Help! Virtumonde and now PWS.LDPinchIE?!

jalbertind · May 6, 2009

Any help would be incredibly appreciated.

I've been having major difficulties lately with Trojans and general malware of this computer. I deleted Spy Sweeper a few weeks back (at the request of someone) and almost immediately afterward, all my programs started freezing unexpectedly (and quite aggravatingly, I might add), and Facebook/MySpace/AIM Mail stopped functioning correctly. I couldn't use more than a few programs at once, so I'd have to routinely delete passive processes in order to make this laptop function.http://forums.spybot.info/newthread.php?do=newthread&f=22

I downloaded CCleaner, HijackThis, Prevx 3.0, and Spybot, and so far, only Spybot and CCleaner seem to have done any good. Once I scanned the first time with the former, I realized that Virtumonde had infected my computer. I deleted it using Spybot and VundoFix, but it's repeatedly come back. Now, things have just gotten worse -- I keep getting the blue screen of death, and Spybot is showing a bunch of new stuff infecting my computer -- specifically, PWS.LDPinch.IE, Microsoft.Windows.Explorer, and Microsoft.WindowsSecurityCenter.RegistryTools midway through my scan at the moment.

I'll post the results to my scan in a sec, but are there any telltale signs of any single, easy-to-fix infection at the moment? Thanks. =P

jalbertind · May 6, 2009

Here're my results (well, I assume this is how you get them -- I just right-clicked one of the Problems and clicked "Save full report to file" and I'm breaking it into sections):

--- Search result list ---
Microsoft.Windows.Explorer: [SBI $DA080EA7] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4151277044-4031585965-30426550-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4151277044-4031585965-30426550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

PWS.LDPinchIE: [SBI $32D83D62] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-4151277044-4031585965-30426550-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\idstrf

Win32.TDSS.rtk: [SBI $05E456BF] File (File, nothing done)
C:\WINDOWS\system32\ovfsthgsaycndnwxjbiqdlcvpmmlxqeljdmqlw.dll
Properties.size=0
Properties.md5=09917F084026ADA29573CE10F47FDCDB

Win32.TDSS.rtk: [SBI $05E456BF] File (File, nothing done)
C:\WINDOWS\system32\ovfsthspcorenalstwdxsbqbyxtdfdsparlypj.dll
Properties.size=0
Properties.md5=42CB8125BAB8199B232ED96570927173

Win32.TDSS.rtk: [SBI $05E456BF] File (File, nothing done)
C:\WINDOWS\system32\ovfsthuufgoiemnqxnocxthphnfeyxorcdxahb.dll
Properties.size=0
Properties.md5=E86A5D38DCFCEA56329D15F6BA4BB1E1

Win32.TDSS.rtk: [SBI $DB1744B9] File (File, nothing done)
C:\WINDOWS\system32\drivers\ovfsthduxiorjindtdqneixxkyqdbxpbwuxkrq.sys
Properties.size=0
Properties.md5=653FA464ED4A41C2F4A7F38ACF9DFDEF

DoubleClick: Tracking cookie (Internet Explorer: James) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-04-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi (*)
2009-04-28 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-04-21 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-04-28 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-04-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-04-07 Includes\Malware.sbi (*)
2009-04-28 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-04-28 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-04-21 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-04-28 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi (*)
2009-04-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Update for Windows XP (KB967715)

--- Startup entries list ---
Located: HK_LM:Run, AppleSyncNotifier
command: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 177472
MD5: F2CDE498E7876A1BA669CB7133C4ACE6

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1947928
MD5: 74966D40F38C4E4A4DC712AB353E8634

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 33648
MD5: 35DCD380D4D579D8B8EA91D5D8AE444C

Located: HK_LM:Run, hpWirelessAssistant
command: "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
file: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 507904
MD5: 2DF07BC576F814D9122F338EAD4B4220

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 342312
MD5: 0CDB6449C0C2BF0B514F9FA0BA2C721E

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, prnet
command: "C:\WINDOWS\system32\prnet.tmp"
file: C:\WINDOWS\system32\prnet.tmp
size: 182911
MD5: D848251F26B45A2A5F72173D82593CB3

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 0AB3C83FCB8EF6F56E4FB22089F0D3B9

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389

Located: HK_LM:Run, SynTPStart
command: "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
file: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
size: 102400
MD5: A3418E4D4A5EE636D44922DC2567FA18

Located: HK_CU:Run,
where: .DEFAULT...
command: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
file: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Diagnostic Manager
where: .DEFAULT...
command: C:\WINDOWS\TEMP\494281678.exe
file: C:\WINDOWS\TEMP\494281678.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, uidenhiufgsduiazghs
where: .DEFAULT...
command: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
file: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MSMSGS
where: PE_C0_S-1-5-21-4151277044-4031585965-30426550-1005...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, AIM
where: PE_C_USER...
command: "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
file: C:\Program Files\AIM+\AIM+.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MSMSGS
where: PE_C_USER...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, Weather
where: PE_C_USER...
command: C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
file: C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Window Washer
where: PE_C_USER...
command: C:\Program Files\Webroot\Washer\wwDisp.exe
file: C:\Program Files\Webroot\Washer\wwDisp.exe
size: 1095680
MD5: 126C79568B2D3F729B72E04A0A8590F7

Located: HK_CU:Run, Aim6
where: S-1-5-21-4151277044-4031585965-30426550-1005...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50472
MD5: AC23F48F1D9A886D4786A7F8F17CD656

