Help smitfraud: desktop hijack

Tonykntcky · May 28, 2006

I followed the directions for removing this:
Here are my logs:
SmitFraudFix v2.49

Scan done at 9:52:57.04, Sun 05/28/2006
Run from C:\Program Files\SmitfraudFix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\wfkduei.dll Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:08:39 PM, 5/28/2006
+ Report-Checksum: 397D79E2

+ Scan result:

C:\Documents and Settings\Tony play\Cookies\tony play@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tony play\Cookies\tony play@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Downloads\cap2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup

::Report End

--- Search result list ---
Vcodec.eMedia: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Media-Codec.Chl

Vcodec.eMedia: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}

Vcodec.eMedia: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec

Vcodec.eMedia: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\EMediaCodec.Chl

Vcodec.eMedia: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ecodec.exe

MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

MyWay.MyWebSearch: IE toolbar (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Registry Cleaner: Program group (Directory, fixed)
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryCleaner\

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

FunWeb: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

MyWebSearch: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-26 Includes\Cookies.sbi (*)
2006-05-26 Includes\Dialer.sbi (*)
2006-05-26 Includes\Hijackers.sbi (*)
2006-05-26 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-05-26 Includes\Malware.sbi (*)
2006-05-26 Includes\PUPS.sbi (*)
2006-05-26 Includes\Revision.sbi (*)
2006-05-26 Includes\Security.sbi (*)
2006-05-26 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-26 Includes\Trojans.sbi (*)

Tonykntcky · May 28, 2006

Reports cont'd:

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891220
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB892627
/ Windows XP / SP3: Windows XP Hotfix - KB893056
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617fa5be646b5e8d6670fd4710acd2d3

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 34904
MD5: 25d2aa5a7ca01db369a39149a1ab2f30

Located: HK_LM:Run, AOLSPScheduler
command: C:\Program Files\Common Files\AOL\1130018802\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
file: C:\Program Files\Common Files\AOL\1130018802\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
size: 8808
MD5: c76e6f76af6d6d6b4a41df7138b59ae1

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: 248f2c34a05daa0da62c83483afcc603

Located: HK_LM:Run, EM_EXEC
command: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
file: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
size: 35328
MD5: 00b926e16dffb95270db8dc16a65ba77

Located: HK_LM:Run, EmailScan
command: C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
file: C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
size: 460336
MD5: 92b5202d2a99371233f62a71aa87efc3

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1130018802\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1130018802\ee\AOLSoftware.exe
size: 50792
MD5: d4c5c5840dab38a96e8d5838f2a01bfc

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 29696
MD5: 62e28ace0821c5d1268cf04269769586

Located: HK_LM:Run, MoodLogic Updater
command: C:\Program Files\MoodLogic\Service\Updater.exe
file: C:\Program Files\MoodLogic\Service\Updater.exe
size: 217088
MD5: 4124a0f0e6a45992aa17aea52114c783

Located: HK_LM:Run, MPFExe
command: C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
file: C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
size: 988712
MD5: 426f2befbcee57d7016f19a9e406e5d0

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 60d44ef1cb5f41160e9d0a7e637cc8aa

Located: HK_LM:Run, OASClnt
command: C:\Program Files\mcafee.com\antivirus\oasclnt.exe
file: C:\Program Files\mcafee.com\antivirus\oasclnt.exe
size: 116272
MD5: d034be4eef7a4a9ad7b13801937ea33a

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: d5d0cd6a04617a15c2df76cd668ff540

Located: HK_LM:Run, sscRun
command: C:\Program Files\Common Files\AOL\1130018802\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
file: C:\Program Files\Common Files\AOL\1130018802\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
size: 136808
MD5: 485039789c64ace41470fcd61493f262

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 006220ee86eb71c5884f415eaa9e8058

Located: HK_LM:Run, ViewMgr
command: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
file: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 111816
MD5: a36e74ba7528a67a51bc4aff3a50333d

Located: HK_LM:Run, ymetray
command: "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
file: C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
size: 5541888
MD5: 8bd669bdad4f6fa3472ca890fc0de9fa

Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
file: C:\Program Files\Logitech\iTouch\iTouch.exe
size: 204800
MD5: 49208245d9bffbee175ef19e09d4df4b

