Spybot Never finishes checking + NSIS Media

undrline · Nov 3, 2006

SBS&D never finishes checking (doesn't freeze, just never finishes, stuck on one item) in the same place every time: "Running bot-check (49152/51751: Zlob.ZCodec)" or "Running bot-check (43157/51751: Zlob.ZCodec)"

Spybot S&D keeps showing NSIS Media Extension (actually the thing that prompted me to scan), and Smitfraud-C.Toolbar888. At other points it showed other things, but they have not been reappearing. I tried the advice it gives for Smitfraud in the SBS&D info panel. Also, I tried smitfraudfix I found linked in one of these forums. I Ran SBS&D rebooted, repeated over and over, eventually when I tried it once in safe mode, and it seems to have fixed Smitfraud.

Below, please find my HijackThis log.

Thank you for any assistance.

Logfile of HijackThis v1.99.1
Scan saved at 11:51:15 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\UndrLine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Evil
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -

C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} -

C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program

Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"

/server
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MWSnap] "C:\Program Files\MWSnap\MWSnap.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Rainlendar.lnk = C:\Program

Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32

\ScanWiz5\SDII.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: Download using Download &Express -

file://C:\WINDOWS\System32\MetaProducts\Add_Url.htm
O8 - Extra context menu item: Open Image in New Window -

res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646}

- http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -

http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -

http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -

C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician

Console) -

https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access

ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client

/muweb_site.cab?1140492510937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

- https://intercall-uhc.webex.com/client/v_mywebex-

t20sp24ep1/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer

Activex Control) - https://secure.logmein.com/activex/ractrl.cab?

lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F0282-33EF-418C-BBBB-

CC56D438B3C7}: Domain = Belkin
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner

- C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe

pskelley · Nov 3, 2006

Welcome to the forum, you appear to have a Smitfraud infection at least. We have issues that need to be corrected before we start, you may want to review this information as it appears you may have missed it:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

1) We need the logs not formated. In Notepad, click on Format and remove the check in front of "Word Wrap", the HJT log should be single spaced.

2) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

3) This log appears to be run in safe mode, please post all logs in normal mode, with everything enabled in MSConfig unless I request otherwise.

4) Turn off TeaTimer, it will block the changes we must make:
http://russelltexas.com/malware/teatimer.htm
I suggest you keep this computer offline as much as possible, this junk will attract more.

5) Thanks to S!Ri, and any others who helped with this fix.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Restart the computer and post the text file from Smitfraudfix and a new HJT log. I will respond with instructions as soon as possible after that.

Thanks

undrline · Nov 3, 2006

Thanks for answering, some notes, and then lets get started

So, I've got my to-do list when I get home:

Delete all the stuff related to the thread above.
Re-download HJT to a safer place, and remove the old one.
Reboot into normal mode.
Run HJT and format.
Run SmitfraudFix as scan for log.
Come back here and post logs.

Anything else?

So you know, while I waited, I was following the steps in this thread:
http://forums.spybot.info/showthread.php?t=8087&highlight=nsis
So far, had added the registry entry (to take out registry keys), and had done the two batchfile scans.

RESPONSES

pskelley said:
Welcome to the forum, you appear to have a Smitfraud infection at least.

pskelley said:
5) Thanks to S!Ri, and any others who helped with this fix.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Smitfraud is not coming up on my SBSD scans anymore (even though they don't finish), and I did run the smitfraudfix you mentioned prior to your posting - in normal mode, but I was connected to the network/internet, and cancelled the two disk-cleanup prompts that came up when I told it to clean.

NSIS is the one that comes up on the scans, and is the one that prompted my investigation.

pskelley said:
We have issues that need to be corrected before we start, you may want to review this information as it appears you may have missed it:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

I didn't miss it . . . I read it, and the other loooong FAQs, many with repeat info. I apologize if there were details I missed. Thank you for your aid.

pskelley said:
1) We need the logs not formated. In Notepad, click on Format and remove the check in front of "Word Wrap", the HJT log should be single spaced.

