PDA

View Full Version : Spybot Never finishes checking + NSIS Media



undrline
2006-11-03, 10:01
SBS&D never finishes checking (doesn't freeze, just never finishes, stuck on one item) in the same place every time: "Running bot-check (49152/51751: Zlob.ZCodec)" or "Running bot-check (43157/51751: Zlob.ZCodec)"

Spybot S&D keeps showing NSIS Media Extension (actually the thing that prompted me to scan), and Smitfraud-C.Toolbar888. At other points it showed other things, but they have not been reappearing. I tried the advice it gives for Smitfraud in the SBS&D info panel. Also, I tried smitfraudfix I found linked in one of these forums. I Ran SBS&D rebooted, repeated over and over, eventually when I tried it once in safe mode, and it seems to have fixed Smitfraud.

Below, please find my HijackThis log.

Thank you for any assistance.





Logfile of HijackThis v1.99.1
Scan saved at 11:51:15 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\UndrLine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Evil
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -

C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} -

C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program

Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"

/server
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MWSnap] "C:\Program Files\MWSnap\MWSnap.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Rainlendar.lnk = C:\Program

Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32

\ScanWiz5\SDII.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: Download using Download &Express -

file://C:\WINDOWS\System32\MetaProducts\Add_Url.htm
O8 - Extra context menu item: Open Image in New Window -

res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646}

- http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -

http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -

http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -

C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician

Console) -

https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access

ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client

/muweb_site.cab?1140492510937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

- https://intercall-uhc.webex.com/client/v_mywebex-

t20sp24ep1/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer

Activex Control) - https://secure.logmein.com/activex/ractrl.cab?

lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F0282-33EF-418C-BBBB-

CC56D438B3C7}: Domain = Belkin
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner

- C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe

pskelley
2006-11-03, 16:31
Welcome to the forum, you appear to have a Smitfraud infection at least. We have issues that need to be corrected before we start, you may want to review this information as it appears you may have missed it:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

1) We need the logs not formated. In Notepad, click on Format and remove the check in front of "Word Wrap", the HJT log should be single spaced.

2) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

3) This log appears to be run in safe mode, please post all logs in normal mode, with everything enabled in MSConfig unless I request otherwise.

4) Turn off TeaTimer, it will block the changes we must make:
http://russelltexas.com/malware/teatimer.htm
I suggest you keep this computer offline as much as possible, this junk will attract more.

5) Thanks to S!Ri, and any others who helped with this fix.

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

Restart the computer and post the text file from Smitfraudfix and a new HJT log. I will respond with instructions as soon as possible after that.

Thanks

undrline
2006-11-03, 19:43
So, I've got my to-do list when I get home:

Delete all the stuff related to the thread above.
Re-download HJT to a safer place, and remove the old one.
Reboot into normal mode.
Run HJT and format.
Run SmitfraudFix as scan for log.
Come back here and post logs.

Anything else?

So you know, while I waited, I was following the steps in this thread:
http://forums.spybot.info/showthread.php?t=8087&highlight=nsis
So far, had added the registry entry (to take out registry keys), and had done the two batchfile scans.



RESPONSES


Welcome to the forum, you appear to have a Smitfraud infection at least.

5) Thanks to S!Ri, and any others who helped with this fix.

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Smitfraud is not coming up on my SBSD scans anymore (even though they don't finish), and I did run the smitfraudfix you mentioned prior to your posting - in normal mode, but I was connected to the network/internet, and cancelled the two disk-cleanup prompts that came up when I told it to clean.

NSIS is the one that comes up on the scans, and is the one that prompted my investigation.



We have issues that need to be corrected before we start, you may want to review this information as it appears you may have missed it:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288
I didn't miss it . . . I read it, and the other loooong FAQs, many with repeat info. I apologize if there were details I missed. Thank you for your aid.


1) We need the logs not formated. In Notepad, click on Format and remove the check in front of "Word Wrap", the HJT log should be single spaced.
Hmmm, I thought I did this. I'll have to fix. Is an attachment preferred to a copy/paste?


3) This log appears to be run in safe mode, please post all logs in normal mode, with everything enabled in MSConfig unless I request otherwise.
Shucks, I did that first, then changed it, because I thought I saw something that told me otherwise. I'll rerun.




Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
For reference, I use Avast.


Restart the computer and post the text file from Smitfraudfix and a new HJT log. I will respond with instructions as soon as possible after that.

Thanks

Thank you thank you thank you. I look forward to it.

pskelley
2006-11-03, 20:10
No,:) just please don't copy everything I post, it is a waste of space, you will have access to the same information at home, just complete the directions as I posted them.

Thanks

undrline
2006-11-05, 21:26
HJT log attached, Smitfraudfix log attached. Ran both in normal mode, the latter with the network cable disconnected.

Thank you.

pskelley
2006-11-05, 22:22
I am sorry, but I posted the link for you with the instructions:
http://forums.spybot.info/showthread.php?t=288


All logs should be copy/pasted into topic and not attached unless requested by helper in that format

Thank you for your understanding.

