Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some advice sought before posting a HJT log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Some advice sought before posting a HJT log

Unread postby six-h » September 13th, 2007, 12:44 pm

PCA Forum directed me to this excellent forum back in June when Beynac did a wonderful job of cleaning my PC.
One of the problems I had was Micro Billing Systems' putrid software!

Recently I've been having speed problems with my TalkTalk line, and after much wailing and gnashing of teeth, and a few nasty emails! TT tech help phoned me today.
They (again) re-profiled my line, giving me 2957kbps. worse than the previous sync., then asked me to run"netstat" from the DOS prompt.
He asked how many entries I had; 4 I said; Oh, said he, you should only have three entries, this means you have got spyware which is causing the speed drop.

I don't have much faith in that conversation, I feel it's all smoke and mirrors and the latest excuse for TalkTalk's under capacity.
However, I did run Spybot S&D, which found 14 items, 7 of which to my horror were MBS entries.

To the best of my knowledge, I have not re-visited the sites that they control, nor have I seen any of the "T's & C's", of which I am now aware. I am loathe to allow Spybot to "fix" these items before I can find out the date they originated, and check my browser history to find when I became re-infected since this information might be of value to the crusade that Peter Thomas (PCA Forum Editor) is currently leading.

With this in mind, I have not yet closed Spybot. Should I close it without fixing?

My current impression is that these are either leftovers from the initial infection, or MBS have since gained unlawfull access to my machine since then, and recently, because the "Account Manager" screen has not appeared.

Finally, I have HJT in its own folder, and it has created another version of its self, called (My Name).exe is it safe to use this clone, or should I delete the folder and all log files, and D/L again?
six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England
Advertisement
Register to Remove

Unread postby Katana » September 18th, 2007, 12:24 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please post a fresh Hijack This log to this thread.
I will be notified and I will get back to you ASAP.
The version of HJT with your name should be safe to use, but please post a log from the original first.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby six-h » September 18th, 2007, 3:09 pm

Hi Katana,
Another Mancunian in trouble! :oops:
Appreciate your help, Disregard the content of my last post, I got a bit twitchy in the meantime, and ran spybot, AdAware, AVGAS, and ATF cleaner. Rebooting in between.
For some strange reason, between AdAware and AVGAS, I noticed a "Thumbs.db" file appeared on my desktop!
Don't know why, so I deleted it.
Found and fixed/quarantined/deleted several low level cookies but of particular concern was spybot finding 7 Micro Billing Systems entries, also AVGAS found "Backdoor.delf.ayn"

OK that's the background, Here's the "Highjack this" log: -

Logfile of HijackThis v1.99.1
Scan saved at 19:46:24, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7243283515
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


As requested, here's another log done with the Geoff Vost Cloned copy: -

Logfile of HijackThis v1.99.1
Scan saved at 19:47:54, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\Geoff Vost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7243283515
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Thanks for helping me,
six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Some advice sought before posting a HJT log

Unread postby Katana » September 18th, 2007, 4:52 pm

Hi six-h,
six-h wrote:My current impression is that these are either leftovers from the initial infection,

Looking at your HJT log I think it is more than likely the MBS items are leftovers.
six-h wrote:They (again) re-profiled my line, giving me 2957kbps. worse than the previous sync., then asked me to run"netstat" from the DOS prompt.
He asked how many entries I had; 4 I said; Oh, said he, you should only have three entries, this means you have got spyware which is causing the speed drop.

They would be terrified if they saw my machine then, I have 10 entries
(And I KNOW I have no spyware :) )

Did you fix the items with Spybot ? and if you did do they still appear ?
Spybot Report
Please retrieve the last scan that you did with Spybot
  1. Open Spybot S&D
  2. Click Mode (on the top bar)
  3. Put a check next to Advanced. Click Yes at the prompt.
  4. Click Tools (left hand column near the bottom)
  5. Click View Report (left hand column near the top)
  6. Put a tick next to
    • Include results of last check in report
    • Include ActiveX list in report
    • Include startup list in report
    • Include uninstall list in report
    (make sure that the rest are unchecked)
  7. Click View Report (top of page)
  8. Click Export (top of page)
  9. Save the report to your desktop

AVG Anti-Spyware Log
Please retrieve the last scan that you did with AVG Anti-Spyware
  1. Open AVG Anti-Spyware
  2. Click Reports (on the top bar)
  3. Click the Scan that has the latest date (lefthand panel)
  4. Click Save Report as (left hand column near the bottom)
  5. Save the report to your desktop
  6. Close AVG Anti-Spyware

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Spybot Log
  • AVG AS Log
  • Are there any symptoms of malware ?
    ie. Popups, redirected browser
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby six-h » September 19th, 2007, 9:04 am

Hi katana,
First of all, my apologies for not replying last night, I notice that you replied at 20:52hrs, although I was sat at my machine until 01:30am this morning, and despite OE being set to check for mail every 2 mins, and me forcing a few checks, I did not receive your mail till this afternoon when I booted up! Odd! :?

I'm relieved to hear that you think the MBS entries are possibly leftovers, 'cos I've tried to be a good boy! and not ventured onto the dark side since my last infection!!, ..well the occasional visit to X Tube is as far as I go these days! :oops:

Perhaps a look at my previous final "All Clear" HJT log might confirm that ?
Here's the link: -
http://www.malwareremoval.com/forum/viewtop ... c&start=45

Re: - TalkTalk's excuse of netstat showing up malware.
Though I know nothing, in computer terms, I'm pleased that simple logic has not let me down!
It was indeed an excuse! ;)

Did you fix the items with Spybot ? and if you did do they still appear ?


Yes I did, I havn't run Spybot since, so I don't know if they are still there.
Do I need to run it again, or is there some other way to check?