Hmmm, I thought I did this. I'll have to fix. Is an attachment preferred to a copy/paste?

pskelley said:
3) This log appears to be run in safe mode, please post all logs in normal mode, with everything enabled in MSConfig unless I request otherwise.

Shucks, I did that first, then changed it, because I thought I saw something that told me otherwise. I'll rerun.

pskelley said:
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

For reference, I use Avast.

pskelley said:
Restart the computer and post the text file from Smitfraudfix and a new HJT log. I will respond with instructions as soon as possible after that.

Thanks

Thank you thank you thank you. I look forward to it.

pskelley · Nov 3, 2006

No,

just please don't copy everything I post, it is a waste of space, you will have access to the same information at home, just complete the directions as I posted them.

Thanks

undrline · Nov 5, 2006

Logs

HJT log attached, Smitfraudfix log attached. Ran both in normal mode, the latter with the network cable disconnected.

Thank you.

pskelley · Nov 5, 2006

I am sorry, but I posted the link for you with the instructions:
http://forums.spybot.info/showthread.php?t=288

All logs should be copy/pasted into topic and not attached unless requested by helper in that format

Thank you for your understanding.

Thanks

undrline · Nov 5, 2006

Logs - code format

Thank you for your continued help. Please let me know if these have to come out of the code tags:

HJT

Code:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:52 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\HiThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Evil
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MWSnap] "C:\Program Files\MWSnap\MWSnap.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\System32\MetaProducts\Add_Url.htm
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140492510937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall-uhc.webex.com/client/v_mywebex-t20sp24ep1/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F0282-33EF-418C-BBBB-CC56D438B3C7}: Domain = Belkin
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

SMITFRAUDFIX not quite sure if/how this should be single-spaced, I removed some blank lines

Code:

SmitFraudFix v2.118

Scan done at 11:21:34.93, Sun 11/05/2006
Run from C:\Documents and Settings\UndrLine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\undrline\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End

pskelley · Nov 5, 2006

What you are doing is making this harder for both of us than it needs to be:sad: I would appreciate it if you would read the instructions and follow them. If there is something in the instructions you do not understand, please say so and I will take the time to explain it further. If you do not know how to copy and paste, see this link. I do not open attachments from infected computers.

http://www.webmasternow.com/copyandpaste.html

pskelley · Nov 5, 2006

SMITFRAUDFIX not quite sure if/how this should be single-spaced, I removed some blank lines

Please run this again and do not alter the results in any way, simply copy and paste the results to this topic using "Post Reply" according to these instructions:

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Thanks

pskelley · Nov 5, 2006

Logfile of HijackThis v1.99.1 Scan saved at 11:09:52 AM, on 11/5/2006

I suggest you dso this:

1) Update your Java program, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date

(I see no malware in the HJT log, this cleaned is optional)

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) TeaTimer will block these changes, turn if off if you wish to do them:
http://russelltexas.com/malware/teatimer.htm make sure to turn your protection back on when you are finished.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Thanks

undrline · Nov 5, 2006

Log - Per post #9

SmitFraudFix v2.118

Scan done at 14:07:14.39, Sun 11/05/2006
Run from C:\Documents and Settings\UndrLine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\UndrLine\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\undrline\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

pskelley · Nov 5, 2006

No evidence of any Smitfraud infection in that report.

Thanks

undrline · Nov 6, 2006

So, back to the beginning

I've done the HJT fixes, emptied with ATF, and show no SmitFraud infection (and updated my JRE).

But, I'm still getting the NSIS popup, and showing "NSIS Media Extension" and Smitfraud (now, wasn't showing before), in SBS&D scans, and the scans still don't finish, still stalling on "Zlob.ZCodec" . . . what next?

pskelley · Nov 6, 2006

Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

Thanks

pskelley · Nov 6, 2006

appears this one is tough to remove, have a look:
http://www.google.com/search?hl=en&lr=&q=remove+NSIS+Media+&btnG=Search

Let me see that uninstall list while you look over ways to get rid of this junk. Let me know of anything you try so I do not try it again, it will be morning EST before I look at this again.