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-4151277044-4031585965-30426550-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-4151277044-4031585965-30426550-1005...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, swg
where: S-1-5-21-4151277044-4031585965-30426550-1005...
command: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Aim6
where: S-1-5-21-4151277044-4031585965-30426550-1006...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-4151277044-4031585965-30426550-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, prnet
where: S-1-5-21-4151277044-4031585965-30426550-1006...
command: "C:\WINDOWS\system32\prnet.tmp"
file: C:\WINDOWS\system32\prnet.tmp
size: 182911
MD5: D848251F26B45A2A5F72173D82593CB3

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-4151277044-4031585965-30426550-1006...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:Run, swg
where: S-1-5-21-4151277044-4031585965-30426550-1006...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

Located: HK_CU:Run, AIM
where: S-1-5-21-4151277044-4031585965-30426550-1007...
command: "C:\Program Files\AIM\aim.exe" -cnetwait.odl
file: C:\Program Files\AIM\aim.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Aim6
where: S-1-5-21-4151277044-4031585965-30426550-1007...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50472
MD5: AC23F48F1D9A886D4786A7F8F17CD656

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-4151277044-4031585965-30426550-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-4151277044-4031585965-30426550-1007...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, swg
where: S-1-5-21-4151277044-4031585965-30426550-1007...
command: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-4151277044-4031585965-30426550-1007...
command: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
file: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
size: 240544
MD5: 254F5C2577CFCDEFA325763742313F25

Located: HK_CU:Run, AIM
where: S-1-5-21-4151277044-4031585965-30426550-1008...
command: "C:\Program Files\AIM\aim.exe" -cnetwait.odl
file: C:\Program Files\AIM\aim.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Aim6
where: S-1-5-21-4151277044-4031585965-30426550-1008...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 50472
MD5: AC23F48F1D9A886D4786A7F8F17CD656

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-4151277044-4031585965-30426550-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-4151277044-4031585965-30426550-1008...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run, swg
where: S-1-5-21-4151277044-4031585965-30426550-1008...
command: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-4151277044-4031585965-30426550-1008...
command: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
file: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-4151277044-4031585965-30426550-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2

Located: HK_CU:Run,
where: S-1-5-18...
command: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
file: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Diagnostic Manager
where: S-1-5-18...
command: C:\WINDOWS\TEMP\494281678.exe
file: C:\WINDOWS\TEMP\494281678.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, uidenhiufgsduiazghs
where: S-1-5-18...
command: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
file: C:\WINDOWS\TEMP\h5qnmvl9mv.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Documents and Settings\Katherine\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101784
MD5: 24F5015DEB7C744DDF34CD786B6FA03F

Located: Startup (user), Microsoft Find Fast.lnk
where: C:\Documents and Settings\Mom & Dad.YOUR-727A0A4E7C\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 097DEA4408B43B946D1BF93E8C7BEC85

Located: Startup (user), Office Startup.lnk
where: C:\Documents and Settings\Mom & Dad.YOUR-727A0A4E7C\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA.EXE
file: C:\Program Files\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: D06276D4CAD46CDCEABEFDEB1A0D3C0D

Located: Startup (user), LimeWire On Startup.lnk
where: C:\Documents and Settings\User\Start Menu\Programs\Startup...
command: C:\Program Files\LimeWire\LimeWire.exe
file: C:\Program Files\LimeWire\LimeWire.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), Morpheus.lnk
where: C:\Documents and Settings\User\Start Menu\Programs\Startup...
command: C:\Program Files\Morpheus\Morpheus.exe
file: C:\Program Files\Morpheus\Morpheus.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), HP Photosmart Premier Fast Start.lnk (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe
size: 73728
MD5: B2DDFF1F7FF31E8103DC221772353417

Located: Startup (disabled), hp psc 2000 Series (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpobnz08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpobnz08.exe
size: 323646
MD5: 32D37C3EB8B2B038138BB5C7195C55A4

Located: Startup (disabled), officejet 6100 (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hposol08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hposol08.exe
size: 147456
MD5: AD4CB8C6C799178653495A3C851137D9

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{C2BA40A1-74F3-42BD-F434-12345A2C8953} (C:\WINDOWS\system32\afnoinkdsfe.dll)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: C:\WINDOWS\system32\afnoinkdsfe.dll
Path: C:\WINDOWS\system32\
Long name: afnoinkdsfe.dll
Short name: AFNOIN~1.DLL
Date (created): 5/3/2009 7:41:52 PM
Date (last access): 5/6/2009 5:02:04 PM
Date (last write): 5/3/2009 7:41:52 PM
Filesize: 15000
Attributes: archive
MD5: E785146A564205BC73E566F15DFF70A6
CRC32: 52896579

--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 1/5/2009 4:19:12 PM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 1/5/2009 4:19:12 PM
Filesize: 779568
Attributes: archive
MD5: CC547257A308EBE1070AED55309DA4BE
CRC32: 4805B208
Version: 7.6.0.0

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 11/12/2006 2:07:20 AM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 5/2/2007 12:32:04 PM
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/31/2006 4:39:34 PM
Date (last access): 5/6/2009 5:02:46 PM
Date (last write): 3/20/2008 6:06:36 PM
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 11/12/2006 2:07:20 AM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 5/2/2007 12:32:04 PM
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class)
DPF name:
CLSID name: Symantec Script Runner Class
Installer: C:\WINDOWS\Downloaded Program Files\tgctlsr.inf
Codebase: https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
Path: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\
Long name: tgctlsr.dll
Short name:
Date (created): 6/1/2007 3:50:52 PM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 9/3/2007 9:14:10 AM
Filesize: 578848
Attributes: archive
MD5: 11B757C44B95B50ECE47B3E1128B8A2B
CRC32: 384A8A8C
Version: 6.9.2674.0