Thanks

undrline
2006-11-05, 23:00
Thank you for your continued help. Please let me know if these have to come out of the code tags:

HJT


Logfile of HijackThis v1.99.1
Scan saved at 11:09:52 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\HiThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Evil
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MWSnap] "C:\Program Files\MWSnap\MWSnap.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\System32\MetaProducts\Add_Url.htm
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140492510937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall-uhc.webex.com/client/v_mywebex-t20sp24ep1/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F0282-33EF-418C-BBBB-CC56D438B3C7}: Domain = Belkin
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe


SMITFRAUDFIX not quite sure if/how this should be single-spaced, I removed some blank lines


SmitFraudFix v2.118

Scan done at 11:21:34.93, Sun 11/05/2006
Run from C:\Documents and Settings\UndrLine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\undrline\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End

pskelley
2006-11-05, 23:15
What you are doing is making this harder for both of us than it needs to be:sad: I would appreciate it if you would read the instructions and follow them. If there is something in the instructions you do not understand, please say so and I will take the time to explain it further. If you do not know how to copy and paste, see this link. I do not open attachments from infected computers.

http://www.webmasternow.com/copyandpaste.html

pskelley
2006-11-05, 23:23
SMITFRAUDFIX not quite sure if/how this should be single-spaced, I removed some blank lines

Please run this again and do not alter the results in any way, simply copy and paste the results to this topic using "Post Reply" according to these instructions:

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Thanks

pskelley
2006-11-05, 23:38
Logfile of HijackThis v1.99.1 Scan saved at 11:09:52 AM, on 11/5/2006

I suggest you dso this:

1) Update your Java program, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date

(I see no malware in the HJT log, this cleaned is optional)

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) TeaTimer will block these changes, turn if off if you wish to do them:
http://russelltexas.com/malware/teatimer.htm make sure to turn your protection back on when you are finished.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Thanks

undrline
2006-11-06, 01:22
SmitFraudFix v2.118

Scan done at 14:07:14.39, Sun 11/05/2006
Run from C:\Documents and Settings\UndrLine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\undrline\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

pskelley
2006-11-06, 01:39
No evidence of any Smitfraud infection in that report.

Thanks

undrline
2006-11-06, 02:14
I've done the HJT fixes, emptied with ATF, and show no SmitFraud infection (and updated my JRE).

But, I'm still getting the NSIS popup, and showing "NSIS Media Extension" and Smitfraud (now, wasn't showing before), in SBS&D scans, and the scans still don't finish, still stalling on "Zlob.ZCodec" . . . what next?

pskelley
2006-11-06, 02:26
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

Thanks

pskelley
2006-11-06, 02:51
appears this one is tough to remove, have a look:
http://www.google.com/search?hl=en&lr=&q=remove+NSIS+Media+&btnG=Search

Let me see that uninstall list while you look over ways to get rid of this junk. Let me know of anything you try so I do not try it again, it will be morning EST before I look at this again.

I did see that Spybot is supposed to remove it, are you sure you have the newest version of Spybot with the latest updates?

LonnyRJones
2006-11-06, 02:54
Create and run this batch for PSkelly please

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.


@echo off
Echo.
Echo searching please wait....
(
findstr /L /I /M /C:"*" "%CommonProgramFiles%\NSIS\*.*"
findstr /L /I /M /C:"cydoor_shell_project" %windir%\system32\*.dll
if exist %windir%\system32\msidext.dll echo %windir%\system32\msidext.dll
dir /b /s "%programfiles%\nsis.jar"
)>>logit.txt 2>nul
start notepad logit.txt

Run check.bat and post back with the text that will open.

undrline
2006-11-06, 03:00
I'm making the assumption that you mean SBS&D. I don't have those options, exactly. In Advanced Mode, I have Tools>Uninstall Info, so I'm guessing that's what you mean. I have it set to update on open, and it updated today, even with Beta items. I will post the log in a separate post, because it's giving me "too long" error messages on the Bulletin Board.

The most recent, and the most dubious (each are cracked versions), are the following:

Advanced Office Password Recovery
Advanced VBA Password Recovery
VBA Password Recovery

pskelley
2006-11-06, 03:05
Please follow the instructions from LonnyRJones.



I would like to look at that uninstall list when you finish with those instructions, see this:

http://www.bleepingcomputer.com/tutorials/tutorial42.html#uniman
How to use the Uninstall Manager

undrline
2006-11-06, 03:06
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2006-11-02 TeaTimer.exe (1.4.0.2)
2005-06-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-03 Includes\Beta.sbi
2005-02-16 Includes\Beta.uti
2006-11-03 Includes\Cookies.sbi
2006-10-13 Includes\Dialer.sbi
2006-11-03 Includes\DialerC.sbi
2006-11-03 Includes\Hijackers.sbi
2006-11-03 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2006-11-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2006-10-13 Includes\Malware.sbi
2006-11-03 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi
2006-11-03 Includes\PUPSC.sbi
2006-11-03 Includes\Revision.sbi
2006-10-13 Includes\Security.sbi
2006-11-03 Includes\SecurityC.sbi
2006-10-13 Includes\Spybots.sbi
2006-11-03 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-11-03 Includes\Trojans.sbi
2006-11-03 Includes\TrojansC.sbi

ABBYY FineReader 4.0 Sprint (ABBYY FineReader 4.0 Sprint)
uninstall cmd: C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini

WebEx (ActiveTouchMeetingClient)
uninstall cmd: C:\WINDOWS\DOWNLO~1\atcliun.exe

Ad-Aware SE Personal (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: D:\Acrobat 5\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe InDesign CS2 Trial 004.000.000 (Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC})
version: 4
version (major): 4
install location: C:\Program Files\Adobe\Adobe InDesign CS2 Trial\
uninstall cmd: msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
publisher: Adobe Systems Incorporated
comments: Adobe InDesign CS2 Installer
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html?c=us
help telephone: 1-800-833-6687

Adobe PageMaker 7.0 7.0.1 (Adobe PageMaker 7.0)
version (major): 1
install location: C:\Program Files\Adobe\PageMaker 7.0 Tryout
install source: C:\Documents and Settings\UndrLine\Local Settings\Temp\pft3.tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\system32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.

Advanced IM Password Recovery (remove only) (Advanced IM Password Recovery)
uninstall cmd: C:\Program Files\ElcomSoft\AIMPR\uninstall.exe

Advanced Office Password Recovery (remove only) (Advanced Office Password Recovery)
uninstall cmd: C:\Program Files\ElcomSoft\AOPR\uninstall.exe

Advanced VBA Password Recovery (remove only) (Advanced VBA Password Recovery)
uninstall cmd: C:\Program Files\ElcomSoft\AVPR\uninstall.exe

Microsoft Age of Empires (Age of Empires)
uninstall cmd: C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall

AltoMP3 CD Ripper 4.0 (AltoMP3 CD Ripper_is1)
install location: C:\Program Files\AltoMP3 CD Ripper v4\
uninstall cmd: "C:\Program Files\AltoMP3 CD Ripper v4\unins000.exe"
publisher: Thomas Yuan
help link: http://www.yuansoft.com

Arachnophilia 5.2 (Arachnophilia 5.2_is1)
uninstall cmd: "C:\Program Files\Arachnophilia5\unins000.exe"

Arachnophilia version 4.0 (Arachnophilia version 4.0_is1)
uninstall cmd: "C:\Program Files\Arachnophilia\unins000.exe"

(Automap 9.0)

(AvantGo Client)

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\Avast4
install source: C:\PROGRA~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

(Branding)

CD/Spectrum Pro CDSPro v2002.0618 (CDSpectrum Pro)
uninstall cmd: C:\WINDOWS\DelCDSP.exe
publisher: Synthesoft Corporation
comments: Neither Bytech nor NorthStar can provide support. For support, please see our web site at: http://www.synthesoft.com/techsupport.htm
help link: http://www.synthesoft.com/techsupport.htm
help telephone: Email/Web Support Only

Conexant HSF V92 56K Data Fax PCI Modem (CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0

(Connection Manager)

ConquerCam 2.6 (ConquerCam_is1)
uninstall cmd: "C:\Program Files\ConquerCam\unins000.exe"
publisher: Peter Theill
help link: http://www.conquercam.com/faq.asp

(DirectAnimation)

(DirectDrawEx)

DOSShell 1.4 1.4 (DOSShell)
uninstall cmd: C:\Program Files\DOSShell\uninst.exe
publisher: Loonies Software

MetaProducts Download Express (DownloadExpress)
uninstall cmd: C:\WINDOWS\System32\MetaProducts\dep.exe /UnInstall

(DXM_Runtime)

Egg (Egg)
uninstall cmd: "C:\Program Files\Egg\uninstall.exe"

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

EndItAll 2.0 2.0 (EndItAll_is1)
uninstall cmd: "C:\Program Files\EndItAll\unins000.exe"
publisher: Ziff Davis Media, Inc.
help link: http://discuss.pcmag.com/pcmag/messages

FileAlyzer 1.2 1.2 (FileAlyzer_is1)
install location: C:\Program Files\FileAlyzer\
uninstall cmd: "C:\Program Files\FileAlyzer\unins000.exe"
publisher: PepiMK Software

FileSpecs plug-in for Ad-Aware SE (FileSpecs plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\FILESP~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

FileZilla (remove only) (FileZilla)
uninstall cmd: "C:\Program Files\FileZilla\uninstall.exe"

Font Creator 5.0 5.0 (Font Creator_is1)
install location: C:\Program Files\Font Creator\
uninstall cmd: "C:\Program Files\Font Creator\unins000.exe"
publisher: High-Logic

(Fontcore)

Handmark Solitaire (Handmark Solitaire)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Solitaire\uninstal.log

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\UndrLine\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

The Hypnogenic Screen Saver Hypno v2002.0618 (Hypno)
uninstall cmd: C:\Program Files\Hypno\UnInstall.EXE
publisher: Synthesoft, Inc.
contact: Synthesoft Support
help link: http://www.synthesoft.com/techsupport.htm
help telephone: E-Mail support only
readme: http://www.synthesoft.com/