I did see that Spybot is supposed to remove it, are you sure you have the newest version of Spybot with the latest updates?

LonnyRJones · Nov 6, 2006

Create and run this batch for PSkelly please

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.

Code:

@echo off
Echo.
Echo searching please wait....
(
findstr /L /I /M /C:"*" "%CommonProgramFiles%\NSIS\*.*"
findstr /L /I /M /C:"cydoor_shell_project" %windir%\system32\*.dll
if exist %windir%\system32\msidext.dll echo %windir%\system32\msidext.dll
dir /b /s "%programfiles%\nsis.jar"
)>>logit.txt 2>nul
start notepad logit.txt

Run check.bat and post back with the text that will open.

undrline · Nov 6, 2006

My guess

I'm making the assumption that you mean SBS&D. I don't have those options, exactly. In Advanced Mode, I have Tools>Uninstall Info, so I'm guessing that's what you mean. I have it set to update on open, and it updated today, even with Beta items. I will post the log in a separate post, because it's giving me "too long" error messages on the Bulletin Board.

The most recent, and the most dubious (each are cracked versions), are the following:

Advanced Office Password Recovery
Advanced VBA Password Recovery
VBA Password Recovery

pskelley · Nov 6, 2006

Please follow the instructions from LonnyRJones.

I would like to look at that uninstall list when you finish with those instructions, see this:

http://www.bleepingcomputer.com/tutorials/tutorial42.html#uniman
How to use the Uninstall Manager

undrline · Nov 6, 2006

Uninstall Log I

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2006-11-02 TeaTimer.exe (1.4.0.2)
2005-06-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-03 Includes\Beta.sbi
2005-02-16 Includes\Beta.uti
2006-11-03 Includes\Cookies.sbi
2006-10-13 Includes\Dialer.sbi
2006-11-03 Includes\DialerC.sbi
2006-11-03 Includes\Hijackers.sbi
2006-11-03 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2006-11-03 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2006-10-13 Includes\Malware.sbi
2006-11-03 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi
2006-11-03 Includes\PUPSC.sbi
2006-11-03 Includes\Revision.sbi
2006-10-13 Includes\Security.sbi
2006-11-03 Includes\SecurityC.sbi
2006-10-13 Includes\Spybots.sbi
2006-11-03 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-11-03 Includes\Trojans.sbi
2006-11-03 Includes\TrojansC.sbi

ABBYY FineReader 4.0 Sprint (ABBYY FineReader 4.0 Sprint)
uninstall cmd: C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini

WebEx (ActiveTouchMeetingClient)
uninstall cmd: C:\WINDOWS\DOWNLO~1\atcliun.exe

Ad-Aware SE Personal (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: D:\Acrobat 5\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe InDesign CS2 Trial 004.000.000 (Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC})
version: 4
version (major): 4
install location: C:\Program Files\Adobe\Adobe InDesign CS2 Trial\
uninstall cmd: msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
publisher: Adobe Systems Incorporated
comments: Adobe InDesign CS2 Installer
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html?c=us
help telephone: 1-800-833-6687

Adobe PageMaker 7.0 7.0.1 (Adobe PageMaker 7.0)
version (major): 1
install location: C:\Program Files\Adobe\PageMaker 7.0 Tryout
install source: C:\Documents and Settings\UndrLine\Local Settings\Temp\pft3.tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\WINDOWS\system32\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
publisher: Adobe Systems, Inc.