Located: HK_LM:RunOnce, 0027091148814712mcinstcleanup
command: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\mcvsinst\002709~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
file:

Located: HK_LM:RunOnce, 0029091148814773mcinstcleanup
command: C:\PROGRA~1\mcafee.com\mpfpinst\002909~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
file: C:\PROGRA~1\mcafee.com\mpfpinst\002909~1.EXE
size: 188416
MD5: 2d51bce06be975ba115d72c3a86c4a61

Located: HK_LM:RunOnce, Run IPH
command: C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
file: C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
size: 128616
MD5: 3a64e5b9e7d6835dec436f1ca131a92d

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Logitech Desktop Messenger.lnk
command: C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
size: 196608
MD5: 6f2e5108667bf1149d884e3cbeb9cdd1

Located: Startup (common), Logitech SetPoint.lnk
command: C:\Program Files\Logitech\SetPoint\KEM.exe
file: C:\Program Files\Logitech\SetPoint\KEM.exe
size: 581632
MD5: 6860718fa794f913f3f1bdf3ce0a9171

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, WBSrv
command: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
file: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
size: 106496
MD5: bb296286a0e548bf0e3a112ea7c7457a

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Tonykntcky · May 28, 2006

More

--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 1/27/2006 5:16:44 PM
Date (last access): 5/28/2006 12:14:44 PM
Date (last write): 11/21/2005 4:54:28 PM
Filesize: 399424
Attributes:
MD5: 9818207E4629707E058288CF1B6C358C
CRC32: 77556DB9
Version: 2005.11.21.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/23/2005 8:12:08 PM
Date (last access): 5/28/2006 12:14:44 PM
Date (last write): 1/12/2006 9:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 5/28/2006 9:39:18 AM
Date (last access): 5/28/2006 12:14:44 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 11/8/2005 8:15:24 PM
Date (last access): 5/28/2006 12:14:44 PM
Date (last write): 8/17/2005 10:40:28 AM
Filesize: 181752
Attributes: archive
MD5: 16981CC548B9A9EE304C68EAC17A979A
CRC32: EE9393BB
Version: 2005.8.17.1

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/28/2006 12:14:44 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll googletoolbar*.dll (* = number) googletoolbar_en_*.**-big.dll Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~2.DLL
Date (created): 12/19/2005 6:20:14 PM
Date (last access): 5/28/2006 12:14:44 PM
Date (last write): 11/8/2005 7:43:56 PM
Filesize: 1164800
Attributes: readonly archive
MD5: 238E278572C5CF68BA02FCE1CC26E10E
CRC32: 0FDA8451
Version: 3.0.128.1

--- ActiveX list ---
Mah Jong Garden by pogo (Mah Jong Garden by pogo)
DPF name: Mah Jong Garden by pogo
CLSID name:
Installer:
Codebase: http://game1.pogo.com/applet-6.4.0.48/mahjong/mahjong-ob-assets.cab

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 6:04:22 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 4/10/2006 1:00:34 PM
Filesize: 555824
Attributes: archive
MD5: 593F9787C3161CC77FA9B4BEBE823582
CRC32: B36241BF
Version: 1.5.526.0

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/8/2005 8:15:26 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 11/7/2004 5:29:46 PM
Filesize: 173168
Attributes: archive
MD5: 4C0658E518FA9D08E884DB717A7087AE
CRC32: FFDA1549
Version: 2004.11.7.1

{6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
DPF name:
CLSID name: ExentInf Class
Installer:
Codebase: http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx
description: Yahoo games?
classification: Unknown
known filename: EXENTCTL_0_0_0_0.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: exentctl_0_0_0_2.ocx
Short name: EXENTC~1.OCX
Date (created): 5/20/2006 9:17:08 AM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 5/20/2006 9:17:10 AM
Filesize: 218288
Attributes: archive
MD5: B0D860B2D859BCE450C7AFDE821EBFBB
CRC32: 38EEE916
Version: 5.0.0.2

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133027306140
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 5:19:32 AM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 5/26/2005 5:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class)
DPF name:
CLSID name: GSDACtl Class
Installer:
Codebase: https://www.gamespyid.com/alaunch.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gsda.dll

