramData\Kaspersky Lab
2008-12-03 12:14:51 ----D---- C:\Windows\Prefetch
2008-12-03 12:07:18 ----A---- C:\Windows\ntbtlog.txt
2008-12-03 12:07:15 ----RD---- C:\Program Files
2008-12-03 11:34:31 ----D---- C:\Windows\system32\drivers
2008-12-03 11:34:30 ----AD---- C:\Windows\System32
2008-12-03 11:34:03 ----SHD---- C:\Windows\Installer
2008-12-03 11:33:13 ----SHD---- C:\System Volume Information
2008-12-03 11:31:50 ----D---- C:\Windows
2008-12-03 11:16:09 ----D---- C:\Program Files\Common Files
2008-12-03 11:11:43 ----HD---- C:\ProgramData
2008-12-02 23:21:42 ----D---- C:\Program Files\Cheat Engine
2008-12-02 19:55:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-02 19:01:40 ----D---- C:\Users\GCN1\AppData\Roaming\Skype
2008-12-01 23:39:16 ----D---- C:\ProgramData\Microsoft Help
2008-12-01 21:01:15 ----D---- C:\Windows\inf
2008-12-01 21:01:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-01 20:04:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 19:42:15 ----D---- C:\Windows\system32\config
2008-11-30 19:42:11 ----D---- C:\Windows\system32\Tasks
2008-11-30 19:42:11 ----D---- C:\Windows\system32\spool
2008-11-30 19:42:11 ----D---- C:\Windows\system32\catroot2
2008-11-30 19:42:09 ----D---- C:\Windows\system32\wbem
2008-11-30 19:42:09 ----D---- C:\Windows\registration
2008-11-30 12:06:12 ----D---- C:\Windows\Tasks
2008-11-30 12:01:54 ----D---- C:\Program Files\Internet Explorer
2008-11-30 11:44:16 ----D---- C:\Windows\system32\catroot
2008-11-27 19:17:07 ----SHD---- C:\$Recycle.Bin
2008-11-27 15:46:34 ----SD---- C:\Users\GCN1\AppData\Roaming\Microsoft
2008-11-26 21:34:16 ----D---- C:\Windows\winsxs
2008-11-25 20:16:39 ----A---- C:\Windows\system32\DEBUG_LOG.txt
2008-11-25 20:05:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-19 17:19:41 ----D---- C:\Program Files\Common Files\Adobe
2008-11-18 10:49:33 ----D---- C:\Windows\system32\en-US
2008-11-16 21:56:57 ----D---- C:\Windows\system32\LogFiles
2008-11-11 16:26:03 ----D---- C:\Windows\system32\Macromed
2008-11-11 15:35:39 ----D---- C:\Windows\LiveKernelReports
2008-11-10 15:54:39 ----D---- C:\Windows\twain_32
2008-11-09 22:23:26 ----SD---- C:\Windows\Downloaded Program Files
2008-11-08 10:37:31 ----D---- C:\Users\GCN1\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2008-11-05 22:27:17 ----A---- C:\Windows\win.ini
2008-11-05 22:25:44 ----RSD---- C:\Windows\assembly
2008-11-05 22:23:59 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-04 00:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-07 4456416]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2008-05-12 4608]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera; C:\Windows\System32\Drivers\cam1690.sys [2008-04-10 177664]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 dump_wmimmc;dump_wmimmc; C:\Windows\system32\drivers\dump_wmimmc.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 XDva195;XDva195; \??\C:\Windows\system32\XDva195.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-09-04 1295616]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-05-12 2155896]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------





Here is also the INFO text document. It has only been generated in safe mode though:






info.txt logfile of random's system information tool 1.04 2008-12-03 12:07:18

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Avatar - Legends of The Arena-->MsiExec.exe /I{553F9976-B733-41D6-B5C6-A27F59B6879E}
BIONICLE Heroes-->C:\Program Files\InstallShield Installation Information\{09961A16-DA99-4F15-BBE1-E7755A3BA8E3}\setup.exe -runfromtemp -l0x0409
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
Fiesta-->MsiExec.exe /X{41340E1A-6849-4A27-A9A5-AA37300C76FE}
Flash Player plugins 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDReg-->MsiExec.exe /I{AB7032FF-AFED-4C58-AA5C-8473B273793A}
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
JPEG Camera v1.1.3.4-->MsiExec.exe /I{8527C3D5-BA1D-46E9-88D2-AF25544311A3}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Legacy of Kain: Defiance 1.1-->C:\Program Files\Legacy of Kain - Defiance\uninstlokd.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware1\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 8.5-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MSWorks85*
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
Nicktoons Slimeball Multiplayer-->MsiExec.exe /I{ABBEB1E5-1636-4437-BF15-4ACAD36488BE}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}
Office Program Selector 2.0-->C:\Program Files\Tech\Office Program Selector\2.0\unins000.EXE
Outspark Sharp Launcher-->MsiExec.exe /X{B5560986-7A6A-4CCA-A808-853D2CED3796}
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek HD Audio V6.0.1.5322-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Skype 2.5.2.151-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpellForce-->C:\PROGRA~1\JoWooD\SPELLF~1\unwise.exe C:\PROGRA~1\JoWooD\SPELLF~1\install.log
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
The Battle for Middle-earth ™ II-->C:\Games\Electronic Arts\The Battle for Middle-earth ™ II\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king-->C:\Games\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Video NVIDIA v97.46-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VNC Enterprise Edition E4.4.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VNC Mirror Driver 1.8.0-->"C:\Program Files\RealVNC\VNC4\Mirror Driver\unins000.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yu-Gi-Oh! ONLINE 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00B93E18-7F40-4DA9-8156-8340936DCD2F}\Setup.exe" -l0x9

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------




I would really appreciate anything you can do to help me with the matter and will be eternally grateful.

Thanks for your time


David Beeby

Edited by dgbeeby, 03 December 2008 - 07:56 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:30 AM

Posted 15 December 2008 - 09:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 dgbeeby

dgbeeby
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 15 December 2008 - 12:31 PM

Thanks for getting back to me but fortunately I have since sorted out the problem through a friend. Sorry for not letting you knew sooner but i thought the topic was not active anymore.

Thanks again

David

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:30 AM

Posted 15 December 2008 - 12:38 PM

Thank you David for informing us.

If you find other problems please start a new topic.

Once again we apologize for the slow responses.

This thread is closed.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users