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Canon Utilities PhotoStitch 3.1 3.1.9 (InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597})
version: 50397193
version (major): 3
version (minor): 1
estimated size: 1384
install date: 20040304
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051113
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\_isDAD\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32022
install date: 20051113
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Canon Utilities RemoteCapture 2.7 2.7.0 (InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0})
version: 34013184
version (major): 2
version (minor): 7
estimated size: 10613
install date: 20040304
install source: D:\SOFTWARE\REMCAP\ENGLISH\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Jasc Paint Shop Pro 9.01 - (9.0.1.1) (Jasc Paint Shop Pro 9.01 - (9.0.1.1))
uninstall cmd: C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~3\INSTALL.LOG

Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

jv16 PowerTools 1.3 (jv16 PowerTools_is1)
uninstall cmd: "C:\Program Files\jv16 PowerTools\unins000.exe"

Windows Blaster Worm Removal Tool (KB833330) (KB833330)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833330

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB887797 20041018.133824 (KB887797)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887797

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050708
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows Media Format SDK Hotfix - KB891122 (KB891122)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix for Windows XP (KB896344) 2 (KB896344)
install date: 20050708
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

undrline
2006-11-06, 03:10
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060430
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Update for Windows XP (KB900930) 1 (KB900930)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900930

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 9 (KB911565) (KB911565)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060108
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060512
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061001
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

The Kinemorphic 3D Screen Saver Kine v2002.0618 (Kine)
uninstall cmd: C:\Program Files\Kine\UnInstall.EXE
publisher: Synthesoft, Inc.
contact: Synthesoft Support
help link: http://www.synthesoft.com/techsupport.htm
help telephone: E-Mail support only
readme: http://www.synthesoft.com/

Kinoma Producer for Palm, Inc. (Kinoma Producer for Palm, Inc.)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Kinoma\uninstal.log

LSP Explorer plug-in for Ad-Aware SE (LSP Explorer plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\LSPEXP~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

MediaMonkey 2.4 2.4 (MediaMonkey_is1)
install location: C:\Program Files\MediaMonkey\
uninstall cmd: "C:\Program Files\MediaMonkey\unins000.exe"
publisher: Ventis Media Inc.
help link: http://www.mediamonkey.com

Messenger Control Plugin for Ad-aware 1.31 (Messenger Control Plugin for Ad-aware)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
publisher: Lavasoft Sweden
comments: FileSpecs Plug in for Ad-aware 6 Professional

Messenger-Control plug-in for Ad-Aware SE (Messenger-Control plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\MESSEN~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(Microsoft NetShow Player 2.0)

Microtek ScanWizard 5 (Microtek ScanWizard 5)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Twain_32\ScanWiz5\Uninst.isu

(MobileOptionPack)

MobiMate WorldMate for Palm (MobiMate WorldMate for Palm)
uninstall cmd: C:\PROGRA~1\MobiMate\WORLDM~1\UNWISE.EXE C:\PROGRA~1\MobiMate\WORLDM~1\INSTALL.LOG
publisher: MobiMate
contact: support@mobimate.com

Mozilla Firefox (1.5.0.7) 1.5.0.7 (en-US) (Mozilla Firefox (1.5.0.7))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.7 (en-US)"
publisher: Mozilla

Mozilla Thunderbird (1.5) 1.5 (en-US) (Mozilla Thunderbird (1.5))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-US)"
publisher: Mozilla

(MPlayer2)

MPlifier (MPlifier)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\MPlifier\DeIsL1.isu" -c"C:\Program Files\MPlifier\_ISREG32.DLL"

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

MWSnap 3 3.0.0.74 (MWSnap 3)
uninstall cmd: "C:\Program Files\MWSnap\uninstall.exe"
publisher: Mirek Wojtowicz

(NetMeeting)

NSIS Media Extension 5.6.1 (NSISMedia)
uninstall cmd: C:\Program Files\Common Files\NSIS\uninst.exe

undrline
2006-11-06, 03:11
OE/W Messengerctrl plug-in for Ad-Aware SE (OE/W Messengerctrl plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\OEMESS~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\OEMESS~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(OutlookExpress)

Palm Desktop Themes 2.0 2.0 (Palm Desktop Themes_is1)
uninstall cmd: "C:\Program Files\Palm\Pdt\unins000.exe"
publisher: m5studio
help link: http://m5studio.prv.pl/pdte.html

Palm-DB-Tools 0.3.6 (Palm-DB-Tools_is1)
uninstall cmd: "C:\Program Files\Pilot-DB\pdbtools\unins000.exe"
publisher: Pilot DB Team
help link: http://pilot-db.sourceforge.net

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Pilot-DB 1.1.3 (Pilot-DB_is1)
install location: C:\Program Files\Pilot-DB\
uninstall cmd: "C:\Program Files\Pilot-DB\unins000.exe"
publisher: Pilot-DB
help link: mailto:pilot-db-list.sourceforge.net

Pocket Tunes 3.1.1 (Pocket Tunes)
uninstall cmd: C:\Program Files\Pocket Tunes\PocketTunesSetup.exe /u

PopUpCop 2.5.0.65 (PopUpCop)
uninstall cmd: C:\PROGRA~1\PopUpCop\UNWISE.EXE /U C:\PROGRA~1\PopUpCop\INSTALL.LOG
publisher: EdenSoft
help link: http://www.PopUpCop.com/help.html