{712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class)
DPF name:
CLSID name: MsneDiag Class
Installer: C:\WINDOWS\Downloaded Program Files\msnediag.inf
Codebase: http://entimg.msn.com/client/msnediag3518.cab
Path: C:\Progra~1\MsnMusic\diag\4226180\
Long name: msnediag.ocx
Short name:
Date (created): 2/18/2005 8:22:10 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 2/18/2005 8:22:10 PM
Filesize: 140568
Attributes: archive
MD5: 8D4C5FC63069774F0F0BB12486C3A257
CRC32: B000B02F
Version: 4.2.2618.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_06.inf
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class)
DPF name:
CLSID name: IWinAmpActiveX Class
Installer: C:\WINDOWS\Downloaded Program Files\ampx.inf
Codebase: http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
Path: C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\
Long name: AmpX.dll
Short name:
Date (created): 8/9/2005 2:41:00 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 8/9/2005 2:41:00 PM
Filesize: 139347
Attributes: archive
MD5: 77C3A598B9D16CAA51438005A9E9CE43
CRC32: 7B62558B
Version: 2.6.1.11

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 2:03:56 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 11/10/2005 2:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 8/27/2005 2:38:56 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 8/27/2005 2:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0

{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class)
DPF name:
CLSID name: SproutLauncherCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\SproutLauncher.inf
Codebase: http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SproutWebLauncher.dll
Short name: SPROUT~1.DLL
Date (created): 9/13/2004 5:26:02 PM
Date (last access): 5/28/2006 12:14:00 PM
Date (last write): 9/13/2004 5:26:02 PM
Filesize: 159744
Attributes: archive
MD5: 07D28A105DFE8EF72C1C4A2EA12E2A31
CRC32: FDC12284
Version: 1.0.0.10

{ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class)
DPF name:
CLSID name: MsnMusicAx Class
Installer: C:\WINDOWS\Downloaded Program Files\msninst.inf
Codebase: http://entimg.msn.com/client/msnmusax3503.cab
Path: C:\Progra~1\MsnMusic\4226251\
Long name: msnmusax.ocx
Short name:
Date (created): 2/25/2005 7:41:10 PM
Date (last access): 5/28/2006 12:20:04 PM
Date (last write): 2/25/2005 7:41:10 PM
Filesize: 467152
Attributes: archive
MD5: 30127F252951B218AEA5A94D6DE0F6F9
CRC32: 4EBAC278
Version: 4.2.2625.1

--- Process list ---
PID: 0 ( 0) [System]
PID: 124 ( 4) \SystemRoot\System32\smss.exe
PID: 172 ( 124) \??\C:\WINDOWS\system32\csrss.exe
PID: 196 ( 124) \??\C:\WINDOWS\system32\winlogon.exe
PID: 240 ( 196) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 252 ( 196) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 404 ( 240) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 468 ( 240) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 520 ( 240) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 772 ( 744) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1228 ( 772) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/28/2006 12:20:08 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E589780C-F6EF-4E44-BA21-BDE85832D1EE}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Tonykntcky · May 28, 2006

Cont'd

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E589780C-F6EF-4E44-BA21-BDE85832D1EE}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{613DA235-34FA-4596-BD3A-2414AD8533AD}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{613DA235-34FA-4596-BD3A-2414AD8533AD}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE8AEFE6-9C23-415C-A7D0-6CED1C6C9606}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE8AEFE6-9C23-415C-A7D0-6CED1C6C9606}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE47F5CB-3ED6-4B43-ABE6-AC2BD036E99F}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE47F5CB-3ED6-4B43-ABE6-AC2BD036E99F}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07B9D814-3248-47E7-99D2-D55121A602D0}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07B9D814-3248-47E7-99D2-D55121A602D0}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

--- Uninstall list ---
OTOY (3DGroove)
uninstall cmd: RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

Age of Mythology (Age of Mythology 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove

Age of Mythology - The Titans Expansion (Age of Mythology Expansion Pack 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove

Age of Wonders II (Age of Wonders II)
uninstall cmd: C:\Program Files\Age of Wonders II\aow2Uninstall.exe

ATI - Software Uninstall Utility 6.14.10.1012 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