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
Codebase: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 6/20/2006 4:44:04 PM
Date (last access): 5/6/2009 5:09:14 PM
Date (last write): 6/20/2006 4:44:04 PM
Filesize: 379704
Attributes: archive
MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
CRC32: A13093E8
Version: 10.0.913.0

{6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class)
DPF name:
CLSID name: Kodak Gallery Easy Upload Manager Class
Installer: C:\WINDOWS\Downloaded Program Files\axofupld.inf
Codebase: http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: axofupld.dll
Short name:
Date (created): 8/21/2007 12:30:00 PM
Date (last access): 5/6/2009 5:09:14 PM
Date (last write): 8/21/2007 12:30:00 PM
Filesize: 196608
Attributes: archive
MD5: 6D7A5FA14CADB19AD77B20A054F8C14A
CRC32: CCB39000
Version: 2.2.1.25

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 3:03:56 PM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 11/10/2005 3:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 4:10:58 AM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 10/12/2006 4:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 11/9/2006 4:07:34 PM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 11/9/2006 4:21:54 PM
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 2/2/2009 9:07:18 PM
Date (last access): 5/6/2009 5:04:48 PM
Date (last write): 2/2/2009 9:07:18 PM
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87

{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class)
DPF name:
CLSID name: Virtools WebPlayer Class
Installer:
Codebase: http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
Path: C:\Program Files\Virtools\3D Life Player\
Long name: WebPlayer.ocx
Short name: WEBPLA~1.OCX
Date (created): 1/19/2007 10:41:42 PM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 1/19/2007 10:41:42 PM
Filesize: 292416
Attributes: archive
MD5: 40CE65674ADCA0B0E4E26ED823A61989
CRC32: 9F5C2362
Version: 4.0.0.42

{DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl)
DPF name:
CLSID name: CacheManager.CacheManagerCtrl
Installer: C:\WINDOWS\Downloaded Program Files\CacheManager.INF
Codebase: http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: CacheManager.ocx
Short name: CACHEM~1.OCX
Date (created): 11/16/2006 12:13:32 PM
Date (last access): 5/6/2009 5:30:28 PM
Date (last write): 11/16/2006 12:13:32 PM
Filesize: 94208
Attributes: archive
MD5: A2B6DEE17C4D8E5370919B293E9E66B1
CRC32: EEBC9AEE
Version: 2.1.0.20

--- Process list ---
PID: 0 ( 0) [System]
PID: 776 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 852 ( 776) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 880 ( 776) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 924 ( 880) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 936 ( 880) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1140 ( 924) C:\WINDOWS\system32\Ati2evxx.exe
size: 393216
MD5: ED8D753788232B81A7E8EF5D59EC3417
PID: 1152 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1260 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1336 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1396 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1592 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1852 ( 924) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 336 ( 880) C:\WINDOWS\system32\Ati2evxx.exe
size: 393216
MD5: ED8D753788232B81A7E8EF5D59EC3417
PID: 472 ( 392) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 596 ( 472) C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
size: 507904
MD5: 2DF07BC576F814D9122F338EAD4B4220
PID: 604 ( 472) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389
PID: 616 ( 472) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1947928
MD5: 74966D40F38C4E4A4DC712AB353E8634
PID: 636 ( 472) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 33648
MD5: 35DCD380D4D579D8B8EA91D5D8AE444C
PID: 688 ( 472) C:\Program Files\iTunes\iTunesHelper.exe
size: 342312
MD5: 0CDB6449C0C2BF0B514F9FA0BA2C721E
PID: 732 ( 472) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 396 ( 472) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 756 ( 472) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
PID: 136 ( 628) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1015808
MD5: CF76682825BA63D4527DE57DA469D325
PID: 1792 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1040 ( 924) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 132424
MD5: 367592EFCA7FF8B4CE11AB6B0744E1E2
PID: 1932 ( 924) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 298776
MD5: BFC093C2DDDE8FCE5DA078E663B4515B
PID: 1956 ( 924) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 1984 ( 924) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 2032 ( 924) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 240 ( 924) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 1284 ( 924) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: 258CACA1DAADE43978E2ECC9BDC94E1C
PID: 300 ( 924) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389
PID: 800 ( 924) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
size: 99248
MD5: DEB8A241D5671F7D4188F86E2AEB6960
PID: 1376 ( 924) C:\WINDOWS\system32\lxddcoms.exe
size: 537520
MD5: CF75575381E8F50E10B1BF0C6BE42104
PID: 1564 ( 924) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: A9D6B1E7EF097C7F3B5DC4F56C0E7386
PID: 644 ( 924) C:\WINDOWS\system32\PnkBstrB.exe
size: 202352
MD5: 27BAB406A1FF4C0C8296C9336E49CD64
PID: 2152 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2232 ( 924) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2288 ( 924) C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
size: 241737
MD5: 00F782E369F1262FD6C8E995035B3DE5
PID: 2316 ( 924) C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
size: 204873
MD5: 51590F2B1BAF59E60450A7553645CB7C
PID: 2432 ( 924) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
size: 98304
MD5: 16CF6F0847C36FF3A85930ECBC4D3C43
PID: 2468 ( 924) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2632 (1932) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 486168
MD5: DB59F43CC0ADE2AA73D131A280E095A1
PID: 3092 (1984) C:\Program Files\Prevx\prevx.exe
size: 4368952
MD5: C616BD429CC9C05E4EF72B211A5DBFDB
PID: 3552 (1152) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 3660 ( 924) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 3880 ( 924) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 1036 (1152) C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
size: 516182
MD5: B574D62402D330527E5DF6565050553B
PID: 2748 ( 924) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 3412 (1932) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
size: 594712
MD5: 8F97675F10D4AF073FCFAB85ACEA1906
PID: 352 ( 472) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3624 ( 472) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: CA2AC84AA6C67F742D9785E553848927
PID: 512 ( 880) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: 2CD1C3506A85B38E2D17E61ADED175C4
PID: 4 ( 0) System

tashi · May 6, 2009

Hello jalbertind,

jalbertind said:
I'll post the results to my scan in a sec, but are there any telltale signs of any single, easy-to-fix infection at the moment? Thanks. =P

~~Before proceeding~~ please see this forum's sticky FAQ on how to produce a HJT log and then start a new topic providing that log only.