Last Spybot report: -


--- Search result list ---


--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 79fa429bd77f9cd6b0171c7fd235a515

Located: HK_LM:Run, CHotkey
command: mHotkey.exe
file: C:\WINDOWS\mHotkey.exe
size: 506368
MD5: d739e3d7ff308a620327b4fe21999188

Located: HK_LM:Run, Cmaudio
command: RunDll32 cmicnfg.cpl,CMICtrlWnd
file:

Located: HK_LM:Run, HotKey
command: C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
file: C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
size: 618496
MD5: c4df9abe960d116301c353a30717d7af

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267064
MD5: be4d3d5423b364c54a66e86673d57f08

Located: HK_LM:Run, ledpointer
command: CNYHKey.exe
file: C:\WINDOWS\CNYHKey.exe
size: 5798912
MD5: 342e52ede8962da158cbb63727180edf

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: a53cb3e22848b3ed199f99448d3942c4

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
file: C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
size: 61440
MD5: 3a1406e4258830aca422d863b6c48d0a

Located: HK_LM:Run, PinnacleDriverCheck
command: C:\WINDOWS\System32\PSDrvCheck.exe
file: C:\WINDOWS\System32\PSDrvCheck.exe
size: 396800
MD5: d552d5bc4e24373e0ffd9464e72493c6

Located: HK_LM:Run, PRISMSTA.EXE
command: PRISMSTA.EXE START
file: C:\WINDOWS\system32\PRISMSTA.EXE
size: 215552
MD5: f7b5ad285e9a0e409a6e887e338b145e

Located: HK_LM:Run, PSDrvCheck
command: C:\WINDOWS\System32\PSDrvCheck.exe
file: C:\WINDOWS\System32\PSDrvCheck.exe
size: 396800
MD5: d552d5bc4e24373e0ffd9464e72493c6

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49ccfbe5d5225b9d3cc78c09dee147d0

Located: HK_LM:Run, Realtime Monitor
command: C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
file: C:\PROGRA~1\CA\ETRUST~1\realmon.exe
size: 493024
MD5: b7166c6cad2ca92e047cad3082cb6b7e

Located: HK_LM:Run, SiteAdvisor
command: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
file: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
size: 36904
MD5: d8bf7c96fed3177edaf5136cb7b5460c

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: e616a6a6e91b0a86f2f6217cde835ffe

Located: HK_CU:Run, updateMgr
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
file:

Located: Startup (common), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Ulead Photo Express 4.0 SE Calendar Checker .lnk
command: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
file: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
size: 69632
MD5: 8ef41a228e468e12c7cd8023ad4f97cc

Located: Startup (user), Registration-InstantCopy.lnk
command: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
file: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
size: 245760
MD5: 35d183cb9d58f97f4e2e52fa738dd75c

Located: Startup (user), WkCalRem.LNK
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
size: 24651
MD5: 07aa10f524d57cd6df42e501f0c9d6f1

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)
DPF name:
CLSID name: Microsoft Data Collection Control
Installer:
Codebase: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSDcode.dll

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftup ... 7243283515
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 19/09/2007 12:41:32
Date (last write): 30/07/2007 19:19:04
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38
Date (last access): 18/09/2007 15:43:44
Date (last write): 12/07/2007 04:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/fl ... rashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/C ... 1316898148
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38
Date (last access): 19/09/2007 13:09:36
Date (last write): 12/07/2007 04:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38
Date (last access): 19/09/2007 13:09:36
Date (last write): 12/07/2007 04:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/sh ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 11/06/2007 21:04:30
Date (last access): 19/09/2007 12:42:24
Date (last write): 11/06/2007 21:04:30
Filesize: 2267368
Attributes: readonly archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0



--- Uninstall list ---
(ABBYY FineReader 5.0 Sprint)

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: F:\AcrobatReader5.0\ENG\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: F:\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

ATI - Software Uninstall Utility 6.14.10.1005 (All ATI Software)
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

AOL UK (America Online uk)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_uk.exe

ASAPI Update (ASAPI Update)
uninstall cmd: C:\WINDOWS\System32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu

ATI Display Driver 7.93-030812a1-011555C-Medion (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5
uninstall cmd: C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

C-Media 3D Audio (C-Media Audio)
uninstall cmd: C:\WINDOWS\CMIUnInstall.exe

C-Media WDM Audio Driver (C-Media Audio Driver)
uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

Canon i865 (CANONBJ_Deinstall_CNMCP5m.DLL)
uninstall cmd: C:\WINDOWS\System32\CNMCP5m.exe "-PRINTERNAMECanon i865" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmi0409.dll"

Cartoonist 1.1 (Cartoonist_is1)
uninstall cmd: "C:\Program Files\Cartoonist\unins000.exe"

Clean 5 Clean 5 (Clean 5)
uninstall cmd: C:\PROGRA~1\Pinnacle\CLEAN5~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CLEAN5~1\INSTALL.LOG
publisher: Pinnacle Systems GmbH / Steinberg Media Technologies GmbH
comments: © 2002-2003 Pinnacle Systems GmbH / Steinberg Media Technologies GmbH

CloneDVD 2.2 (CloneDVD 2.2_is1)
uninstall cmd: "C:\Program Files\CloneDVD\unins000.exe"
help link: http://www.CloneDVD.net

(Connection Manager)

dBpowerAMP Music Converter (dBpowerAMP Music Converter)
uninstall cmd: "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat

(DirectAnimation)

(DirectDrawEx)

DVD Decrypter (Remove Only) (DVD Decrypter)
uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"

DVD Shrink 3.1.4 (DVD Shrink_is1)
uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"
publisher: DVD Shrink
help link: http://www.dvdshrink.org

(DXM_Runtime)

Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"

Canon Utilities Easy-PhotoPrint Plus (Easy-PhotoPrint Plus)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"

Easy-WebPrint (Easy-WebPrint)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

ERUNT 1.1j (ERUNT_is1)
install location: C:\Program Files\ERUNT\
uninstall cmd: "C:\Program Files\ERUNT\unins000.exe"
publisher: Lars Hederer
help link: http://www.larshederer.homepage.t-online.de/erunt

CA eTrust Antivirus (eTrust Antivirus)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CA\eTrust Antivirus\Uninst.isu" -c"C:\Program Files\CA\eTrust Antivirus\InoSetup.dll"

(Fontcore)

Hemera Photo-Objects 5000 (Hemera Photo-Objects 5000)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hemera Photo-Objects 5000\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070527
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