Advanced IM Password Recovery (remove only) (Advanced IM Password Recovery)
uninstall cmd: C:\Program Files\ElcomSoft\AIMPR\uninstall.exe

Advanced Office Password Recovery (remove only) (Advanced Office Password Recovery)
uninstall cmd: C:\Program Files\ElcomSoft\AOPR\uninstall.exe

Advanced VBA Password Recovery (remove only) (Advanced VBA Password Recovery)
uninstall cmd: C:\Program Files\ElcomSoft\AVPR\uninstall.exe

Microsoft Age of Empires (Age of Empires)
uninstall cmd: C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall

AltoMP3 CD Ripper 4.0 (AltoMP3 CD Ripper_is1)
install location: C:\Program Files\AltoMP3 CD Ripper v4\
uninstall cmd: "C:\Program Files\AltoMP3 CD Ripper v4\unins000.exe"
publisher: Thomas Yuan
help link: http://www.yuansoft.com

Arachnophilia 5.2 (Arachnophilia 5.2_is1)
uninstall cmd: "C:\Program Files\Arachnophilia5\unins000.exe"

Arachnophilia version 4.0 (Arachnophilia version 4.0_is1)
uninstall cmd: "C:\Program Files\Arachnophilia\unins000.exe"

(Automap 9.0)

(AvantGo Client)

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\Avast4
install source: C:\PROGRA~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

(Branding)

CD/Spectrum Pro CDSPro v2002.0618 (CDSpectrum Pro)
uninstall cmd: C:\WINDOWS\DelCDSP.exe
publisher: Synthesoft Corporation
comments: Neither Bytech nor NorthStar can provide support. For support, please see our web site at: http://www.synthesoft.com/techsupport.htm
help link: http://www.synthesoft.com/techsupport.htm
help telephone: Email/Web Support Only

Conexant HSF V92 56K Data Fax PCI Modem (CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0

(Connection Manager)

ConquerCam 2.6 (ConquerCam_is1)
uninstall cmd: "C:\Program Files\ConquerCam\unins000.exe"
publisher: Peter Theill
help link: http://www.conquercam.com/faq.asp

(DirectAnimation)

(DirectDrawEx)

DOSShell 1.4 1.4 (DOSShell)
uninstall cmd: C:\Program Files\DOSShell\uninst.exe
publisher: Loonies Software

MetaProducts Download Express (DownloadExpress)
uninstall cmd: C:\WINDOWS\System32\MetaProducts\dep.exe /UnInstall

(DXM_Runtime)

Egg (Egg)
uninstall cmd: "C:\Program Files\Egg\uninstall.exe"

eMule (eMule)
uninstall cmd: "C:\Program Files\eMule\Uninstall.exe"

EndItAll 2.0 2.0 (EndItAll_is1)
uninstall cmd: "C:\Program Files\EndItAll\unins000.exe"
publisher: Ziff Davis Media, Inc.
help link: http://discuss.pcmag.com/pcmag/messages

FileAlyzer 1.2 1.2 (FileAlyzer_is1)
install location: C:\Program Files\FileAlyzer\
uninstall cmd: "C:\Program Files\FileAlyzer\unins000.exe"
publisher: PepiMK Software

FileSpecs plug-in for Ad-Aware SE (FileSpecs plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\FILESP~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

FileZilla (remove only) (FileZilla)
uninstall cmd: "C:\Program Files\FileZilla\uninstall.exe"

Font Creator 5.0 5.0 (Font Creator_is1)
install location: C:\Program Files\Font Creator\
uninstall cmd: "C:\Program Files\Font Creator\unins000.exe"
publisher: High-Logic

(Fontcore)

Handmark Solitaire (Handmark Solitaire)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Solitaire\uninstal.log

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\UndrLine\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

The Hypnogenic Screen Saver Hypno v2002.0618 (Hypno)
uninstall cmd: C:\Program Files\Hypno\UnInstall.EXE
publisher: Synthesoft, Inc.
contact: Synthesoft Support
help link: http://www.synthesoft.com/techsupport.htm
help telephone: E-Mail support only
readme: http://www.synthesoft.com/

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Canon Utilities PhotoStitch 3.1 3.1.9 (InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597})
version: 50397193
version (major): 3
version (minor): 1
estimated size: 1384
install date: 20040304
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051113
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\UndrLine\LOCALS~1\Temp\_isDAD\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32022
install date: 20051113
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Canon Utilities RemoteCapture 2.7 2.7.0 (InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0})
version: 34013184
version (major): 2
version (minor): 7
estimated size: 10613
install date: 20040304
install source: D:\SOFTWARE\REMCAP\ENGLISH\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Jasc Paint Shop Pro 9.01 - (9.0.1.1) (Jasc Paint Shop Pro 9.01 - (9.0.1.1))
uninstall cmd: C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~3\INSTALL.LOG

Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

jv16 PowerTools 1.3 (jv16 PowerTools_is1)
uninstall cmd: "C:\Program Files\jv16 PowerTools\unins000.exe"

Windows Blaster Worm Removal Tool (KB833330) (KB833330)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833330

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB887797 20041018.133824 (KB887797)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887797

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050708
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows Media Format SDK Hotfix - KB891122 (KB891122)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix for Windows XP (KB896344) 2 (KB896344)
install date: 20050708
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

undrline · Nov 6, 2006

Uninstall Log II

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060430
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Update for Windows XP (KB900930) 1 (KB900930)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900930

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 9 (KB911565) (KB911565)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060108
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060512
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060915
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061001
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

The Kinemorphic 3D Screen Saver Kine v2002.0618 (Kine)
uninstall cmd: C:\Program Files\Kine\UnInstall.EXE
publisher: Synthesoft, Inc.
contact: Synthesoft Support
help link: http://www.synthesoft.com/techsupport.htm
help telephone: E-Mail support only
readme: http://www.synthesoft.com/

Kinoma Producer for Palm, Inc. (Kinoma Producer for Palm, Inc.)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Kinoma\uninstal.log

LSP Explorer plug-in for Ad-Aware SE (LSP Explorer plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\LSPEXP~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

MediaMonkey 2.4 2.4 (MediaMonkey_is1)
install location: C:\Program Files\MediaMonkey\
uninstall cmd: "C:\Program Files\MediaMonkey\unins000.exe"
publisher: Ventis Media Inc.
help link: http://www.mediamonkey.com

Messenger Control Plugin for Ad-aware 1.31 (Messenger Control Plugin for Ad-aware)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
publisher: Lavasoft Sweden
comments: FileSpecs Plug in for Ad-aware 6 Professional

Messenger-Control plug-in for Ad-Aware SE (Messenger-Control plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\MESSEN~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(Microsoft NetShow Player 2.0)

Microtek ScanWizard 5 (Microtek ScanWizard 5)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Twain_32\ScanWiz5\Uninst.isu

(MobileOptionPack)

MobiMate WorldMate for Palm (MobiMate WorldMate for Palm)
uninstall cmd: C:\PROGRA~1\MobiMate\WORLDM~1\UNWISE.EXE C:\PROGRA~1\MobiMate\WORLDM~1\INSTALL.LOG
publisher: MobiMate
contact: support@mobimate.com

Mozilla Firefox (1.5.0.7) 1.5.0.7 (en-US) (Mozilla Firefox (1.5.0.7))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.7 (en-US)"
publisher: Mozilla

Mozilla Thunderbird (1.5) 1.5 (en-US) (Mozilla Thunderbird (1.5))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-US)"
publisher: Mozilla

(MPlayer2)

MPlifier (MPlifier)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\MPlifier\DeIsL1.isu" -c"C:\Program Files\MPlifier\_ISREG32.DLL"

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

MWSnap 3 3.0.0.74 (MWSnap 3)
uninstall cmd: "C:\Program Files\MWSnap\uninstall.exe"
publisher: Mirek Wojtowicz

(NetMeeting)

NSIS Media Extension 5.6.1 (NSISMedia)
uninstall cmd: C:\Program Files\Common Files\NSIS\uninst.exe

Spybot Never finishes checking + NSIS Media

New member

In Memoriam -Always in our heart

New member

In Memoriam -Always in our heart

New member

In Memoriam -Always in our heart

New member

In Memoriam -Always in our heart

In Memoriam -Always in our heart

In Memoriam -Always in our heart

New member

In Memoriam -Always in our heart

New member

In Memoriam -Always in our heart

In Memoriam -Always in our heart

Security Expert-Emeritus

New member

In Memoriam -Always in our heart

New member

New member