Helpers look for topics without a response you see.

Best regards.

Edit: Please read the FAQ and start a new thread, thanks.

jalbertind · May 6, 2009

part 2:

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/6/2009 5:34:35 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
Zuma Deluxe from Hewlett-Packard Laptops (remove only) (074EEF5F-3BE8-4112-B253-C5D6CDE2924C)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"
publisher: WildTangent

Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) (0E5266B4-9069-401A-93AE-5FF9F1712016)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
publisher: WildTangent

SCRABBLE from Hewlett-Packard Laptops (remove only) (103EFD47-9F2C-4490-95DD-AE6C442AFB92)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
publisher: WildTangent

GemMaster Mystic (12133444-BF36-4d4e-B7FB-A3424C645DE4)
uninstall cmd: "C:\Program Files\GemMaster\uninstallgemmaster.exe"

Tradewinds from Hewlett-Packard Laptops (remove only) (1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
publisher: WildTangent

Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) (382C11F0-1A18-4F76-B8E0-15CA7F209C22)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
publisher: WildTangent

Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) (384E0BF4-1E1F-45A6-B60E-42144A3F15CD)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
publisher: WildTangent

Jewel Quest from Hewlett-Packard Laptops (remove only) (4C061F83-EE92-445A-A03F-184B0BD59242)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
publisher: WildTangent

Boggle Supreme from Hewlett-Packard Laptops (remove only) (5658FB14-16A4-4DAE-946B-1457BE31572E)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
publisher: WildTangent

Lexibox Deluxe from Hewlett-Packard Laptops (remove only) (5758A0E8-A112-4A1D-82EC-EC72F7F16B88)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
publisher: WildTangent

5 Card Slingo from Hewlett-Packard Laptops (remove only) (5DE4D54F-AA79-43A4-9C8A-C173E7E2B025)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
publisher: WildTangent

Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) (6E377D95-DF37-4E67-B64B-68C314600BCB)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
publisher: WildTangent

Big Kahuna Reef from Hewlett-Packard Laptops (remove only) (7948472C-423F-4134-B68F-48D660A05D71)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
publisher: WildTangent

Bounce Symphony from Hewlett-Packard Laptops (remove only) (7A940E33-6993-404B-ABA6-ED62E8FBE615)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
publisher: WildTangent

Super Granny from Hewlett-Packard Laptops (remove only) (7ED8A70C-9597-40BE-AEA0-0573182F1F51)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
publisher: WildTangent

Polar Bowler from Hewlett-Packard Laptops (remove only) (7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
publisher: WildTangent

Blasterball 2 from Hewlett-Packard Laptops (remove only) (9F3399B2-9ED6-4339-84A2-686432638B86)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
publisher: WildTangent

(AddressBook)

Adobe Flash Player 10 ActiveX 10.0.22.87 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Adobe Flash Player 10 Plugin 10.0.22.87 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

Adssite Games Collection (AdssiteGames)
uninstall cmd: C:\Program Files\Adssite Games Collection\uninstall.exe

AIM 6 (AIM_6)
uninstall cmd: C:\Program Files\AIM6\uninst.exe

(AOL Diagnostics_N)

(AOLOCP_Y)

ATI Display Driver 8.202-051201a2-029034C-HP (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean

(AudioPlugin.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

(AVG7Uninstall)

AVG 8.5 (AVG8Uninstall)
version (major): 8
version (minor): 5
install location: C:\Program Files\AVG\AVG8
uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
publisher: AVG Technologies

AVS DVDMenu Editor 1.0.0.5 (AVS DVDMenu Editor_is1)
install location: C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\
uninstall cmd: "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
publisher: Online Media Technologies Ltd.
help link: http://www.avs4you.com

Slyder from Hewlett-Packard Laptops (remove only) (B0202B33-E73D-4FCD-AC88-0B2971AFC116)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
publisher: WildTangent

Bookworm Deluxe from Hewlett-Packard Laptops (remove only) (B0769D17-E72A-4E87-A83F-1F7A3F080008)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
publisher: WildTangent

Otto (B3EE3001-DC24-4cd1-8743-5692C716659F)
uninstall cmd: "C:\Program Files\EnglishOtto\uninstallotto.exe"

(Branding)

Slingo Deluxe from Hewlett-Packard Laptops (remove only) (C264D692-8E15-4141-96A2-5621332E5DD0)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
publisher: WildTangent

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
publisher: Piriform

CEP - Color Enable Package 6.0b (beta) (CEP - Colour Enable Packages_is1)
install date: 20070627
install location: C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\
uninstall cmd: "C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins000.exe"
publisher: Numenor, for ModTheSims2
help link: http://cep.modthesims2.com

Conexant AC-Link Audio (CNXT_AUDIO)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF

Soft Data Fax Modem with SmartCP (CNXT_MODEM_PCI_VEN_1002&DEV_4378)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf

(Conexant PCI Audio)

(Connection Manager)

(CopyNow.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

Polar Golfer from Hewlett-Packard Laptops (remove only) (D2E44AA4-8665-4490-A6C9-2D0744B47B27)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
publisher: WildTangent