Image Armada (Image Armada)
uninstall cmd: C:\Program Files\Tangent3D\Image Armada\Uninstall\Uninstall.exe

(InstallShield Uninstall Information)

Canon RemoteCapture Task for ZoomBrowser EX 0.9.0 (InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87})
version: 589824
version (minor): 9
estimated size: 117
install date: 20040409
install source: F:\Zoombrsr\English\RCTASK\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
publisher: Canon
comments:
contact:
help link:
help telephone:

(InstallShield_{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200})

Canon Camera Window for ZoomBrowser EX 4.5.2 (InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A})
version: 67436546
version (major): 4
version (minor): 5
estimated size: 13347
install date: 20040409
install source: F:\cw\English\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

100,000 Clipart - Volume 2 3.12.0000 (InstallShield_{FA9D74C9-858C-4346-B9F6-3F2C1D2F2249})
version: 51118080
version (major): 3
version (minor): 12
estimated size: 80656
install date: 20040602
install source: F:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA9D74C9-858C-4346-B9F6-3F2C1D2F2249}
publisher: GSP
comments: GSP
contact: Customer Support Department
help link: http://www.gsp.cc/faq
help telephone: NA

Canon RAW Image Task for ZoomBrowser EX 0.9.0 (InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23})
version: 589824
version (minor): 9
estimated size: 118
install date: 20040409
install source: F:\Zoombrsr\English\RAWTASK\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
publisher: Canon
comments:
contact:
help link:
help telephone:

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

(KB884267)

(KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

(KB886612)

(KB887078)

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

(KB887626)

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

(KB888656)

(KB889858)

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

(KB891122)

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20070825
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

(KB892313)

(KB893240)

(KB893241)

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

(KB895181)

(KB895316)

(KB895572)

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

(KB897586)

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

(KB898549)

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

(KB900399)

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

(KB902344)

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Update for Windows XP (KB904942) 2 (KB904942)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

(KB907658)

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

(KB911565)

(KB911854)

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Hotfix for Windows XP (KB914440) 12 (KB914440)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914440

Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921503) 1 (KB921503)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921503

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694

Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/923723

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Update for Windows XP (KB925720) 1 (KB925720)
install date: 20070826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925720

Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436

Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779

Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802

Update for Windows XP (KB927891) 3 (KB927891)
install date: 20070522
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927891

Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090

Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255

Security Update for Microsoft .NET Framework 2.0 (KB928365) 2 (KB928365.T1_1ToU569_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/928365

Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843

Security Update for Windows XP (KB929123) 1 (KB929123)
install date: 20070613
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929123

Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20070427
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=929399

Security Update for Windows Internet Explorer 7 (KB929969) 20061222.120000 (KB929969)
install date: 20070527
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178

Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916

Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261

Security Update for Windows XP (KB931768) 1 (KB931768)
install date: 20070510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows Internet Explorer 7 (KB931768) 1 (KB931768-IE7)
install date: 20070527
uninstall cmd: "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784

Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836

Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168

Hotfix for Microsoft .NET Framework 3.0 (KB932471) 1 (KB932471.T301_380ToU433_380)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/932471

Update for Windows XP (KB933360) 1 (KB933360)
install date: 20070830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933360

Security Update for Windows Internet Explorer 7 (KB933566) 1 (KB933566-IE7)
install date: 20070613
uninstall cmd: "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566

Security Update for Windows XP (KB935839) 1 (KB935839)
install date: 20070613
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935839

Security Update for Windows XP (KB935840) 1 (KB935840)
install date: 20070613
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935840

Security Update for Windows XP (KB936021) 1 (KB936021)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936021

Update for Windows XP (KB936357) 1 (KB936357)
install date: 20070711
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936357

Security Update for Windows Media Player 11 (KB936782) (KB936782_WMP11)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782

Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20070816
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143

Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20070816
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127

Update for Windows XP (KB938828) 1 (KB938828)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938828

Security Update for Windows XP (KB938829) 1 (KB938829)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938829

Hotfix for Windows Media Player 11 (KB939683) (KB939683)
install date: 20070905
uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=939683

Label Editor 1.0.1.172 (LabelEditor)
install date: 05/02/2005
install location: C:\Program Files\Steinberg\Label Editor
install source: C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
uninstall cmd: "C:\Program Files\Steinberg\Label Editor\Uninstall.exe" "C:\Program Files\Steinberg\Label Editor\install.log"
publisher: Steinberg

McAfee SiteAdvisor 2.5.0.6172 (McAfee SiteAdvisor)
uninstall cmd: C:\Program Files\SiteAdvisor\6172\uninstall.exe
publisher: McAfee, Inc.

CD-LabelPrint (MediaNavigation.CDLabelPrint)
install location: C:\Program Files\Canon\CD-LabelPrint\
uninstall cmd: "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

Medi@Show (MediaShow)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Medion Home Cinema XL II\MediaShow\Uninst.isu"

MGI Photovista 2.02(Remove only) (MGI_Photovista_V1_4_0)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\Photovista\Uninst.isu"

MGI PhotoSuite 4 (Remove Only) (MGI_PRISM_V4_0)
install location: C:\Program Files\MGI\MGI PhotoSuite 4
uninstall cmd: "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
publisher: MGI Software Corp.

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=51019

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(PhotoRecord)

Microsoft Picture It! Photo Standard 9 9.0.0.0000 (PictureIt_v9)
install location: C:\Program Files\Microsoft Picture It! 9\
install source: F:\pip\
uninstall cmd: C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=109 ... =PictureIt

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Slim USB2 Scanner (Slim USB2 Scanner)
uninstall cmd: C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\SlimU2\PmxScan.INF DefaultUnInstall.USB.NTX86

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Acronis True Image (TrueImage)
uninstall cmd: C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall
publisher: Acronis
comments: Acronis True Image and other partitioning and multibooting solutions
help link: http://www.acronis.com/support

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VIA Rhine-Family Fast-Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

WaveLab Lite 2.5.2.173 (WaveLabLite)
install date: 07/30/2005
install location: C:\Program Files\Steinberg\WaveLab Lite
install source: C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
uninstall cmd: "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
publisher: Steinberg