AOL Connectivity Services (AOL Connectivity Services)
uninstall cmd: "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c

AOL Deskbar (AOL Deskbar)
uninstall cmd: "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"

AOL Uninstaller (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

AOL You've Got Pictures Screensaver (AOL YGP Screensaver)
uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

(AOLAntivirus)
uninstall cmd: "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S

AOL Coach Version 2.0(Build:20041026.5 en) (AolCoach2_en)
uninstall cmd: C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP

(AOLFirewall)
uninstall cmd: "C:\Program Files\mcafee.com\personal firewall\aol\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S

ATI Display Driver 8.12-050317m-022739C (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean

CIF USB Camera (2110A) (CIF USB Camera (2110A))
uninstall cmd: C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110a.ini

(Connection Manager)

(CS5)
uninstall cmd: "C:\Program Files\Common Files\Intel Shared\IP Video Telephony\Setup.exe" uninstall webclient clientid="CS5" clientpath="C:\Program Files\Intel\Createshare\VideoPhone\" inf="VSDKWSetup.inf"

Dungeon Siege Legends of Aranna (Dungeon Siege Legends of Aranna 1.0)
version (major): 1
install location: C:\Program Files\Microsoft Games\Dungeon Siege
uninstall cmd: "C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
publisher: Microsoft

Europa Universalis (Europa Universalis)
uninstall cmd: C:\PROGRA~1\EUROPA~1\UNWISE.EXE C:\PROGRA~1\EUROPA~1\INSTALL.LOG

Europa Universalis 2 (Europa Universalis 2)
uninstall cmd: C:\PROGRA~1\STRATE~1\EUROPA~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\EUROPA~1\INSTALL.LOG

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

Master of Orion 3 (exent_216750)
install location: C:\Remote Programs\Master of Orion 3\
uninstall cmd: GPlrLanc.exe -LOpCode 2 /RemoveContent cid=216750;name=Master of Orion 3;dir=C:\Remote Programs\Master of Orion 3\;dis_cc=0;

Civilization III Conquests (exent_253350)
install location: C:\Remote Programs\Civilization III Conquests\
uninstall cmd: GPlrLanc.exe -LOpCode 2 /RemoveContent cid=253350;name=Civilization III Conquests;dir=C:\Remote Programs\Civilization III Conquests\;dis_cc=0;

Imperial Glory (exent_348450)
install location: C:\Remote Programs\Imperial Glory\
uninstall cmd: GPlrLanc.exe -LOpCode 2 /RemoveContent cid=348450;name=Imperial Glory;dir=C:\Remote Programs\Imperial Glory\;dis_cc=0;

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

IGN Download Manager 2.1.2 2.1.2 (IGN Download Manager)
uninstall cmd: C:\Program Files\IGN\Download Manager\uninst.exe
publisher: IGN Entertainment, Inc.

(Inetcam3.5)
uninstall cmd: "C:\Program Files\Intel\Createshare\Inetcam\uninstall.exe" /s

(InstallShield Uninstall Information)

Lord of the Rings: The Fellowship of the Ring 1.00.0000 (InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60})
version: 16777216
version (major): 1
estimated size: 773041
install date: 20051023
install source: D:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{49C98C60-BAC3-4C92-AF4F-E890FD312D60}
publisher: Universal Interactive
comments: None
contact: Customer Support Department
help link: http://www.universalinteractive.com
help telephone: 1-866-341-0879

Age of Empires III 1.00.0000 (InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97})
version: 16777216
version (major): 1
estimated size: 2183049
install date: 20051023
install location: C:\Program Files\Microsoft Games\Age of Empires III\
install source: D:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
publisher: Microsoft Game Studios
help link: http://www.microsoft.com/games/age3/support.asp

Rome - Total War(TM) 1.0 (InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834})
version: 16777216
version (major): 1
estimated size: 2345436
install date: 20051225
install location: C:\Program Files\Activision\Rome - Total War\
install source: D:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB} /l1033 /x
publisher: Activision

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows Media Format SDK Hotfix - KB891122 (KB891122)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122

Windows XP Hotfix - KB891220 20041208.154529 (KB891220)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891220

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB892627 20050201.181426 (KB892627)
uninstall cmd: C:\WINDOWS\$NtUninstallKB892627$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892627