(DataPlugin.dll)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

Snowboard SuperJam 10/14/2005 02:33 PM (DED8E2B5-BA9F-448F-84E8-0AEF79876F95)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
publisher: WildTangent
comments: Distributed by Hewlett-Packard Laptops
help link: http://support.wildgames.com

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

Oasis from Hewlett-Packard Laptops (remove only) (E332F38A-75F6-4EF2-88CC-246E8A1CB5D7)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
publisher: WildTangent

Mah Jong Quest from Hewlett-Packard Laptops (remove only) (E76A7EFF-7758-49EE-B3FA-9699830A2D6B)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
publisher: WildTangent

Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) (E90E3AE9-73E4-4E5C-BB0F-673989A808D0)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
publisher: WildTangent

Crystal Maze from Hewlett-Packard Laptops (remove only) (E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
publisher: WildTangent

Puzzle Express from Hewlett-Packard Laptops (remove only) (EF860173-4FB7-4DE1-8BE8-5400F05A0DC5)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
publisher: WildTangent

Microsoft Office Enterprise 2007 12.0.6215.1000 (ENTERPRISE)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
publisher: Microsoft Corporation

ESPNMotion 2.1.6.0011 (ESPNMotion)
uninstall cmd: C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
publisher: ESPN Internet Ventures

Flip Words from Hewlett-Packard Laptops (remove only) (F2566CC2-D4C4-44ED-A838-3F8288D8D3FE)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
publisher: WildTangent

Firebird SQL Server - MAGIX Edition 2.0.1.13 (Firebird SQL Server US)
install date: 20081112
install location: C:\Program Files\MAGIX\Common\Database
uninstall cmd: C:\Program Files\MAGIX\Common\Database\unwise.exe
publisher: MAGIX AG

(Fontcore)

GameSpy Arcade (GameSpy Arcade)
uninstall cmd: C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG

GoldWave v5.17 (GoldWave v5.17)
uninstall cmd: "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.17" "C:\Program Files\GoldWave\unstall.log"

Google Updater 2.4.1536.6592 (Google Updater)
version (major): 2
version (minor): 4
install location: C:\Program Files\Google\Google Updater
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com:80/pack-support?hl=en&gl=us

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

HP Game Console and games (HP Game Console)
install location: C:\Program Files\WildTangent\Apps\HP Game Console
uninstall cmd: C:\Program Files\WildTangent\Apps\hpuninstall.exe
publisher: WildTangent

HP Imaging Device Functions 6.0 6.0 (HP Imaging Device Functions)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link: http://www.hp.com/support

HP Photosmart Premier Software 6.0 6.0 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support

hp psc 2100 series (hp psc 2100 series_Driver)
uninstall cmd: rundll32 hpzcon05.dll,VendorJettison hp psc 2100 series

HP Rhapsody (HP Rhapsody)
uninstall cmd: C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070822
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070822
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

Customer Experience Enhancement Customer Experience Enhancement -1.0.0.1680 (InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79})
version: 16777216
version (major): 1
estimated size: 336
install date: 20060413
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
publisher: Hewlett-Packard

Texas Instruments PCIxx21/x515/xx12 drivers. 1.15.0000 (InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A})
version: 17760256
version (major): 1
version (minor): 15
estimated size: 640
install date: 20060413
install source: c:\Swsetup\Misc3\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515/xx12 Software components
contact: Customer Support Department
help link: Please contact your vendor directly
help telephone: ...

Easy Internet Sign-up FE UI-4.1.0.1680 (InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D})
version: 50331648
version (major): 3
estimated size: 14004
install date: 20060413
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
publisher: Hewlett-Packard

(InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38})

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20080602
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

(KB892313)

(KB893240)

(KB893241)

3.1 (KB893803)
help link: http://go.microsoft.com/fwlink/?LinkId=42467

(KB895181)

(KB895316)

(KB895572)

(KB897586)

Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458

(KB898549)

Update Rollup 2 for Windows XP Media Center Edition 2005 (KB900325)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900325

(KB900399)

(KB902344)

Hotfix for Windows Media Player 10 (KB903157) (KB903157)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903157

(KB907658)

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060413
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

(KB911854)

Update for Windows Media Player 10 (KB913800) (KB913800)
install date: 20060801
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=913800

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060801
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB923561) 1 (KB923561)
install date: 20090417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923561

Security Update for Windows XP (KB923689) (KB923689)
install date: 20061215
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20070214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/923723

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20061215
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Windows XP Media Center Edition 2005 KB925766 (KB925766)
install date: 20070117
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925766

Update for Windows Media Player 10 (KB926251) (KB926251)
install date: 20061215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=926251

Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20070314
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=929399

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906

Security Update for Windows Media Player 11 (KB936782) (KB936782_WMP11)
install date: 20070815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782

Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20070823
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143

Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20070823
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127

Security Update for Windows XP (KB938464) 1 (KB938464)
install date: 20080910
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938464

Security Update for Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
install date: 20071011
uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939653

Hotfix for Windows Media Player 11 (KB939683) (KB939683)
install date: 20070829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=939683

Security Update for Windows XP (KB941569) (KB941569)
install date: 20071212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569

Security Update for Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20071212
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942615

Security Update for Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
install date: 20080215
uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944533

Security Update for Windows XP (KB946648) 1 (KB946648)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=946648

Hotfix for Windows Internet Explorer 7 (KB947864) 1 (KB947864-IE7)
install date: 20080409
uninstall cmd: "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=947864

Security Update for Windows Internet Explorer 7 (KB950759) 1 (KB950759-IE7)
install date: 20080611
uninstall cmd: "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950759

Security Update for Windows XP (KB950760) 1 (KB950760)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950760

Security Update for Windows XP (KB950762) 1 (KB950762)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950762

Security Update for Windows XP (KB950974) 1 (KB950974)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950974

Security Update for Windows XP (KB951066) 1 (KB951066)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951066

Update for Windows XP (KB951072-v2) 2 (KB951072-v2)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951072

Security Update for Windows XP (KB951376) 1 (KB951376)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376

Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20080621
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376

Security Update for Windows XP (KB951698) 1 (KB951698)
install date: 20080611
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951698

Security Update for Windows XP (KB951748) 1 (KB951748)
install date: 20080709
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951748

Update for Windows XP (KB951978) 1 (KB951978)
install date: 20080709
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951978

Security Update for Windows XP (KB952004) 1 (KB952004)
install date: 20090417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952004

Security Update for Windows Media Player (KB952069) (KB952069_WM9)
install date: 20081211
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=952069

Hotfix for Windows XP (KB952287) 1 (KB952287)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952287

Security Update for Windows XP (KB952954) 1 (KB952954)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952954

Security Update for Windows Internet Explorer 7 (KB953838) 1 (KB953838-IE7)
install date: 20080814
uninstall cmd: "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953838

Security Update for Windows XP (KB953839) 1 (KB953839)
install date: 20080814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953839

Security Update for Windows Media Player 11 (KB954154) (KB954154_WM11)
install date: 20080910
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=954154

Security Update for Windows XP (KB954211) 1 (KB954211)
install date: 20081016
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954211

Security Update for Windows XP (KB954459) 1 (KB954459)
install date: 20081112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954459

Security Update for Windows XP (KB954600) 1 (KB954600)
install date: 20081211
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954600

Security Update for Windows XP (KB955069) 1 (KB955069)
install date: 20081112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=955069

Update for Windows XP (KB955839) 1 (KB955839)
install date: 20081211
uninstall cmd: "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=955839

Security Update for Windows Internet Explorer 7 (KB956390) 1 (KB956390-IE7)
install date: 20081016
uninstall cmd: "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956390

Security Update for Windows XP (KB956391) 1 (KB956391)
install date: 20081016
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956391

Security Update for Windows XP (KB956572) 1 (KB956572)
install date: 20090417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956572

Security Update for Windows XP (KB956802) 1 (KB956802)
install date: 20081211
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956802

Security Update for Windows XP (KB956803) 1 (KB956803)
install date: 20081016
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956803

Security Update for Windows XP (KB956841) 1 (KB956841)
install date: 20081016
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956841

Security Update for Windows XP (KB957095) 1 (KB957095)
install date: 20081016
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957095

Security Update for Windows XP (KB957097) 1 (KB957097)
install date: 20081112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957097

Security Update for Windows Internet Explorer 7 (KB958215) 1 (KB958215-IE7)
install date: 20081211
uninstall cmd: "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958215

Security Update for Windows XP (KB958644) 1 (KB958644)
install date: 20081025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958644

Security Update for Windows XP (KB958687) 1 (KB958687)
install date: 20090114
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958687

Security Update for Windows XP (KB958690) 1 (KB958690)
install date: 20090311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958690

Security Update for Windows XP (KB959426) 1 (KB959426)
install date: 20090417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=959426

Critical Update for Windows Media Player 11 (KB959772) (KB959772_WM11)
install date: 20090311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=959772

Security Update for Windows XP (KB960225) 1 (KB960225)
install date: 20090311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960225

Security Update for Windows Internet Explorer 7 (KB960714) 1 (KB960714-IE7)
install date: 20081218
uninstall cmd: "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960714

Security Update for Windows XP (KB960715) 1 (KB960715)
install date: 20090212
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960715

Security Update for Windows XP (KB960803) 1 (KB960803)
install date: 20090417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960803

Security Update for Windows Internet Explorer 7 (KB961260) 1 (KB961260-IE7)
install date: 20090212
uninstall cmd: "C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961260

Security Update for Windows XP (KB961373) 1 (KB961373)
install date: 20090417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961373

Security Update for Windows Internet Explorer 7 (KB963027) 1 (KB963027-IE7)
install date: 20090417
uninstall cmd: "C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=963027

Update for Windows XP (KB967715) 1 (KB967715)
install date: 20090225
uninstall cmd: "C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=967715

(KBKB895961)

Lexmark 2500 Series (Lexmark 2500 Series)
uninstall cmd: C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
publisher: Lexmark International, Inc.
help link: http://support.lexmark.com

Lexmark Fax Solutions (Lexmark Fax Solutions)
uninstall cmd: C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
help link: http://support.lexmark.com

LiveUpdate 3.2 (Symantec Corporation) 3.2.0.68 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation

Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(MobileOptionPack)

Microsoft Money 2006 15 (Money2006b)
estimated size: 105603072
install location: C:\Program Files\Microsoft Money 2006
uninstall cmd: "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
publisher: Microsoft
comments: The installation database contains the logic and data required to install Money 2006.
contact: Microsoft Corporation
help link: http://support.microsoft.com
help telephone: (800) 936-5700
readme: C:\Program Files\Microsoft Money 2006\readme.txt

Morpheus Photo Morpher v3.01 (Morpheus Photo Morpher_is1)
install location: C:\Program Files\Morpheus Photo Morpher\
uninstall cmd: "C:\Program Files\Morpheus Photo Morpher\unins000.exe"
publisher: Morpheus Software, LLC
help link: http://www.morpheussoftware.net/morpheusmorph/forums.php

Mozilla Firefox (3.0.10) 3.0.10 (en-US) (Mozilla Firefox (3.0.10))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070117
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(My HP Game Console)

MySidesearch Search Assistant Dcads 1.0.1.5 (MySidesearchSearchAssistant)
uninstall cmd: C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070822
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Microsoft Office 97, Professional Edition (Office8.0)
uninstall cmd: C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF

KODAK EASYSHARE Gallery Upload ActiveX Control (OfotoEZUpload)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Prevx 3.0 (PCSI)
install location: C:\Program Files\Prevx\
uninstall cmd: "C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
publisher: Prevx

Plato Video Converter 5.49 (Plato Video Converter_is1)
install date: 20070516
install location: C:\Program Files\Plato Video Converter\
uninstall cmd: "C:\Program Files\Plato Video Converter\unins000.exe"
publisher: Plato Global Creativity
help link: http://www.dvdtompegx.com/html/videoconverter.html

Advertisement Service (prnet)
uninstall cmd: C:\WINDOWS\system32\prnet.tmp Uninstall

HP Photo and Imaging 1.0 - PSC 2000 Series (PSC 2000 Series)
uninstall cmd: C:\Program Files\HP\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat

QQ Games 2.0.102.33 (QQ Games)
uninstall cmd: C:\Program Files\Tencent\QQ Games\Uninstall.EXE

(SchedulingAgent)

(Shockwave)

SimPE 0.62 (alpha) 0.62 (alpha) (SimPE_is1)
install location: C:\Program Files\SimPE\
uninstall cmd: "C:\Program Files\SimPE\unins000.exe"
publisher: Ambertation
help link: http://ambertation.de/simpeforum/

Enhancement Browser Tools Superiorads 1.0.7.9 (superiorads)
uninstall cmd: C:\WINDOWS\system32\superiorads-uninst.exe

Synaptics Pointing Device Driver 10.0.13.2 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
publisher: Synaptics

Virtools 3D Life Player 4.0.0.x (Virtools3DLifePlayer)
uninstall cmd: C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
publisher: Virtools
help link: http://player.virtools.com/

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0069.2 (WGA)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20060814
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

(WIC)

My HP Games 1.0.0.50 (WildTangent hp Master Uninstall)
install location: C:\Program Files\HP Games
uninstall cmd: "C:\Program Files\HP Games\Uninstall.exe"
publisher: WildTangent

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3 20080414.031525 (Windows XP Service Pack)
install date: 20080602
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929

GTK+ 2.10.6-1 runtime environment (WinGTK-2_is1)
install date: 20070501
install location: C:\Program Files\Common Files\GTK\2.0\
uninstall cmd: "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
publisher: Tor Lillqvist
help link: http://gimp-win.sf.net/

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070117
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070117
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

World of Warcraft (World of Warcraft)
install location: C:\Program Files\World of Warcraft\
install source: C:\Program Files\World of Warcraft\
uninstall cmd: C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
publisher: Blizzard Entertainment

WT039008 (WT039008)
install location: C:\Program Files\HP Games\Family Feud
uninstall cmd: "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
publisher: WildTangent
comments: Distributed by My HP Games

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070117
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

wxPython 2.8.7.1 (ansi) for Python 2.5 2.8.7.1-ansi (wxPython2.8-ansi-py25_is1)
install date: 20080820
install location: C:\Python25\Lib\site-packages\
uninstall cmd: "C:\Python25\Lib\site-packages\wx-2.8-msw-ansi\unins000.exe"
publisher: Total Control Software
help link: http://wxPython.org/maillist.php

Xfire (remove only) (Xfire)
uninstall cmd: "C:\Program Files\Xfire\uninst.exe"

XviD MPEG-4 Codec (XviD)
uninstall cmd: "C:\Program Files\XviD\UninstXviD.exe"

Bonjour 1.0.106 ({07287123-B8AC-41CE-8346-3D777245C35B})
version: 16777322
version (major): 1
estimated size: 493
install date: 20090331
install location: C:\Program Files\Bonjour\
install source: C:\Documents and Settings\James\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Sonic Data Module 2.0.4 ({075473F5-846A-448B-BCB3-104AA1760205})
version: 33554436
version (major): 2
estimated size: 16752
install date: 20060413
install source: C:\SWSETUP\SonicDMP\SC_DATA_204\
uninstall cmd: MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
publisher: Sonic Solutions
help link: http://support.sonic.com/

Wireless Home Network Setup 1.1.154.1 ({09D8492A-C8E2-421E-927D-46800FB327A3})
version: 16842906
install date: 20060927
install location: C:\Program Files\HP\HPNetworkAssistant
install source: C:\DOCUME~1\MOM&DA~1.YOU\LOCALS~1\Temp\pft8F.tmp\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
publisher: Hewlett-Packard

ATI Control Panel 6.14.10.5171 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 770
install date: 20070510
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation

Lexmark Toolbar ({1017A80C-6F09-4548-A84D-EDD6AC9525F0})
uninstall cmd: regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"

Apple Mobile Device Support 2.4.0.27 ({162B71B8-8464-4680-A086-601D555B331D})
version: 33816576
version (major): 2
version (minor): 4
estimated size: 40961
install date: 20090331
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\Documents and Settings\James\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

CP_CalendarTemplates1 60.0.155.000 ({1CB34CE9-0E6B-493F-BB66-3425E5DF76E5})
version: 1006633115
version (major): 60
estimated size: 2349
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\CP_CalendarTemplates1\
publisher: Hewlett-Packard

Google Earth 4.3.7284.3916 ({1D14373E-7970-4F2F-A467-ACA4F0EA21E3})
version: 67312756
version (major): 4
version (minor): 3
estimated size: 25872
install date: 20080914
install location: C:\Program Files\Google\Google Earth\
install source: C:\DOCUME~1\James\LOCALS~1\Temp\7ZipSfx.000\
uninstall cmd: MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
publisher: Google