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
install date: 20070419
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20070423
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Imaging Component 3.0.0.0 (WIC)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft Works 2004 Setup Launcher (Works2004Setup)
uninstall cmd: C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP F:\
help link: http://support.microsoft.com/support/works

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

X10 Hardware(TM) (X10Hardware)
uninstall cmd: C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
install date: 20070825
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=test

Microsoft Encarta Encyclopedia Standard - WE 2004 2004 ({045A0044-9149-45C6-A806-F2BF9CFCE762})
version (major): 2004
version (minor): 2004
estimated size: 470208
install date: 20040604
install location: C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2004\encarta.exe
install source: F:\Encarta\
uninstall cmd: MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

MSXML 6.0 Parser (KB933579) 6.10.1200.0 ({0A869A65-8C94-4F7C-A5C7-972D3C8CED9E})
version: 101319856
version (major): 6
version (minor): 10
estimated size: 1341
install date: 20070826
install source: d:\6355b1082f8e17eea243c0ff\
uninstall cmd: MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/933579

Informations about your PC ({0AB149EB-2AE0-466C-9BA4-3A718CF06432})
install date: 20031015
uninstall cmd: MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}

ATI Control Panel 6.14.10.5029 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
version: 50336154
version (major): 3
estimated size: 16102
install date: 20070825
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
install source: d:\f753076f770c00ef9b82b77e0e86957f\
uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
publisher: Microsoft Corporation

Microsoft Money 12.0.100 ({1D643CD2-4DD6-11D7-A4E0-000874180BB3})
version: 201326692
version (major): 12
estimated size: 48671
install date: 20040604
install location: C:\Program Files\Microsoft Money\
install source: F:\Money\
uninstall cmd: MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money
help link: http://support.microsoft.com
help telephone: 0870 60 10 100

VideoLive Mail ({1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1}\setup.exe" -uninstall

RemoteCapture Task 0.9.0 ({2236B741-6631-49AE-B76E-3E14CA01CC87})
version: 589824
version (minor): 9
estimated size: 117
install date: 20040409
install source: F:\Zoombrsr\English\RCTASK\
publisher: Canon
comments:
contact:
help link:
help telephone:

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

PowerCinema 2.0 ({2637C347-9DAD-11D6-9EA2-00055D0CA761})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall

CA Licensing 1.52 ({30C10EE3-EFB3-4B7A-9CDC-50790C2B5200})
version: 20185088
version (major): 1
version (minor): 52
estimated size: 1379
install date: 20031015
install source: D:\Tools\eTrust Antivirus\English\License\Lang\En\
publisher: Computer Associates International, Inc.
comments: 0
contact: 0
help link: http://esupport.ca.com
help telephone: 0
readme: 0

Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070503
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113906
install date: 20070727
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

Microsoft Works Suite Add-in for Microsoft Word 7.0.0.0000 ({33BEE6F3-9987-4F98-A069-97A64EC8321A})
version: 117440512
version (major): 7
estimated size: 51300
install date: 20040604
install source: F:\WordAdd\
uninstall cmd: MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/support/works
help telephone:

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2492
install date: 20031015
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20070419
install source: d:\007371bc4e772de094\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

USB 2.0 Flash Drive 1.2 ({3815B68D-3ADD-479A-9208-ED7FC11F4EC1})
version: 16908288
install location: C:\Program Files\USB 2.0 Flash Drive
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Ins
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby Katana » September 19th, 2007, 10:09 am

six-h wrote:Hi katana,
First of all, my apologies for not replying last night, I notice that you replied at 20:52hrs, although I was sat at my machine until 01:30am this morning, and despite OE being set to check for mail every 2 mins, and me forcing a few checks, I did not receive your mail till this afternoon when I booted up! Odd! :?

Not a problem :)
six-h wrote:'cos I've tried to be a good boy! and not ventured onto the dark side since my last infection!!, ..well the occasional visit to X Tube is as far as I go these days! :oops:

Nobody is perfect :lol:

six-h wrote:Perhaps a look at my previous final "All Clear" HJT log might confirm that ?
Here's the link: -
http://www.malwareremoval.com/forum/viewtop ... c&start=45

I'll be honest here, I checked it out before I replied.
If I thought that you were just using us (this service) instead of AV/AS/being careful I would not have replied ;)
Malware fighters are few, and we tend to work more than one forum.
We know who tries and who doesn't care
six-h wrote:Re: - TalkTalk's excuse of netstat showing up malware.
Though I know nothing, in computer terms, I'm pleased that simple logic has not let me down!
It was indeed an excuse! ;)
In all fairness, they all try to pass the buck not just Talk Talk
six-h wrote:Yes I did, I havn't run Spybot since, so I don't know if they are still there.
Do I need to run it again, or is there some other way to check?

No problem, Please run Spybot again and let me know if they are still there.
Can you post the AVG log I asked for please.
K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby six-h » September 19th, 2007, 11:02 am

Hi katana,
Just a Quickie whilst I'm running spybot again.

Can you post the AVG log I asked for please.

Apologies for the omission, Don't know what happened, it was there when I previewed!
Here it is again: -
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:05:51 18/09/2007

+ Scan result:



C:\RECYCLER\S-1-5-21-1984919291-1825392768-3581218086-500\Dc5.exe -> Backdoor.Delf.ayn : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@try.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

I'll post back in a few minutes with a new Spybot report.

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby six-h » September 19th, 2007, 12:01 pm

Back again katana,
just realised that my answers to the following are also missing!!

Are there any symptoms of malware ?


Aside from the delay in receiving your mail yesterday, which I put down to TalkTalk,s Idiosyncrasies. (Thank God for Words spellcheck!)
By the way, I notice your last email was sent at 2:09pm, and I replied immediately it was received, so it's still taking an hour to receive! :roll:

I have my home page set to Gmail-my in box, and now, when I fire up IE7, it directs me to the log in page, with a warning saying "this site contains both secure and nonsecure items", clicking "allow" and logging in, then saving the current page as my home page is OK until I shut down and re-open IE, when it goes through the same proceedure again.

Just for info, I have the phishing filter set to off....life's too short!