Post-it® Software Notes Lite (PSN)
uninstall cmd: "C:\Program Files\Post-It Notes Lite\Uninstall.exe" -Prog"C:\Program Files\Post-It Notes Lite\PsnLite.exe" -INI"C:\Program Files\Post-It Notes Lite\uninst.ini"

The Psychedelic Screen Saver Psych v2002.0618 (Psych)
uninstall cmd: C:\Program Files\Psych\UnInstall.EXE
publisher: Synthesoft, Inc.
contact: Synthesoft Support
help link: http://www.synthesoft.com/techsupport.htm
help telephone: E-Mail support only
readme: http://www.synthesoft.com/

quickSkin (quickSkin)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\quickSkin\DeIsL1.isu" -c"C:\Program Files\quickSkin\_ISREG32.DLL"

Rainlendar (remove only) (Rainlendar)
uninstall cmd: "C:\Program Files\Rainlendar\uninst.exe"

Real Alternative 1.48 1.48 (RealAlt_is1)
install location: C:\Program Files\Real Alternative\
uninstall cmd: "C:\Program Files\Real Alternative\unins000.exe"

(SchedulingAgent)

VanDyke Software SecureFX 2.0 (SecureFX)
uninstall cmd: C:\PROGRA~1\SecureFX\UNINSTAL.EXE C:\PROGRA~1\SecureFX\INSTALL.LOG

Send To Toys v2.21 (Send To Toys_is1)
uninstall cmd: "C:\Program Files\Send To Toys\unins000.exe"
publisher: Gabriele Ponti
help link: http://www.gabrieleponti.com/software

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

ComcastSUPPORT (Support.com)
uninstall cmd: "C:\Program Files\support.com\bin\tgfix.exe" /rm /nq

ThumbsPlus version 3.30-S (ThumbsPlus 3.30)
uninstall cmd: C:\PROGRA~1\Thumbs32\UNWISE.EXE C:\PROGRA~1\Thumbs32\INSTALL.LOG

Trillian (Trillian)
uninstall cmd: C:\Program Files\Trillian\trillian.exe /uninstall

Lernout & Hauspie TruVoice for Microsoft Agent (TruVoice)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cgminst.inf, RemoveCgram

VBA Password Recovery (VBA Password Recovery)
uninstall cmd: C:\PROGRA~1\VBAPAS~1\UNWISE.EXE C:\PROGRA~1\VBAPAS~1\INSTALL.LOG

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VX2 Cleaner plug-in for Ad-Aware SE (VX2 Cleaner plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Windows Genuine Advantage Validation Tool (WGA)
install date: 20060320
publisher: Microsoft Corporation
help link: http://www.microsoft.com/genuine

Windows Genuine Advantage Notifications (KB905474) 1.5.0532.0 (WgaNotify)
install date: 20060507
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Connect (Windows Media Connect)
uninstall cmd: msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip Self-Extractor (WinZip Self-Extractor)
uninstall cmd: "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall

Microsoft Works 2002 Setup Launcher (Works2002Setup)
uninstall cmd: C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
help link: http://support.microsoft.com/support/works

Microsoft Office 2000 SR-1 Premium 9.00.9327 ({00000409-78E1-11D2-B60F-006097C998E7})
version: 151004271
version (major): 9
estimated size: 261276
install date: 20040326
install source: D:\
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ofread9.txt

Google Gmail Notifier ({0228e555-4f9c-4e35-a3ec-b109a192b4c2})
uninstall cmd: "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
publisher: Google Inc.
help link: http://mail.google.com/support

PhotoStitch 3.1.9 ({03CDDD00-BD57-4326-9480-4C74449AF597})
version: 50397193
version (major): 3
version (minor): 1
estimated size: 1384
install date: 20040304
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Macromedia Dreamweaver MX 2004 7.0.1 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
version (major): 7
install location: C:\Program Files\Macromedia\Dreamweaver MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/dreamweaver_support/

Brother MFL Pro Suite ({0C3FCE48-6984-11D5-90F8-00E029591716})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C3FCE48-6984-11D5-90F8-00E029591716}\Setup.exe" bruninst.dll

Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
version: 16777216
version (major): 1
estimated size: 1040
install date: 20040222
install source: C:\dell\Drivers\6H418\
uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
publisher: Dell
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com

Microsoft Streets and Trips 2002 9.00.17.0200 ({12BDDF23-B1DB-49C8-92D3-3E6841CCED61})
version: 150994961
version (major): 9
estimated size: 853518
install date: 20040222
install location: C:\Program Files\Microsoft Streets & Trips\
install source: D:\MSMap\
uninstall cmd: MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
publisher: Microsoft
help link: http://www.Microsoft.com/support

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Macromedia Flash MX 2004 7 ({2F353D44-73BB-4971-B31D-F7642E9E9531})
install location: C:\Program Files\Macromedia\Flash MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/flash_support

J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 130261
install date: 20061105
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_09-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_09\README.txt

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20040222
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

SmartList To Go 3.00.3352 ({36FBFDA5-E422-4C01-BA7C-C067E8ACFD90})
version: 50335000
version (major): 3
estimated size: 53409
install date: 20051219
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\_is82E\
uninstall cmd: MsiExec.exe /X{36FBFDA5-E422-4C01-BA7C-C067E8ACFD90}
publisher: DataViz, Inc.
contact: Customer Support Department
help link: http://www.dataviz.com
help telephone: (203) 874-0085

QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051113
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\_isDAD\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

QuickCam 5.4.1 ({43A9F944-0398-425E-9E22-201F65FE0CCA})
version: 84148225
version (major): 5
version (minor): 4
estimated size: 111582
install date: 20040327
install source: D:\quickcam\
uninstall cmd: MsiExec.exe /I{43A9F944-0398-425E-9E22-201F65FE0CCA}
publisher: Logitech, Inc.
comments: 9am to 4pm Monday to Friday (Pacific Time Zone)
contact: Logitech Customer Support
help link: http://support.logitech.com
help telephone: USA: (702) 269-3457 UK: +44 (0) 1344-894301

Documents To Go 5.003 ({4E7E8E6A-15F1-4E26-9352-26AD235131E9})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 23217
install date: 20050625
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\pftC21~tmp\
uninstall cmd: MsiExec.exe /I{4E7E8E6A-15F1-4E26-9352-26AD235131E9}
publisher: DataViz Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://support.dataviz.com
help telephone: 1-203-874-0085

Eudora 6.2 ({50079018-2E51-4649-B7B7-24EAFEEC7468})
version: 100794368
install location: C:\Program Files\Eudora
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50079018-2E51-4649-B7B7-24EAFEEC7468}\setup.exe" -l0x9

MSSoap 2003.2.1.0 ({54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF})
version (major): 2003
version (minor): 2
estimated size: 339
install date: 20040325
install source: D:\Windows\MSSoap\
publisher: EarthLink, Inc.
comments: http://www.earthlink.net/software
contact: Customer Support Department
help link: http://support.earthlink.net
help telephone: 1-800-EARTHLINK

Easy CD Creator 5 Basic 5.0.0.0000 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
version: 83886080
version (major): 5
estimated size: 22524
install date: 20040222
install source: D:\
uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
publisher: Roxio Inc
help link: http://www.roxio.com/en/support
help telephone:

({62369F2F77534556AEF4C58152E3BDE5})

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051211
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080

Eudora 7.0 ({664C8483-850F-4F9D-ABD5-6E73AA6B001C})
version: 117440512
install location: C:\Program Files\Qualcomm\Eudora
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll<UNINSTALL_CMD> -l0x9

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20061018
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

OpenOffice.org 2.0 2.0.8968 ({76BB7B2D-748F-4AE9-89C3-78C051833EA1})
version: 33563400
version (major): 2
estimated size: 207245
install date: 20051121
install source: C:\WINDOWS\Temp\ooo\
uninstall cmd: MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
publisher: OpenOffice.org
comments: OpenOffice.org 2.0 (en-US) (OOO680m3(Build:8968))
contact: Department for technical support
help link: http://www.openoffice.org
help telephone: x-xxx-xxx-xxx

Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20050629
install location: C:\Program Files\Adobe\Adobe Stock Photos\
install source: C:\Documents and Settings\UndrLine\My Documents\Installs\Scrap Heap\InDesign\InDesign CS2 Tryout\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

DivX 6.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

Adobe InDesign CS2 Trial 004.000.000 ({7F4C8163-F259-49A0-A018-2857A90578BC})
version: 67108864
version (major): 4
estimated size: 571658
install date: 20050629
install location: C:\Program Files\Adobe\Adobe InDesign CS2 Trial\
install source: C:\Documents and Settings\UndrLine\My Documents\Installs\Scrap Heap\InDesign\InDesign CS2 Tryout\
publisher: Adobe Systems Incorporated
comments: Adobe InDesign CS2 Installer
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html?c=us
help telephone: 1-800-833-6687

Adobe Illustrator CS Tryout 11 ({85CC6638-C827-40E8-94C7-110A77E7812B})
version: 184549376
version (major): 11
install location: C:\Program Files\Adobe\Illustrator CS Tryout
install source: "C:\DOCUME~1\UndrLine\LOCALS~1\Temp\Rar$EX00.078\Adobe Illustrator CS Tryout"
uninstall cmd: RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{85CC6638-C827-40E8-94C7-110A77E7812B}\setup.exe"
publisher: Adobe Systems, Inc.

iTunes 6.0.1.3 ({872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32022
install date: 20051113
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

MacromediaDreamweaver MX 6.1 ({8B4AB829-DFD3-436D-B808-D9733D76C590})
version (major): 6
version (minor): 1
install location: C:\Program Files\Macromedia\Dreamweaver MX
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: file://C:\Program Files\Macromedia\Dreamweaver MX\Help\dwusing.chm

Adobe Common File Installer 1.00.001 ({8EDBA74D-0686-4C99-BFDD-F894678E5101})
version: 16777217
version (major): 1
estimated size: 136553
install date: 20050629
install location: C:\Program Files\Common Files\Adobe\
install source: C:\Documents and Settings\UndrLine\My Documents\Installs\Scrap Heap\InDesign\InDesign CS2 Tryout\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505