Sonic MyDVD Plus 6.2.0 ({21657574-BD54-48A2-9450-EB03B2C7FC29})
version: 100794368
version (major): 6
version (minor): 2
estimated size: 272592
install date: 20060413
install source: C:\SWSETUP\SonicDMP\MYDVD_62\
uninstall cmd: MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
publisher: Sonic Solutions
help link: http://support.sonic.com/

QuickTime 7.60.92.0 ({216AB108-2AE1-4130-B3D5-20B2C4C80F8F})
version: 121372764
version (major): 7
version (minor): 60
estimated size: 76137
install date: 20090331
install location: C:\Program Files\QuickTime\
install source: C:\Documents and Settings\James\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Customer Experience Enhancement Customer Experience Enhancement -1.0.0.1680 ({23012310-3E05-46A5-88A9-C6CBCABCAC79})
version: 16777216
version (major): 1
estimated size: 336
install date: 20060413
install source: C:\hp\tmp\src\
publisher: Hewlett-Packard

CP_Package_Variety2 60.0.155.000 ({23B35809-5E4A-4F14-8332-1CDEDDFAC089})
version: 1006633115
version (major): 60
estimated size: 8617
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\CP_Package_Variety2\
publisher: Hewlett-Packard

Destinations 60.0.155.000 ({24BEBF2E-73F3-4599-840B-EDC612CCDD0D})
version: 1006633115
version (major): 60
estimated size: 17007
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\Destinations\
publisher: Hewlett-Packard

Quicken 2006 15.1.3.1 ({2818095F-FB6C-42C8-827E-0A406CC9AFF5})
version: 251723779
version (major): 15
version (minor): 1
estimated size: 74037
install date: 20060413
install source: C:\Program Files\Quickensetup\DISK1\
uninstall cmd: MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
publisher: Intuit
comments: All URL's valid as of July 2006
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: C:\Program Files\Quicken\Readme.wri

muvee autoProducer 4.5 4.50.050 ({286F29AF-0BE2-4D5F-AB17-B7631A810553})
version: 70385714
install location: C:\Program Files\muvee Technologies\muvee autoProducer 4.5 - SE
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
publisher: muvee Technologies
help link: http://store.muvee.com/?f=support&k=UFDDH-DURPF-CBNMD-PUFDD-HEW9M&w=01020314&l=1033

SkinsHP1 60.0.155.000 ({2A548002-9042-4083-A270-B67473DE1073})
version: 1006633115
version (major): 60
estimated size: 13
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\SkinsHP1\
publisher: Hewlett-Packard

Sonic Update Manager 3.0.0 ({30465B6C-B53F-49A1-9EBA-A3F187AD502E})
version: 50331648
version (major): 3
estimated size: 2444
install date: 20060413
install source: C:\SWSETUP\SonicDMP\UPDATEMANAGER_MSI\
uninstall cmd: MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
publisher: Sonic Solutions

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 155929
install date: 20060413
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 149061
install date: 20061217
install source: http://javadl.sun.com/webapps/download/GetFile/1.5.0_09-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_09\README.txt

J2SE Runtime Environment 5.0 Update 10 1.5.0.100 ({3248F0A8-6813-11D6-A77B-00B0D0150100})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 149217
install date: 20061230
install source: http://javadl.sun.com/webapps/download/GetFile/1.5.0_10-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_10\README.txt

Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 163726
install date: 20070427
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_01-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 136370
install date: 20070824
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

Unload 6.0.0 ({34F3FCF1-817B-4D61-B6AF-19D9486AFEA0})
version: 100663296
version (major): 6
estimated size: 8873
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\UnloadIntent\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2456
install date: 20050817
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

OptionalContentQFolder 1.00.0000 ({36D620AD-EEBA-4973-BA86-0C9AE6396620})
version: 16777216
version (major): 1
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\QFolder\
publisher: Hewlett-Packard

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20061118
install source: c:\6e7c801b499dd20e9fe8eaab8967cb\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

Trend Micro Antivirus 11.25 ({3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C})
version: 186187776
version (major): 11
version (minor): 25
estimated size: 23519
install date: 20060731
install location: C:\Program Files\Trend Micro\Antivirus\
install source: \\10.32.227.102\trendmicro\Setup\
uninstall cmd: MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
publisher: Trend Micro
help link: http://kb.trendmicro.com/solutions/
help telephone: 949-387-7800

RandMap 60.0.155.000 ({3FE0CFAB-584A-4AA5-B8CD-C32284CFA308})
version: 1006633115
version (major): 60
estimated size: 22648
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\RandMap\
publisher: Hewlett-Packard

BufferChm 60.0.155.000 ({4041C245-7099-4C96-9738-5EBC23827B3C})
version: 1006633115
version (major): 60
estimated size: 5125
install date: 20060413
install source: C:\SWSETUP\HPhotoST\setup\BufferChm\
publisher: Hewlett-Packard

Microsoft Works 08.04.0623 ({416D80BA-6F6D-4672-B7CF-F54DA2F80B44})
version: 134480495
version (major): 8
version (minor): 4
estimated size: 291561
install date: 20060413
install source: C:\swsetup\MSWorks\US\
uninstall cmd: MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:

tashi · May 6, 2009

http://forums.spybot.info/showpost.php?p=310495&postcount=3

Help! Virtumonde and now PWS.LDPinchIE?!

jalbertind

New member

jalbertind

New member

tashi

Member of Team Spybot

jalbertind

New member

tashi

Member of Team Spybot