This may be due to having run "ATF Cleaner", I generally have to go through my favs. and log in to the sites, then re-save to favs., but it's never affected my home page before.
Are there some advanced internet options that I should alter? :?

Malware fighters are few, and we tend to work more than one forum.
We know who tries and who doesn't care


I am in total awe of you guys, and wish that I had the wit to be able to do what you do. 8)
It is to my eternal shame that I need to waste your time, when after all it's my own stupidity that gets me into this mess. :oops:
I am now however totally parnoid about security, and feel particularly uncomfortable if I ever visit a "SiteAdvisor" "Yellow" site.
That's why I can't understand MBS re-apearing.
Is it possible that they are aware that I've atempted to remove their digital dog mess, and actively sought me out to plant it again??
Will I ever be free of it?
I'm even scared of banking online, and go to the branch to use their connection!
See what I mean..paranoid! :shock:



six-h
Here's the new "clean" Spybot report: -


--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 79fa429bd77f9cd6b0171c7fd235a515

Located: HK_LM:Run, CHotkey
command: mHotkey.exe
file: C:\WINDOWS\mHotkey.exe
size: 506368
MD5: d739e3d7ff308a620327b4fe21999188

Located: HK_LM:Run, Cmaudio
command: RunDll32 cmicnfg.cpl,CMICtrlWnd
file:

Located: HK_LM:Run, HotKey
command: C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
file: C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
size: 618496
MD5: c4df9abe960d116301c353a30717d7af

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267064
MD5: be4d3d5423b364c54a66e86673d57f08

Located: HK_LM:Run, ledpointer
command: CNYHKey.exe
file: C:\WINDOWS\CNYHKey.exe
size: 5798912
MD5: 342e52ede8962da158cbb63727180edf

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 50688
MD5: a53cb3e22848b3ed199f99448d3942c4

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
file: C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
size: 61440
MD5: 3a1406e4258830aca422d863b6c48d0a

Located: HK_LM:Run, PinnacleDriverCheck
command: C:\WINDOWS\System32\PSDrvCheck.exe
file: C:\WINDOWS\System32\PSDrvCheck.exe
size: 396800
MD5: d552d5bc4e24373e0ffd9464e72493c6

Located: HK_LM:Run, PRISMSTA.EXE
command: PRISMSTA.EXE START
file: C:\WINDOWS\system32\PRISMSTA.EXE
size: 215552
MD5: f7b5ad285e9a0e409a6e887e338b145e

Located: HK_LM:Run, PSDrvCheck
command: C:\WINDOWS\System32\PSDrvCheck.exe
file: C:\WINDOWS\System32\PSDrvCheck.exe
size: 396800
MD5: d552d5bc4e24373e0ffd9464e72493c6

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49ccfbe5d5225b9d3cc78c09dee147d0

Located: HK_LM:Run, Realtime Monitor
command: C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
file: C:\PROGRA~1\CA\ETRUST~1\realmon.exe
size: 493024
MD5: b7166c6cad2ca92e047cad3082cb6b7e

Located: HK_LM:Run, SiteAdvisor
command: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
file: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
size: 36904
MD5: d8bf7c96fed3177edaf5136cb7b5460c

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: e616a6a6e91b0a86f2f6217cde835ffe

Located: HK_CU:Run, updateMgr
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
file:

Located: Startup (common), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Ulead Photo Express 4.0 SE Calendar Checker .lnk
command: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
file: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
size: 69632
MD5: 8ef41a228e468e12c7cd8023ad4f97cc

Located: Startup (user), Registration-InstantCopy.lnk
command: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
file: C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
size: 245760
MD5: 35d183cb9d58f97f4e2e52fa738dd75c

Located: Startup (user), WkCalRem.LNK
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
size: 24651
MD5: 07aa10f524d57cd6df42e501f0c9d6f1

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)
DPF name:
CLSID name: Microsoft Data Collection Control
Installer:
Codebase: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSDcode.dll

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftup ... 7243283515
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 19/09/2007 16:08:30
Date (last write): 30/07/2007 19:19:04
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38
Date (last access): 19/09/2007 13:09:36
Date (last write): 12/07/2007 04:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/fl ... rashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/C ... 1316898148
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38
Date (last access): 19/09/2007 16:16:56
Date (last write): 12/07/2007 04:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38
Date (last access): 19/09/2007 16:16:56
Date (last write): 12/07/2007 04:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/sh ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 11/06/2007 21:04:30
Date (last access): 19/09/2007 16:02:02
Date (last write): 11/06/2007 21:04:30
Filesize: 2267368
Attributes: readonly archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0



--- Uninstall list ---
(ABBYY FineReader 5.0 Sprint)

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: F:\AcrobatReader5.0\ENG\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: F:\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

ATI - Software Uninstall Utility 6.14.10.1005 (All ATI Software)
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

AOL UK (America Online uk)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_uk.exe

ASAPI Update (ASAPI Update)
uninstall cmd: C:\WINDOWS\System32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu

ATI Display Driver 7.93-030812a1-011555C-Medion (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5
uninstall cmd: C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

C-Media 3D Audio (C-Media Audio)
uninstall cmd: C:\WINDOWS\CMIUnInstall.exe

C-Media WDM Audio Driver (C-Media Audio Driver)
uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

Canon i865 (CANONBJ_Deinstall_CNMCP5m.DLL)
uninstall cmd: C:\WINDOWS\System32\CNMCP5m.exe "-PRINTERNAMECanon i865" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmi0409.dll"

Cartoonist 1.1 (Cartoonist_is1)
uninstall cmd: "C:\Program Files\Cartoonist\unins000.exe"

Clean 5 Clean 5 (Clean 5)
uninstall cmd: C:\PROGRA~1\Pinnacle\CLEAN5~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CLEAN5~1\INSTALL.LOG
publisher: Pinnacle Systems GmbH / Steinberg Media Technologies GmbH
comments: © 2002-2003 Pinnacle Systems GmbH / Steinberg Media Technologies GmbH

CloneDVD 2.2 (CloneDVD 2.2_is1)
uninstall cmd: "C:\Program Files\CloneDVD\unins000.exe"
help link: http://www.CloneDVD.net