Windows XP Hotfix - KB893056 20050126.164313 (KB893056)
uninstall cmd: C:\WINDOWS\$NtUninstallKB893056$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893056

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix for Windows XP (KB896344) 2 (KB896344)
install date: 20050622
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051108
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051022
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Tonykntcky · May 28, 2006

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Hotfix for Windows Media Format SDK (KB910998) (KB910998)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=910998

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060105
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060509
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Logitech Resource Center (Logitech Resource Center)
uninstall cmd: C:\PROGRA~1\RESOUR~1\rem\UNWISE.EXE /s C:\PROGRA~1\RESOUR~1\rem\INSTALL.LOG

Lords of Magic Special Edition (Lords of Magic Special Edition)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\SIERRA\LOMSE\Uninst.isu

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/support/shockwave

(McAfee Personal Firewall Plus API)
uninstall cmd: C:\Program Files\Common Files\McAfee\Installer\mcinst.exe "C:\Program Files\mcafee.com\personal firewall\mpfp.inf" /uninstall

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

MoodLogic (MoodLogic)
uninstall cmd: C:\WINDOWS\ml-uninstall-v10.exe

MS Access 97 SP2 (MS Access 97 SP2)
uninstall cmd: C:\Program Files\Microsoft Office\setup\setup.exe

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN Entertainment Download Troubleshooter (MSN Entertainment Download Troubleshooter)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall

MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NeroVision Express 2 (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

Nero Media Player (NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Pure Networks Port Magic 1.2.1393.0 (Port Magic)
install location: C:\Program Files\Pure Networks\Port Magic
uninstall cmd: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
publisher: Pure Networks
help link: http://aol-support.purenetworks.com

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Registry Cleaner 4.0 4.00 (Registry Cleaner (Registered Version)_is1)
install location: C:\Program Files\Registry Cleaner Retail\
uninstall cmd: "C:\Program Files\Registry Cleaner Retail\unins000.exe"
publisher: SOFTWAREONLINE.COM, INC.
help link: http://www.Softwareonline.com

ResChanger 2005 (ResChanger 20051.0)
uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\ResChanger 2005\irunin.ini"

Microsoft Rise Of Nations (RiseOfNations 1.0)
version (major): 1
install location: C:\Program Files\Microsoft Games\Rise of Nations
uninstall cmd: "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
publisher: Microsoft

(Shockwave)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Sierra Utilities (Sierra Utilities)
uninstall cmd: C:\Program Files\Sierra On-Line\sutil32.exe uninstall

SimCity 3000 Unlimited (SimCity 3000 Unlimited)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll"

SolSuite SolSuite 2005 (SolSuite)
uninstall cmd: C:\PROGRA~1\SolSuite\UNWISE.EXE C:\PROGRA~1\SolSuite\INSTALL.LOG
publisher: TreeCardGames.com

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Viewpoint Manager (Remove Only) (Viewpoint Manager)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

(WebPost)
uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpfull.inf,WebPostUninstall

WindowBlinds (WindowBlinds)
install location: C:\Program Files\Stardock\Object Desktop\WindowBlinds
uninstall cmd: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
publisher: Stardock Corporation

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Yahoo! Anti-Spy (Yahoo! Anti-Spy)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unypsr.exe

Yahoo! Toolbar for Internet Explorer (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

Yahoo! extras (Yahoo! Customizations)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyext.exe

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Music Engine (Yahoo! Music Engine)
uninstall cmd: "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"

Zeus (Zeus)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Impressions Games\Zeus\Uninst.isu"

MSXML4 Parser 1.0.0 ({01501EBA-EC35-4F9F-8889-3BE346E5DA13})
version: 16777216
version (major): 1
estimated size: 1268
install date: 20051112
install source: C:\PROGRA~1\MICROS~2\RISEOF~1\
uninstall cmd: MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
publisher: Microsoft Game Studios
contact: Microsoft Game Studios

Logitech iTouch Software ({036AA4D4-6D32-11D4-9875-00105ACE7734})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL

Civilization III ({0AD84416-63A4-4CF3-BDDF-8FA866711FB0})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"

ATI Control Panel 6.14.10.5145 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