Microsoft Office 2003 Resource Kit 11.0.5614.0 ({90240409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
estimated size: 23823
install date: 20040429
install location: C:\Program Files\Microsoft Office\Converter Tools\
install source: C:\MSOCache\All Users\90240409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

undrline
2006-11-06, 03:11
Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
version: 16777216
version (major): 1
estimated size: 384
install date: 20040222
install source: C:\dell\Drivers\0P474\
publisher: Dell
contact: http://www.support.dell.com
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com

Intel Application Accelerator ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST

Microsoft Works 6.0 06.00.0000 ({A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704})
version: 100663296
version (major): 6
estimated size: 86356
install date: 20040222
install location: INSTALLDIR
install source: D:\msworks\
uninstall cmd: MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
publisher: Microsoft Corporation
comments: Microsoft Works 6.0 installation.
help link: http://support.microsoft.com/support/works

Macromedia Extension Manager 1.5 ({A5BA14E0-7384-11D4-BAE7-00409631A2C8})
version (major): 1
version (minor): 5
install location: C:\Program Files\Macromedia\Extension Manager
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedia.com/go/exchange/

Alt-Tab Task Switcher Powertoy for Windows XP 1.00.0001 ({A7050037-F0EA-4BAB-BCD5-FC05507D6147})
version: 16777217
version (major): 1
estimated size: 61
install date: 20040225
install source: C:\WINDOWS\Downloaded Installations\
uninstall cmd: MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
publisher: Microsoft Corporation
comments: Alt-Tab Task Switcher Powertoy for XP
contact: Microsoft Corporation
help link: http://www.microsoft.com/directory
help telephone: (800) 426-9400
readme: http://www.microsoft.com/windowsxp

AvantGo Client 5.7 ({A90DCEC1-22DE-11D4-B8A9-0050DAB648C6})
version: 84344832
install location: C:\Program Files\AvantGo
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP

Zillions of Games Demo 2.00.0001 ({ABCA0C33-0F35-497D-9D66-09E524051115})
version: 33554433
version (major): 2
estimated size: 38197
install date: 20050818
install source: C:\WINDOWS\Downloaded Installations\{D0952ECA-6C2D-4A02-83C5-4E0BDA282EC9}\
uninstall cmd: MsiExec.exe /X{ABCA0C33-0F35-497D-9D66-09E524051115}
publisher: Zillions Development
comments: The universal board game program
contact: Customer Support
help link: support@zillions-of-games.com
help telephone: support@zillions-of-games.com

Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440519
version (major): 7
estimated size: 65210
install date: 20060214
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

({B13A7C41581B411290FBC0395694E2A9})

Microsoft XML Parser 8.20.8730.4 ({B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE})
version: 135537178
version (major): 8
version (minor): 20
install date: 20040325
install source: D:\Windows\MSXML\
publisher: Microsoft Corporation

Adobe Bridge 1.0 001.000.001 ({B74D4E10-6884-0000-0000-000000000101})
version: 16777217
version (major): 1
estimated size: 82601
install date: 20050629
install location: C:\Program Files\Adobe\Adobe Bridge\
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Works Synchronization 1.0.0.0000 ({BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387})
version: 16777216
version (major): 1
estimated size: 2067
install date: 20040222
install source: D:\WksSync\
publisher: Your Company Name
help link: http://www.microsoft.com
help telephone: 555-555-1234

RemoteCapture 2.7.0 2.7.0 ({BEB03A1A-1EB6-48EB-9985-8B97315EE5C0})
version: 34013184
version (major): 2
version (minor): 7
estimated size: 10613
install date: 20040304
install source: D:\SOFTWARE\REMCAP\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Tweakui Powertoy for Windows XP 1.00.0001 ({C7793EE8-F666-4E6B-9827-76468679480E})
version: 16777217
version (major): 1
estimated size: 192
install date: 20040229
install source: C:\WINDOWS\Downloaded Installations\
uninstall cmd: MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
publisher: Microsoft Corporation
comments: Tweakui Powertoy for XP
contact: Microsoft Corporation
help link: http://www.microsoft.com/directory
help telephone: (800) 426-9400
readme: http://www.microsoft.com/windowsxp

LogMeIn 2.20.475 ({C9B61157-822F-4020-BD5F-6C9A9A890252})
version: 34865627
version (major): 2
version (minor): 20
estimated size: 9261
install date: 20050617
install source: C:\WINDOWS\Java\
uninstall cmd: MsiExec.exe /I{C9B61157-822F-4020-BD5F-6C9A9A890252}
publisher: 3am Labs, Inc.
help telephone: +1-866-600-7205

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 61699
install date: 20050212
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft Money 2002 System Pack 10.0.80 ({CF5193F7-6B37-11D5-B7D2-00AA00A204F1})
version: 167772240
version (major): 10
estimated size: 6137
install date: 20040302
install source: D:\money\
uninstall cmd: MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
publisher: Microsoft
comments: Installs system components used by Microsoft Money 2002.
help link: http://support.microsoft.com
help telephone: (800) 936-5700

Dell ResourceCD ({D78653C3-A8FF-415F-92E6-D774E634FF2D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"

Works Suite OS Pack 1.0.0.0000 ({DC19E750-988B-4005-A355-85EF66055EFE})
version: 16777216
version (major): 1
install date: 20040222
install source: D:\ospack\
publisher: Microsoft Corporation
help link: http://www.microsoft.com
help telephone:

Classic PhoneTools 4.19 ({E3436EE2-D5CB-4249-840B-3A0140CC34C3})
version (major): 4
version (minor): 19
install location: C:\Program Files\Classic PhoneTools
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\Setup.exe" -l0x9 ControlPanel
publisher: BVRP Software
help link: http://www.bvrp.com

Microsoft Money 2002 10.0.50 ({E7298FD5-1386-11D5-8D6C-0050DAD32D95})
version: 167772210
version (major): 10
estimated size: 69206
install date: 20040302
install location: INSTALLDIR
install source: D:\money\
uninstall cmd: MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money 2002
help link: http://support.microsoft.com
help telephone: (800) 936-5700

({E7E518B2-B174-11D3-9D4E-0060B0A4823E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"

Palm Desktop 4.1.0410 ({E89D78B8-28F7-412F-8B26-C684739CBBDC})
version: 67174810
version (major): 4
version (minor): 1
estimated size: 38975
install date: 20050816
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\_is46D\
uninstall cmd: MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
publisher: Palm, Inc.
comments: For troubleshooting help try the Palm Knowledge Finder at www.palm.com/support.
contact: Palm Customer Support
help link: http://www.palm.com/support
help telephone: None
readme: Readme_eng.txt

Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20050629
install location: C:\Program Files\Adobe\Adobe Help Center\
install source: C:\Documents and Settings\UndrLine\My Documents\Installs\Scrap Heap\InDesign\InDesign CS2 Tryout\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

Microsoft Tool Web Package:WntIpcfg.exe 1.0.0.1 ({EA82FF50-E258-4DFE-839B-8F26A01A34A7})
version: 16777216
version (major): 1
estimated size: 120
install date: 20040505
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
publisher: Microsoft Corporation

Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Photoshop CS
install source: C:\Documents and Settings\UndrLine\My Documents\Installs\Scrap Heap\Photoshop\Setup\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.

SoundMAX ({F0A37341-D692-11D4-A984-009027EC0A9C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"

Windows Media Connect 1.0.0.0 ({F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B})
version: 16777216
version (major): 1
estimated size: 8710
install date: 20041126
install source: C:\WINDOWS\Installer\
uninstall cmd: MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=9647

Jasc Paint Shop Pro 9 9.01.0000 ({F843C6A3-224D-4615-94F8-3C461BD9AEA0})
version: 151060480
version (major): 9
version (minor): 1
estimated size: 202375
install date: 20050411
install source: C:\Program Files\Jasc Software Inc\Setup Files\English PaintShopPro901 Jasc TRYANDBUY ESD\
uninstall cmd: MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
publisher: Jasc Software Inc
comments: Jasc Software Inc Paint Shop Pro 9
contact: Customer Support Department
help link: http://www.jasc.com
help telephone: (952) 930-9171

EarthLink MDAC 2004.0.129.0 ({F91E1833-2D7C-4725-B98A-C779FEC41946})
version (major): 2004
estimated size: 438
install date: 20040325
install source: D:\Windows\access\
publisher: EarthLink, Inc.
comments: None
contact: Customer Support Department
help link: http://support.earthlink.net
help telephone: 1-800-EARTHLINK

HighMAT Extension to Microsoft Windows XP CD Writing Wizard 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F})
version: 16844657
version (major): 1
version (minor): 1
estimated size: 2202
install date: 20040225
install location: C:\Program Files\HighMAT CD Writing Wizard\
install source: C:\WINDOWS\Downloaded Installations\{BCF8415B-BA21-49D8-B833-BA9A86EE1BF2}\
uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
publisher: Microsoft Corporation
readme: C:\Program Files\HighMAT CD Writing Wizard\1033\\HighMAT_readme.htm

pskelley
2006-11-06, 03:15
Please return to Post #16 and follow the directions posted by LonnyRJones.

undrline
2006-11-06, 03:32
Results from logit.txt . . .

C:\WINDOWS\system32\nmmvti.dll



And, stupidly, it never occurred to me that malware would install itself as legitimate software with an uninstall. I "uninstalled" NSIS from add/remove . . . but I don't know that it actually was removed from my system. I don't see anymore popups right now. They were happening every time I started a browser session. :red:

Thanks for getting me at least this far. :wub:

pskelley
2006-11-06, 14:59
Thanks for that information. Lonny would like a look at that file if possible.
C:\WINDOWS\system32\nmmvti.dll

The instructions for uploading it are at the top of the page here:
http://www.thespykiller.co.uk/forum/index.php?board=1.0

Then follow these instructions:
How to use the Delete on Reboot tool http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\system32\nmmvti.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

Run check bat again in about a week and let us know if you have any problems.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

I will ask tashi:) to leave this topic open until you post back in a week.

Thanks

undrline
2006-11-06, 19:15
I sent to TheSpyKiller. I'm assuming this is just an investigation and tracking to help improve SpyBot and others, and they are not going to assist with my particular issue. But, if not, I wanted to give you the link to post:

http://www.thespykiller.co.uk/forum/index.php?topic=2971.0

LonnyRJones
2006-11-14, 02:51
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).