(Connection Manager)

dBpowerAMP Music Converter (dBpowerAMP Music Converter)
uninstall cmd: "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat

(DirectAnimation)

(DirectDrawEx)

DVD Decrypter (Remove Only) (DVD Decrypter)
uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"

DVD Shrink 3.1.4 (DVD Shrink_is1)
uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"
publisher: DVD Shrink
help link: http://www.dvdshrink.org

(DXM_Runtime)

Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"

Canon Utilities Easy-PhotoPrint Plus (Easy-PhotoPrint Plus)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"

Easy-WebPrint (Easy-WebPrint)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

ERUNT 1.1j (ERUNT_is1)
install location: C:\Program Files\ERUNT\
uninstall cmd: "C:\Program Files\ERUNT\unins000.exe"
publisher: Lars Hederer
help link: http://www.larshederer.homepage.t-online.de/erunt

CA eTrust Antivirus (eTrust Antivirus)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CA\eTrust Antivirus\Uninst.isu" -c"C:\Program Files\CA\eTrust Antivirus\InoSetup.dll"

(Fontcore)

Hemera Photo-Objects 5000 (Hemera Photo-Objects 5000)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hemera Photo-Objects 5000\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070527
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

Image Armada (Image Armada)
uninstall cmd: C:\Program Files\Tangent3D\Image Armada\Uninstall\Uninstall.exe

(InstallShield Uninstall Information)

Canon RemoteCapture Task for ZoomBrowser EX 0.9.0 (InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87})
version: 589824
version (minor): 9
estimated size: 117
install date: 20040409
install source: F:\Zoombrsr\English\RCTASK\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
publisher: Canon
comments:
contact:
help link:
help telephone:

(InstallShield_{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200})

Canon Camera Window for ZoomBrowser EX 4.5.2 (InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A})
version: 67436546
version (major): 4
version (minor): 5
estimated size: 13347
install date: 20040409
install source: F:\cw\English\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

100,000 Clipart - Volume 2 3.12.0000 (InstallShield_{FA9D74C9-858C-4346-B9F6-3F2C1D2F2249})
version: 51118080
version (major): 3
version (minor): 12
estimated size: 80656
install date: 20040602
install source: F:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA9D74C9-858C-4346-B9F6-3F2C1D2F2249}
publisher: GSP
comments: GSP
contact: Customer Support Department
help link: http://www.gsp.cc/faq
help telephone: NA

Canon RAW Image Task for ZoomBrowser EX 0.9.0 (InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23})
version: 589824
version (minor): 9
estimated size: 118
install date: 20040409
install source: F:\Zoombrsr\English\RAWTASK\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
publisher: Canon
comments:
contact:
help link:
help telephone:

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

(KB884267)

(KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

(KB886612)

(KB887078)

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

(KB887626)

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

(KB888656)

(KB889858)

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

(KB891122)

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20070825
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

(KB892313)

(KB893240)

(KB893241)

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

(KB895181)

(KB895316)

(KB895572)

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

(KB897586)

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

(KB898549)

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

(KB900399)

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

(KB902344)

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Update for Windows XP (KB904942) 2 (KB904942)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

(KB907658)

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

(KB911565)

(KB911854)

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Hotfix for Windows XP (KB914440) 12 (KB914440)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914440

Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921503) 1 (KB921503)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921503

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694

Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/923723

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Update for Windows XP (KB925720) 1 (KB925720)
install date: 20070826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925720

Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436

Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779

Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802

Update for Windows XP (KB927891) 3 (KB927891)
install date: 20070522
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927891

Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090

Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255

Security Update for Microsoft .NET Framework 2.0 (KB928365) 2 (KB928365.T1_1ToU569_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/928365

Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843

Security Update for Windows XP (KB929123) 1 (KB929123)
install date: 20070613
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929123

Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20070427
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=929399

Security Update for Windows Internet Explorer 7 (KB929969) 20061222.120000 (KB929969)
install date: 20070527
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178

Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916

Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261

Security Update for Windows XP (KB931768) 1 (KB931768)
install date: 20070510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows Internet Explorer 7 (KB931768) 1 (KB931768-IE7)
install date: 20070527
uninstall cmd: "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784

Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836

Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168

Hotfix for Microsoft .NET Framework 3.0 (KB932471) 1 (KB932471.T301_380ToU433_380)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/932471

Update for Windows XP (KB933360) 1 (KB933360)
install date: 20070830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933360

Security Update for Windows Internet Explorer 7 (KB933566) 1 (KB933566-IE7)
install date: 20070613
uninstall cmd: "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566

Security Update for Windows XP (KB935839) 1 (KB935839)
install date: 20070613
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935839

Security Update for Windows XP (KB935840) 1 (KB935840)
install date: 20070613
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935840

Security Update for Windows XP (KB936021) 1 (KB936021)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936021

Update for Windows XP (KB936357) 1 (KB936357)
install date: 20070711
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936357

Security Update for Windows Media Player 11 (KB936782) (KB936782_WMP11)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782

Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20070816
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143

Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20070816
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127

Update for Windows XP (KB938828) 1 (KB938828)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938828

Security Update for Windows XP (KB938829) 1 (KB938829)
install date: 20070816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938829

Hotfix for Windows Media Player 11 (KB939683) (KB939683)
install date: 20070905
uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=939683

Label Editor 1.0.1.172 (LabelEditor)
install date: 05/02/2005
install location: C:\Program Files\Steinberg\Label Editor
install source: C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
uninstall cmd: "C:\Program Files\Steinberg\Label Editor\Uninstall.exe" "C:\Program Files\Steinberg\Label Editor\install.log"
publisher: Steinberg

McAfee SiteAdvisor 2.5.0.6172 (McAfee SiteAdvisor)
uninstall cmd: C:\Program Files\SiteAdvisor\6172\uninstall.exe
publisher: McAfee, Inc.

CD-LabelPrint (MediaNavigation.CDLabelPrint)
install location: C:\Program Files\Canon\CD-LabelPrint\
uninstall cmd: "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

Medi@Show (MediaShow)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Medion Home Cinema XL II\MediaShow\Uninst.isu"

MGI Photovista 2.02(Remove only) (MGI_Photovista_V1_4_0)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\Photovista\Uninst.isu"

MGI PhotoSuite 4 (Remove Only) (MGI_PRISM_V4_0)
install location: C:\Program Files\MGI\MGI PhotoSuite 4
uninstall cmd: "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
publisher: MGI Software Corp.