Intel® Create & Share® Software ({202D5EE1-81AC-11D5-87C9-00AA00C29E0A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{202D5EE1-81AC-11D5-87C9-00AA00C29E0A}\setup.exe" -l0009 maintflag

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Rio Music Manager 2.90 ({282EF7E3-AE54-48AE-A11D-27F512F23AB3})
version: 39452672
version (major): 2
version (minor): 90
estimated size: 13991
install date: 20051121
install source: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\_is44\
uninstall cmd: MsiExec.exe /X{282EF7E3-AE54-48AE-A11D-27F512F23AB3}
publisher: Rio Audio
help link: http://www.rioaudio.com/
help telephone: http://www.rioaudio.com/

EXEtender Player ({2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7})
uninstall cmd: "C:\Program Files\EXEtender\Uninstall.exe"

Logitech SetPoint 2.12 ({2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3})
version: 34340864
install location: C:\Program Files\Logitech\SetPoint
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20051223
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20050622
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Rome - Total War(TM) 1.2 ({4089999C-6CB7-4F9D-A2F6-DB158DBF91FB})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 85756
install date: 20051225
install location: C:\Program Files\Activision\Rome - Total War\
install source: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\_is2D\
publisher: Activision

Microsoft Windows Journal Viewer 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 3546
install date: 20050622
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: A viewer for Windows Journal documents.
contact: Microsoft

Rio Internet Update 2.90 ({493F2531-C2E5-4B73-8B11-66E9CFDA9AFA})
version: 39452672
version (major): 2
version (minor): 90
estimated size: 513
install date: 20051121
install source: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\_is52\
uninstall cmd: MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}
publisher: Rio Audio
help link: http://www.rioaudio.com/
help telephone: http://www.rioaudio.com/

Lord of the Rings: The Fellowship of the Ring 1.00.0000 ({49C98C60-BAC3-4C92-AF4F-E890FD312D60})
version: 16777216
version (major): 1
estimated size: 773041
install date: 20051023
install source: D:\
publisher: Universal Interactive
comments: None
contact: Customer Support Department
help link: http://www.universalinteractive.com
help telephone: 1-866-341-0879

Adobe® Photoshop® Album Starter Edition 3.0 3.00.000 ({4BDFD2CE-6329-42E4-9801-9B3D1F10D79B})
version: 50331648
version (major): 3
estimated size: 16717
install date: 20060312
install location: C:\Program Files\Adobe\Photoshop Album Starter Edition\
install source: C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\
uninstall cmd: MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\ReadMe.txt

Logitech MouseWare 9.42 .1 ({5809E7CF-4DCF-11D4-9875-00105ACE7734})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL

({5C9DDCE0-66CF-11D4-9100-0090274FBE9A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}\setup.exe"

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051022
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080

Tonykntcky · May 28, 2006

Last One

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051022
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080

Business Contact Manager for Outlook 2003 1.0.2002.1 ({66563AD8-637B-407F-BCA7-0233A16891AB})
version: 16779218
version (major): 1
estimated size: 171425
install date: 20051124
install source: D:\
uninstall cmd: MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\README.htm

({68DC5968-0278-11D5-8EAA-00062973342B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68DC5968-0278-11D5-8EAA-00062973342B}\setup.exe" maintflag

Age of Empires III 1.00.0000 ({7B9CC60A-9B81-46A3-A953-76B6BF9EEC97})
version: 16777216
version (major): 1
estimated size: 2183049
install date: 20051023
install location: C:\Program Files\Microsoft Games\Age of Empires III\
install source: D:\
publisher: Microsoft Game Studios
help link: http://www.microsoft.com/games/age3/support.asp

Lords of the Realm III 1.01.000 ({7C1EAF33-82AD-4A63-B56D-4739172714DF})
version: 16777216
install location: C:\Program Files\Impressions Games\Lords of the Realm III
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C1EAF33-82AD-4A63-B56D-4739172714DF}\Setup.exe" -l0x9

NVDVD ({7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\Setup.exe" -uninstall

Emperor: Rise of the Middle Kingdom 1.0.1.0 ({821DABD6-26F2-49E5-AE55-40A589ADBE6D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x9

Emperor - RotMK Bonus Campaign ({8F1A3107-FE6E-4FFA-B973-73BE1932FCEF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F1A3107-FE6E-4FFA-B973-73BE1932FCEF}\Setup.exe" -l0x9

Logitech Desktop Messenger 2.30.04 ({900B1197-53F5-4F46-A882-2CFFFE2EEDCB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" UNINSTALL /L9
publisher: Logitech, Inc.
contact: Logitech Customer Support
help link: www.logitech.com/support

Microsoft Office Professional Edition 2003 11.0.7969.0 ({91110409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 743857
install date: 20060509
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

({9D5DFD1A-5B25-48B7-B4D5-E04778BDC676})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D5DFD1A-5B25-48B7-B4D5-E04778BDC676}\Setup.exe" -l0x9

Rio Music Manager 1.0 ({9E321DCB-3AC5-466C-B214-4CD340EE3A13})
version: 16777216
version (major): 1
estimated size: 1905
install date: 20060108
install source: D:\RioMM\
uninstall cmd: MsiExec.exe /X{9E321DCB-3AC5-466C-B214-4CD340EE3A13}
publisher: SONICblue
help link: http://www.sonicblue.com/
help telephone: http://www.sonicblue.com/

Rome Total War - patch 1.3 1.3 ({A5D65411-8E73-4C85-AD80-9FE8B7391CF9})
version: 16973824
install location: C:\Program Files\Activision\Rome - Total War
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9

Rome - Total War(TM) 1.0 ({A642BB6B-CA1D-4142-8DD4-318C3F3DC834})
version: 16777216
version (major): 1
estimated size: 2345436
install date: 20051225
install location: C:\Program Files\Activision\Rome - Total War\
install source: D:\
publisher: Activision

Sid Meier's Civilization 4 1.00.0000 ({A8589680-35C1-4732-ACCA-09B78921ECE3})
version: 16777216
version (major): 1
estimated size: 2044
install date: 20051231
install location: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\
install source: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\{A8589680-35C1-4732-ACCA-09B78921ECE3}\
publisher: Firaxis Games
contact: Customer Support Department
help link: http://www.2kgames.com/civ4/

Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440519
version (major): 7
estimated size: 77627
install date: 20060312
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Adobe Reader 7.0.5 Language Support 7.0.5 ({AC76BA86-7AD7-5464-3428-7050000000A7})
version: 117440517
version (major): 7
estimated size: 34373
install date: 20060312
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{E54EF49D-FCD5-4B3E-97B9-128D247834E1}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 7.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

EVGA Display Driver 1.00.000 ({BEF3EFE7-5159-436D-9BF0-CCC633179EB4})
version: 16777216
install date: 20051022
install location: C:\Program Files\EVGA\EVGA Display Driver
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
publisher: EVGA
help link: www.evga.com/support/default.asp

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20050622
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Logitech User's Guide ({CBE0FCA1-4E95-11D4-9875-00105ACE7734})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBE0FCA1-4E95-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL

MSN Messenger 7.5 7.5.0324.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 15621
install date: 20060218
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

Sid Meier's Civilization 4 1.52 ({CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8})
version: 20185088
install date: 20051231
install location: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
publisher: Firaxis Games
help link: http://www.2kgames.com/civ4/support.htm
readme: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Readme.htm

ArcSoft PhotoImpression ({E142615E-5ED8-4511-9BF0-0284BFA25766})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\Setup.exe" -l0x9 -uninst

({E6701900-1864-11D5-941D-000347186BC7})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>

ArcSoft VideoImpression 1.6 ({ED10343F-D30A-4200-9B00-665FC45F52B4})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED10343F-D30A-4200-9B00-665FC45F52B4}\Setup.exe" -l0x9 -uninst

Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

Thanks for any help you can provide!!!

Tony

LonnyRJones · Jun 1, 2006

Welcome Tony

Post a current hijackthis log please

tashi · Jun 8, 2006

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.

Help smitfraud: desktop hijack

Tonykntcky

New member

Tonykntcky

New member

Tonykntcky

New member

Tonykntcky

New member

Tonykntcky

New member

Tonykntcky

New member

LonnyRJones

Security Expert-Emeritus

tashi

Member of Team Spybot