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Microsoft .NET Framework 3.0 (Microsoft .NET Framework 3.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=51019

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070527
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(PhotoRecord)

Microsoft Picture It! Photo Standard 9 9.0.0.0000 (PictureIt_v9)
install location: C:\Program Files\Microsoft Picture It! 9\
install source: F:\pip\
uninstall cmd: C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=109 ... =PictureIt

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Slim USB2 Scanner (Slim USB2 Scanner)
uninstall cmd: C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\SlimU2\PmxScan.INF DefaultUnInstall.USB.NTX86

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Acronis True Image (TrueImage)
uninstall cmd: C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall
publisher: Acronis
comments: Acronis True Image and other partitioning and multibooting solutions
help link: http://www.acronis.com/support

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VIA Rhine-Family Fast-Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

WaveLab Lite 2.5.2.173 (WaveLabLite)
install date: 07/30/2005
install location: C:\Program Files\Steinberg\WaveLab Lite
install source: C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
uninstall cmd: "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
publisher: Steinberg

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
install date: 20070419
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20070423
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Imaging Component 3.0.0.0 (WIC)
install date: 20070825
uninstall cmd: "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Microsoft Works 2004 Setup Launcher (Works2004Setup)
uninstall cmd: C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP F:\
help link: http://support.microsoft.com/support/works

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070426
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

X10 Hardware(TM) (X10Hardware)
uninstall cmd: C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

XML Paper Specification Shared Components Pack 1.0 (XpsEPSC)
install date: 20070825
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=test

Microsoft Encarta Encyclopedia Standard - WE 2004 2004 ({045A0044-9149-45C6-A806-F2BF9CFCE762})
version (major): 2004
version (minor): 2004
estimated size: 470208
install date: 20040604
install location: C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2004\encarta.exe
install source: F:\Encarta\
uninstall cmd: MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
publisher: Microsoft Corporation
help link: http://support.microsoft.com

MSXML 6.0 Parser (KB933579) 6.10.1200.0 ({0A869A65-8C94-4F7C-A5C7-972D3C8CED9E})
version: 101319856
version (major): 6
version (minor): 10
estimated size: 1341
install date: 20070826
install source: d:\6355b1082f8e17eea243c0ff\
uninstall cmd: MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/933579

Informations about your PC ({0AB149EB-2AE0-466C-9BA4-3A718CF06432})
install date: 20031015
uninstall cmd: MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}

ATI Control Panel 6.14.10.5029 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

Microsoft .NET Framework 3.0 3.0.04506.30 ({15095BF3-A3D7-4DDF-B193-3A496881E003})
version: 50336154
version (major): 3
estimated size: 16102
install date: 20070825
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.0\
install source: d:\f753076f770c00ef9b82b77e0e86957f\
uninstall cmd: MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
publisher: Microsoft Corporation

Microsoft Money 12.0.100 ({1D643CD2-4DD6-11D7-A4E0-000874180BB3})
version: 201326692
version (major): 12
estimated size: 48671
install date: 20040604
install location: C:\Program Files\Microsoft Money\
install source: F:\Money\
uninstall cmd: MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money
help link: http://support.microsoft.com
help telephone: 0870 60 10 100

VideoLive Mail ({1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1}\setup.exe" -uninstall

RemoteCapture Task 0.9.0 ({2236B741-6631-49AE-B76E-3E14CA01CC87})
version: 589824
version (minor): 9
estimated size: 117
install date: 20040409
install source: F:\Zoombrsr\English\RCTASK\
publisher: Canon
comments:
contact:
help link:
help telephone:

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

PowerCinema 2.0 ({2637C347-9DAD-11D6-9EA2-00055D0CA761})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall

CA Licensing 1.52 ({30C10EE3-EFB3-4B7A-9CDC-50790C2B5200})
version: 20185088
version (major): 1
version (minor): 52
estimated size: 1379
install date: 20031015
install source: D:\Tools\eTrust Antivirus\English\License\Lang\En\
publisher: Computer Associates International, Inc.
comments: 0
contact: 0
help link: http://esupport.ca.com
help telephone: 0
readme: 0

Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070503
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby Katana » September 19th, 2007, 12:42 pm

six-h wrote:Aside from the delay in receiving your mail yesterday, which I put down to TalkTalk,s Idiosyncrasies. (Thank God for Words spellcheck!)
By the way, I notice your last email was sent at 2:09pm, and I replied immediately it was received, so it's still taking an hour to receive! :roll:

According to my settings, I didn't post until 3.09.
This may be just the way you have got the time zone settings in your profile.
six-h wrote:I have my home page set to Gmail-my in box, and now, when I fire up IE7, it directs me to the log in page, with a warning saying "this site contains both secure and nonsecure items", clicking "allow" and logging in, then saving the current page as my home page is OK until I shut down and re-open IE, when it goes through the same proceedure again.

It sounds as if IE is not saving cookies.
If there is no login cookie, it will take you to the login page
six-h wrote:That's why I can't understand MBS re-apearing.
Is it possible that they are aware that I've attempted to remove their digital dog mess, and actively sought me out to plant it again??
Will I ever be free of it?

It's more likely that Spybot has updated the definitions, and found a few strays on your PC.
six-h wrote:I am in total awe of you guys, and wish that I had the wit to be able to do what you do. 8)

I am a joiner/carpenter by trade, I was able to learn how to do this so there is no reason why you can't :)
All it takes is time and a will to learn it. If you are interested click on this link
http://www.malwareremoval.com/forum/viewtopic.php?t=233
We are a friendly bunch and have a lot of laughs :lol:

Lets have a last look to make sure nothing is lurking.
TotalScan

Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby six-h » September 19th, 2007, 2:41 pm

All done katana,

Notice the time discrepancy is due to the forum clock being an hour behind! :)

It sounds as if IE is not saving cookies.

How do I make it save them?
I've looked in Tools>Options>Privacy>Advanced, and the settings there are: - Default, (Greyed out it says"Accept 1st. and 3rd.party cookies)
Do I change this? :?

It's more likely that Spybot has updated the definitions, and found a few strays on your PC


Hope so!
Does totalscan, or any of the others scan the System Restore files?
Just in case it's lurking there! :?:

I have a 320GB ext. disk on which I store Images generated by "Acronis True Image" rather than backing up.
If I sign up for the Free version of totalscan, could I scan this disk on it's own? :?:


I am a joiner/carpenter by trade, I was able to learn how to do this so there is no reason why you can't
All it takes is time and a will to learn it. If you are interested click on this link


I must say I'm tempted, but I fear my capabilities to absorb, and retain new skills are not what they were.
I feel that I might let someone down, or worse, trash their machine!!
As you can see from my questions, I'm not even confident that I'm in control of my own machine let alone someone elses! :!:

Here's the TotalScan report: -

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-09-19 18:58:52
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
eTrust EZ Antivirus 7 7.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
00096188 spyware/searchcentrix Spyware No 1 Yes No hkey_current_user\software\dynamic toolbar
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@com[1].txt
01133113 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{6BCF816E-5DD3-4D52-8959-4D2CE8D95DF3}\RP53\A0003877.exe
01206513 Generic Trojan Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1984919291-1825392768-3581218086-500\Dc4.ocx
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Hope that's OK

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby Katana » September 19th, 2007, 3:59 pm

six-h wrote:How do I make it save them?
I've looked in Tools>Options>Privacy>Advanced, and the settings there are: - Default, (Greyed out it says"Accept 1st. and 3rd.party cookies)
Do I change this?

You don't need to change that setting,
go to Tools>Options>Privacy
What level is the slide bar at ? Low medium or high
There may also be a setting or program that clears your cookies when you close IE.
Having said all that, I wouldn't advise keeping any login details in IE anyway, there are way too many nasties out there that target IE.
I would recommend that you use Firefox which has some nice security/password addons.
six-h wrote:I have a 320GB ext. disk on which I store Images generated by "Acronis True Image" rather than backing up.
If I sign up for the Free version of totalscan, could I scan this disk on it's own?

Yes :)
six-h wrote:I fear my capabilities to absorb, and retain new skills are not what they were.
I feel that I might let someone down, or worse, trash their machine!!

You learn at your own pace, there is no time limit or target
You would not be allowed to post to anyone until the teachers were confident that you were safe.

Now as for the TotalScan report, those few items need sorting.
Nothing particularly bad, but they are best gone :D
Did you choose "disinfect" at the end of the scan, or did you just save the report ?
It's not a problem either way, I just don't need to give you a load of waffle if you already deleted them :lol:
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby six-h » September 19th, 2007, 5:05 pm

Hi katana,

go to Tools>Options>Privacy
What level is the slide bar at ? Low medium or high
There may also be a setting or program that clears your cookies when you close IE


Privacy is set at medium, and the "empty Temp files when IE is closed" is not checked.
I think it is something to do with whatever is bringing up the warning window about secure/non-secure content, and I don't know what that is!

Yes, I understand that Firefox is more secure than IE, I intend to try it.
(It's taken me ages to get to like IE7!!) :roll:

I think I'll sign up for Totalscan, another tool to fight the bas***ds with! :D

I'm in danger of being persuaded to click the link,and at least explore the possibilities!! :o

I've still got the Totalscan page open, showing the results, what would you like me to do with it? ;)

I notice the report says: -
eTrust EZ Antivirus 7 7.0 No Yes

Don't know if that means anything to you!
The web page says: -
We detected that eTrust EZ Antivirus 7 is disabled.

A 90 day trial of Etrust was bundled with my PC 4 yrs ago when new.
It first tried to phone home on its first birthday, and ever since at regular intervals till it was eventually successful around mid April this year (when I first got online at home!!)
Ever since, it's downloaded the daily updates, and the vet engine has the current reference (Checked with their help desk in Denmark)
I've always been a bit suspicious that it was not effective, 'cos I've never had a peep out of it!
I think the time has come to chuck it out!
I've got an offer of Kasperskies internet security suite, six months trial, so maybe install that instead! :lol:
I also downloaded some time ago, AVG Antivirus, free edition, as the final frontier, for when the trial runs out!

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby Katana » September 19th, 2007, 6:05 pm

I've just tried the disinfect function, and it won't work unless you pay for the Pro version so you can close that page.
We will have to do it the old fashioned way :D

Regarding Etrust, it looks like the real time engine is not active.
If you are not going to pay for the subscription then I would remove it.
If you are willing to pay for an AV, then Kaspersky is very well regarded.
If you want to try a free one here are some links.
Free AV list
AVG Free
Avira AntiVir
Avast

Lets clean those leftovers :)

Backup the Registry
  • Download ERUNT to your desktop
  • Double-click on the file to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt
  • Accept the defaults for running a backup
  • Erunt will then backup your registry

Create A Registry Fix
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

[-HKEY_CURRENT_USER\software\dynamic toolbar]


Make sure there are NO lines before REGEDIT4 and ONE line at the end
Double click on Regfix.reg and click Yes at the prompt

Show All Files And Folders
Now you need to show all files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck Hide file extensions for known file types
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Delete Files and Folders
Find and delete the following Files
C:\Documents and Settings\Geoff Vost\Cookies\geoff_vost@com[1].txt <<< This File
Regfix.reg <<< This File (it should be on your desktop :) )


Empty the Recycle Bin (right click and select empty)
If you have more than one profile on the PC please do the same for each.

Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK



Also PLEASE read this article

So How Did I Get Infected In The First Place

If you can see a program in the must have section that you have never seen or used then get it!

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby six-h » September 19th, 2007, 6:45 pm

Katana,
I've got as far as turning off Sys Restore, but before shutting down, must advise that when installing ERUNT I missed the instruction to untick the option for it to install in the startup folder.
Should I find it and "shift/delete" it first?
six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby Katana » September 19th, 2007, 6:49 pm

It's not a problem, you can leave it if you want.
It is a good idea to back up the registry every so often anyway.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware