Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Browsebar.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-18-2007, 01:58 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Browsebar.exe
Hi everyone

Looks like I've picked up a virus. Interestingly I think I got it downloading the 'Spyware Doctor' from the google pack (it's the only component that I downloaded) . Had no end of problems since but a system restore has helped.

I noticed that on my system startup (through msconfig) that 'Browsebar.exe' has appeared. I presume it's not good!

Also under the statup I notice that there is an item with no name & the command box is blank. The location is HKLM\SOFTWARE.....\CurrentVersion|Run. As there is no name I'm very suspicious.

Anyway, I've copied the log from HiJack this and would appreciate any feedback. I am a complete numpty when it comes to computers so please speak very clearly and slowly

Many thanks

Chris

Logfile of HijackThis v1.99.1
Scan saved at 08:22:23, on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Abbey\Introducer Internet Offline\MSSQL$ABBEYIIOFFLINE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INERTIA3\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\NoPops\NoPops.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sharp\Sharpdesk\nsapp.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\RMClient\PMClient.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wisptis.exe
C:\PROGRA~1\MI9E8D~1\Office10\MSACCESS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avginet.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\Rar$EX01.156\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.seloc.org/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ukonline.co.uk
R3 - URLSearchHook: (no name) - {C84781E8-7C8B-A986-D8D3-E55B5EB7E7CF} - NopeZ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NoPops] C:\Program Files\NoPops\NoPops.exe
O4 - HKLM\..\Run: [StartI3DB] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe -Action 1 -Silent 1 -Server INERTIA3 -Service MSSQL$INERTIA3
O4 - HKLM\..\Run: [StartSQLManager] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LOPTCON] browsebar.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jbtuw.exe] C:\WINDOWS\system32\jbtuw.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" /n
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ukonline.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00419909-D3D7-4E6B-81E7-B0A81654A213} - http://195.10.116.33/scotprov/downlo...07/install.cab
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {0438E7DA-99AF-44DD-BE72-35C67488516B} - http://195.10.116.33/scotprov/downlo...ix/install.cab
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://www.osis.uk.com/vscnfchk.cab
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientb...bCListCtl3.CAB
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdi...rontdoorFD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1FDAD4E8-5DD8-40F7-BDCD-E12A3A20AB46} - http://195.10.116.33/scotprov/downlo...2a/install.cab
O16 - DPF: {21B85760-1A22-4275-BFBE-112F24313309} - http://195.10.116.33/scotprov/downlo...11/install.cab
O16 - DPF: {25560CDC-FC1E-11D8-81BD-400009907187} - http://195.10.116.33/scotprov/downlo...08/install.cab
O16 - DPF: {2B44FB87-A9EF-4949-9FED-AFC7C4878875} - http://195.10.116.33/scotprov/downlo...09/install.cab
O16 - DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} (Parser Class) - http://exweb.exchange.uk.com/clientb.../XMLParser.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientb...WGPensions.CAB
O16 - DPF: {4BE36914-BE97-4154-9FF2-40C7BB4580C8} - http://195.10.116.33/scotprov/downlo...4a/install.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://dev.imagingworld.co.kr/printe.../DrPrinter.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientb...GWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientb...mAssurance.CAB
O16 - DPF: {616A35BA-2A1D-4564-83A3-567EEACBB3FC} - http://195.10.116.33/scotprov/downlo...0a/install.cab
O16 - DPF: {69B4A8BE-3C8B-4109-9BD8-5F7F2D7622B0} - http://195.10.116.33/scotprov/downlo...00/install.cab
O16 - DPF: {6F45957A-9994-459C-8C37-D9846338F7FD} - http://195.10.116.33/scotprov/downlo...02/install.cab
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {8991D2F1-4255-4B3F-B413-E517F459AA29} - http://195.10.116.33/scotprov/downlo...03/install.cab
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - http://exweb.exchange.uk.com/clientb...ersionInfo.CAB
O16 - DPF: {9062F088-87F1-11D9-81D8-400009907187} - http://195.10.116.33/scotprov/downlo...12/install.cab
O16 - DPF: {91F82BFF-F70C-11D2-BB68-0008C7E9C2C6} (TEXNBSHELL.ProposalForm) - http://exweb.exchange.uk.com/texonli...texnbshell.cab
O16 - DPF: {95804D3E-3D16-41AE-B6CB-9E58B82E0FF0} - http://195.10.116.33/scotprov/downlo...04/install.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {9F21EC88-3BCD-11D9-81CF-400009907187} - http://195.10.116.33/scotprov/downlo...10/install.cab
O16 - DPF: {A5C1F489-084E-47E0-8AA5-0EA4E6A42546} - http://195.10.116.33/scotprov/downlo...02/install.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientb...eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientb...bCListCtl2.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B1283429-F6B4-4BAE-9C11-F061FE9A5A6D} - http://195.10.116.33/scotprov/downlo...08/install.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B4126499-423E-46E6-87B3-603657FE830A} - http://195.10.116.33/scotprov/downlo...10/install.cab
O16 - DPF: {B84C4233-68C6-4BA7-B01C-330DFE5DD4AB} - http://195.10.116.33/scotprov/downlo...03/install.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C157A476-3811-4D69-AF6B-3D4F53B56CC4} - http://195.10.116.33/scotprov/downlo...3b/install.cab
O16 - DPF: {C76E8084-A91F-48EA-906E-95E7BD248D9D} - http://195.10.116.33/scotprov/downlo...01/install.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientb...mAssurance.CAB
O16 - DPF: {DC23C705-6961-11D9-81D4-400009907187} - http://195.10.116.33/scotprov/downlo...11/install.cab
O16 - DPF: {DD4DED28-05EE-4015-BE77-BCD60DF5C9C4} - http://195.10.116.33/scotprov/downlo...00/install.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientb...s/printdll.CAB
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientb...s/eXwebOcc.CAB
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home...control015.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - http://exweb.exchange.uk.com/clientbinaries/pvdt70.CAB
O16 - DPF: {EC97795B-7867-40BA-92CA-32C2F219616E} - http://195.10.116.33/scotprov/downlo...06/install.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...74/mcfscan.cab
O16 - DPF: {EF9A1539-BB45-4691-91A6-BF2EC9B054DB} - http://195.10.116.33/scotprov/downlo...3a/install.cab
O16 - DPF: {F26CB3E7-AAC0-4ECD-9884-8C88764E60E9} - http://195.10.116.33/scotprov/downlo...5a/install.cab
O16 - DPF: {F41DB19B-E6B2-11D8-81BB-400009907187} - http://195.10.116.33/scotprov/downlo...07/install.cab
O16 - DPF: {FBF3A7F3-22D0-42F0-9461-2CBF77EDF9B3} - http://195.10.116.33/scotprov/downlo...04/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{179E12FE-B36F-4DBB-B4D4-E17DC3967064}: NameServer = 62.24.252.135 62.24.252.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{179E12FE-B36F-4DBB-B4D4-E17DC3967064}: NameServer = 62.24.252.135 62.24.252.134
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Last edited by Chris McPherson; 07-18-2007 at 02:02 AM.
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-18-2007, 03:52 PM   #2 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Bump!

Has anyone heard of browsebar.exe? Is it genuine or is it bad news? Thanks

Chris
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-22-2007, 05:37 AM   #3 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,648
OS: xp


Re: Browsebar.exe
Hello Chris
running a program from within a zip is not a good idea
C:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\Rar$EX01.156\HijackThis.exe

lets back up a bit, fallow the five steps here please.
http://www.techsupportforum.com/secu...sting-log.html
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-22-2007, 03:18 PM   #4 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Hi Lonny

I have followed those steps prior to my post.

Cheers

Chris
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-22-2007, 05:01 PM   #5 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,648
OS: xp


Re: Browsebar.exe
Where are your Panda and DDS logs ?
Last edited by LonnyRJones; 07-22-2007 at 05:03 PM.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 06:55 AM   #6 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Quote:
Originally Posted by LonnyRJones View Post
Where are your Panda and DDS logs ?
Hi

Sorry but I'd only completed step one thinking that was it! I've now completed all 5 steps and include the logs as follows: -


main...


All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter>
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 ZPMODEMSYSNTDRVNT - c:\windows\system32\drivers\zpmodemnt.sys (file missing)
S3 ATHFMWDL (NETGEAR WG111T bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-21 11:50:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-05 20:00:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-12-02 00:36:02 260 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2007-06-23 and 2007-07-23 -----------------------------

2007-07-23 13:17:41 0 d-------- C:\ie-spyad
2007-07-23 13:04:38 0 d-------- C:\Program Files\SpywareBlaster
2007-07-23 10:43:24 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-23 10:43:22 0 d-------- C:\WINDOWS\LastGood
2007-07-21 11:44:48 13132 --a------ C:\dnsbak.reg
2007-07-17 10:57:46 0 d-------- C:\Program Files\Common Files\xing shared
2007-07-16 12:51:06 0 d-------- C:\Program Files\Spyware Doctor
2007-07-11 18:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-07-04 18:08:39 0 d-------- C:\Documents and Settings\Chris McPherson\Application Data\Feedreader
2007-07-04 18:08:31 0 d-------- C:\Program Files\FeedReader30


-- Find3M Report ---------------------------------------------------------------

2007-07-23 12:03:35 0 d-------- C:\Program Files\Windows Defender
2007-07-23 11:58:09 0 d-------- C:\Program Files\RMClient
2007-07-23 11:53:23 0 d-------- C:\Program Files\NoPops
2007-07-23 11:45:27 0 d-------- C:\Program Files\iTunes
2007-07-23 11:40:56 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-07-20 14:21:01 0 d-------- C:\Documents and Settings\Chris McPherson\Application Data\AdobeUM
2007-07-17 11:15:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 10:58:09 0 d-------- C:\Program Files\Google
2007-07-17 10:57:50 0 d-------- C:\Program Files\Common Files\Real
2007-05-25 17:57:31 0 d-------- C:\Program Files\Northern Rock Online


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\C-Major Audio\\stacmon.exe"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Drag'n Drop CD+DVD"="C:\\Program Files\\drag'n drop cd+dvd\\BinFiles\\DragDrop.exe /StartUp"
"MplSetUp"="C:\\Program Files\\RMClient\\MplSetUp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe"
"NoPops"="C:\\Program Files\\NoPops\\NoPops.exe"
"StartI3DB"="C:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\scm.exe -Action 1 -Silent 1 -Server INERTIA3 -Service MSSQL$INERTIA3"
"StartSQLManager"="C:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe /n"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"LOPTCON"="browsebar.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"pdfFactory Dispatcher v2"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"JobHisInit"="C:\\Program Files\\RMClient\\JobHisInit.exe"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"IndexTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\IndexTray.exe\" /n"
"SharpTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\SharpTray.exe\""
"TypeRegChecker"="\"C:\\Program Files\\Sharp\\Sharpdesk\\TypeRegChecker.exe\""
"FtpServer.exe"="\"C:\\Program Files\\Sharp\\Sharpdesk\\FtpServer.exe\" -usedefault"
"Receiver"="C:\\Program Files\\SHARP\\PCFAX2\\PcfaxRcv.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RKPAVPROC


-- End of Deckard's System Scanner: finished at 2007-07-23 at 13:45:01 ---------

extra...

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 509.48 MiB / 188.39 MiB
Pagefile Memory (total/avail): 1248.06 MiB / 763.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1961.84 MiB

C: is Fixed (NTFS) - 27.95 GiB total, 7.62 GiB free.
D: is Fixed (NTFS) - 46.58 GiB total, 25.8 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v6.1.737.000 (Zone Labs, Inc.)
AV: AVG 7.5.476 v7.5.476 (GRISOFT) Disabled
AV: Avira AntiVir PersonalEdition v 6.39.0.178
(Avira GmbH)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris McPherson\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris McPherson
LOGONSERVER=\\CHRIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\CTP;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\CTP
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SDImgTemp=C:\Program Files\Sharp\Sharpdesk\Temp
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRISM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRISM~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=CHRIS
USERNAME=Chris McPherson
USERPROFILE=C:\Documents and Settings\Chris McPherson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Chris McPherson (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{17BB7031-B6D9-4D27-A3A1-B0E672A0972C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abbey Introducer Offline --> MsiExec.exe /X{BCEB7976-D8C2-4416-A4FA-66B2B800FE7E}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Image Viewer Plugin 4.0 --> C:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Install.log
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Premiere 6 LE --> C:\Program Files\Adobe\Premiere 6 LE\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6 LE\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69A0D256-A72C-4C33-9413-E1C0174CA7F4}\Setup.exe" -l0x9
Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon iP4300 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0009
Canon iP4300 User Registration --> C:\Program Files\Canon\IJEREG\iP4300\UNINST.EXE
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Canon Setup Utility 2.3 --> "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CETA Quotes --> "C:\NEWQUO\Remove.exe" /U:"C:\NEWQUO\Remove.log"
Click to DVD 1.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
DMW Client Beta 3.0 --> C:\Program Files\DMW Client\uninst.exe
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVgate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Exchange FS - exchange v5.31 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A3AC90-C48A-11D1-BADD-0008C760D0B1}\Setup.EXE" -l0x9
FeedReader --> "C:\Program Files\FeedReader30\unins000.exe"
FinePrint pdfFactory Pro (1.x) --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppinst1.exe /uninstall
goal viewer (offline) Trigold Edition --> MsiExec.exe /X{9A7696A1-20C2-4909-9069-B564D0FD1C8D}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\Rar$EX01.156\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Inertia 3 --> MsiExec.exe /X{28111ADB-F25B-4D2D-8729-086C68D09D06}
Intel(R) AnyPoint(R) Modem --> C:\WINDOWS\DslDel.exe
Intermediary Mortgages Application --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5E979887-44F8-4917-A05B-AFFD370AD833}
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_07 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142070}
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{E18B6DCE-AE5A-4E16-AFFA-EB8F3E09FBD6}
Manual CanoScan LiDE 60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x9 /UNINSTALL
Microsoft Access 2000 Runtime --> MsiExec.exe /I{00180409-78E1-11D2-B60F-006097C998E7}
Microsoft Access 2002 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0050048383C9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Mortgage Trading Exchange --> C:\MBL\UNWISE.EXE C:\MBL\INSTALL.LOG
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
NETGEAR WG111T Smart Wizard Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3D249F10-79EC-48D4-93E5-C470ABE523FA}
NoPops v1.2 --> "C:\Program Files\NoPops\unins000.exe"
Northern Rock Online --> MsiExec.exe /I{86D5596F-AB96-49F2-966C-AA440B694728}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsz.inf
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-03-18-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-03-18-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
pdfFactory --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst2.exe /uninstall
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PictureGear Studio 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62100}\Setup.exe"
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\Setup.exe" -l0x9
Professional Adviser --> C:\Independ\UNWISE.EXE C:\Independ\INSTALL.LOG
Prospector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE14183D-3BCB-4733-B8C6-3288A3D4BA65}\setup.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Readiris Pro 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CA9D105-113C-11D8-AB3E-000102B0F79A}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Scottish Provident QUOD v7.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4C2F093A-2D31-11D7-80D6-400009907187}
Scottish Provident Self Assurance v7.02 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CAB60BC0-D3B9-444A-9580-305F6090332F}
Scottish Provident Self Assurance v7.03 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9449491-DEA8-4AD1-86AC-AA8F126513E6}
Scottish Provident Self Assurance v7.03a --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{99FBF901-705E-403D-AA68-559D00DFC503}
Scottish Provident Self Assurance v7.04 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{331E2992-A339-4AC3-9EB3-8DF00D43674E}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SHARP AR-351/355/451/455 Series PCL Printer Driver --> C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\ush2.isu -cC:\WINDOWS\system32\ush2.dll
SHARP PC-FAX driver V2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SHARP\PCFAX2\Uninst.isu" -cC:\PROGRA~1\SHARP\PCFAX2\IPDrNT.dll
Sharpdesk --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0AEF384B-610F-4309-8DA3-91834FE4E80E} /l2057 UNINSTALL
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SmartNetMonitor for Client --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RMClient\UninstC.isu" -c"C:\PROGRA~1\RMClient\_PMCEND.DLL"
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_814E104D\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_814E104D
SonicStage 1.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
System Security Suite 1.03.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Igor Shpak\System Security Suite 1.03.1\DeIsL1.isu" -c"C:\Program Files\Igor Shpak\System Security Suite 1.03.1\_ISREG32.DLL"
System Security Suite 1.04 --> C:\Program Files\System Security Suite 1.04\uninstal.exe
TalkTalk Broadband --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x9
TaxCalc 2003 --> C:\DOCUME~1\CHRISM~1\MYDOCU~1\MYDOCU~1\TEMPOR~1\LOTUSV~1\UNWISE.EXE C:\DOCUME~1\CHRISM~1\MYDOCU~1\MYDOCU~1\TEMPOR~1\LOTUSV~1\INSTALL.LOG
The One account calculator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56675D4A-A2BD-439F-ACD8-7ED710F3BB44}\setup.exe"
TRSoap --> MsiExec.exe /I{F617063F-6149-42AD-A0BB-C98D4F04F77B}
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\Setup.exe" -l0x9
VAIO Clock Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\Setup.exe" -l0x9
VAIO DeepSea Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\Setup.exe" -l0x9
VAIO Edit Components LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Media 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF666EE1-ED85-440E-A3B7-951C51C82310}\Setup.exe" -l0x9
VAIO Media Platform 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Media Redistribution 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Setup 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}\Setup.exe" -l0x9
VAIO Nature Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F4BB224-F0EB-433C-BF93-62AAB092D414}\Setup.exe" -l0x9
VAIO Online Registration (English) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l2057
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-07-23 at 13:45:01 ---------


and the Panda log...



Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\sdkrn32.exe
Adware:adware/ideskbar Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris McPherson\Local Settings\Temp\Cookies\chris mcpherson@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris McPherson\Local Settings\Temp\Cookies\chris mcpherson@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris McPherson\Local Settings\Temp\Cookies\chris mcpherson@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chris McPherson\Local Settings\Temp\Cookies\chris mcpherson@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris McPherson\Local Settings\Temp\Cookies\chris mcpherson@serving-sys[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Chris McPherson\Local Settings\Temp\Cookies\chris mcpherson@statse.webtrendslive[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Hope this stuff makes more sense to someone here then ity does to me

Please let me know if you require me to do anything else.

Thanks

Chris
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:27 AM   #7 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,648
OS: xp


Re: Browsebar.exe
Curious When did you use fixwareout ?
If recently post its log

your missing the topmost part of the DDS log, thats ok

manualy delete this file c:\windows\sdkrn32.exe

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LOPTCON"=-
"iexplore.exe"=-
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Open a command prompt (start run type cmd press enter) type
sc delete "ZPMODEMSYSNTDRVNT"
press enter, type exit and press enter to exit the command prompt
did you see a success message ?

Use the option to update your java program, windows control panel > java icon
then uninstall its older versions >
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_07
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:50 AM   #8 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Sorry, The full log is here (fixwareout log to follow...)

Deckard's System Scanner v20070711.54
Run by Chris McPherson on 2007-07-23 at 13:40:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2007-07-23 12:40:11 UTC - RP861 - Deckard's System Scanner Restore Point
46: 2007-07-23 12:04:07 UTC - RP860 - b4 spywareblaster
45: 2007-07-22 12:18:51 UTC - RP859 - System Checkpoint
44: 2007-07-21 10:20:34 UTC - RP858 - System Checkpoint
43: 2007-07-20 08:27:53 UTC - RP857 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-06-16 10:18:42 UTC - RP815 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-23 13:44:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Abbey\Introducer Internet Offline\MSSQL$ABBEYIIOFFLINE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INERTIA3\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\Program Files\sony\HotKey Utility\HKServ.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\sony\HotKey Utility\HKWnd.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\NoPops\NoPops.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SHARP\Sharpdesk\SharpTray.exe
C:\Program Files\SHARP\Sharpdesk\FTPServer.exe
C:\Program Files\SHARP\PCFAX2\PCFAXRcv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SHARP\Sharpdesk\nsapp.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\RMClient\PMClient.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Chris McPherson\My Documents\Programme Downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.seloc.org/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ukonline.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {C84781E8-7C8B-A986-D8D3-E55B5EB7E7CF} - NopeZ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NoPops] C:\Program Files\NoPops\NoPops.exe
O4 - HKLM\..\Run: [StartI3DB] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe -Action 1 -Silent 1 -Server INERTIA3 -Service MSSQL$INERTIA3
O4 - HKLM\..\Run: [StartSQLManager] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LOPTCON] browsebar.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" /n
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKLM\..\Run: [Receiver] C:\Program Files\SHARP\PCFAX2\PcfaxRcv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\powerpanel\Program\PcfMgr.exe
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sony-europe.com (HKCU)
O15 - Trusted Zone: *.sonystyle-europe.com (HKCU)
O15 - Trusted Zone: *.vaio-link.com (HKCU)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {00419909-D3D7-4E6B-81E7-B0A81654A213} () - http://195.10.116.33/scotprov/downlo...07/install.cab
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {0438E7DA-99AF-44DD-BE72-35C67488516B} () - http://195.10.116.33/scotprov/downlo...ix/install.cab
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://www.osis.uk.com/vscnfchk.cab
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientb...bCListCtl3.CAB
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdi...rontdoorFD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1FDAD4E8-5DD8-40F7-BDCD-E12A3A20AB46} () - http://195.10.116.33/scotprov/downlo...2a/install.cab
O16 - DPF: {21B85760-1A22-4275-BFBE-112F24313309} () - http://195.10.116.33/scotprov/downlo...11/install.cab
O16 - DPF: {25560CDC-FC1E-11D8-81BD-400009907187} () - http://195.10.116.33/scotprov/downlo...08/install.cab
O16 - DPF: {2B44FB87-A9EF-4949-9FED-AFC7C4878875} () - http://195.10.116.33/scotprov/downlo...09/install.cab
O16 - DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} (Parser Class) - http://exweb.exchange.uk.com/clientb.../XMLParser.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...0C/wmv9dmo.cab
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientb...WGPensions.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4BE36914-BE97-4154-9FF2-40C7BB4580C8} () - http://195.10.116.33/scotprov/downlo...4a/install.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://dev.imagingworld.co.kr/printe.../DrPrinter.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientb...GWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientb...mAssurance.CAB
O16 - DPF: {616A35BA-2A1D-4564-83A3-567EEACBB3FC} () - http://195.10.116.33/scotprov/downlo...0a/install.cab
O16 - DPF: {69B4A8BE-3C8B-4109-9BD8-5F7F2D7622B0} () - http://195.10.116.33/scotprov/downlo...00/install.cab
O16 - DPF: {6F45957A-9994-459C-8C37-D9846338F7FD} () - http://195.10.116.33/scotprov/downlo...02/install.cab
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {8991D2F1-4255-4B3F-B413-E517F459AA29} () - http://195.10.116.33/scotprov/downlo...03/install.cab
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - http://exweb.exchange.uk.com/clientb...ersionInfo.CAB
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9062F088-87F1-11D9-81D8-400009907187} () - http://195.10.116.33/scotprov/downlo...12/install.cab
O16 - DPF: {91F82BFF-F70C-11D2-BB68-0008C7E9C2C6} (TEXNBSHELL.ProposalForm) - http://exweb.exchange.uk.com/texonli...texnbshell.cab
O16 - DPF: {95804D3E-3D16-41AE-B6CB-9E58B82E0FF0} () - http://195.10.116.33/scotprov/downlo...04/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} () - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {9F21EC88-3BCD-11D9-81CF-400009907187} () - http://195.10.116.33/scotprov/downlo...10/install.cab
O16 - DPF: {A5C1F489-084E-47E0-8AA5-0EA4E6A42546} () - http://195.10.116.33/scotprov/downlo...02/install.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientb...eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientb...bCListCtl2.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B1283429-F6B4-4BAE-9C11-F061FE9A5A6D} () - http://195.10.116.33/scotprov/downlo...08/install.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} () - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B4126499-423E-46E6-87B3-603657FE830A} () - http://195.10.116.33/scotprov/downlo...10/install.cab
O16 - DPF: {B84C4233-68C6-4BA7-B01C-330DFE5DD4AB} () - http://195.10.116.33/scotprov/downlo...03/install.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C157A476-3811-4D69-AF6B-3D4F53B56CC4} () - http://195.10.116.33/scotprov/downlo...3b/install.cab
O16 - DPF: {C76E8084-A91F-48EA-906E-95E7BD248D9D} () - http://195.10.116.33/scotprov/downlo...01/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientb...mAssurance.CAB
O16 - DPF: {DC23C705-6961-11D9-81D4-400009907187} () - http://195.10.116.33/scotprov/downlo...11/install.cab
O16 - DPF: {DD4DED28-05EE-4015-BE77-BCD60DF5C9C4} () - http://195.10.116.33/scotprov/downlo...00/install.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientb...s/printdll.CAB
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientb...s/eXwebOcc.CAB
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home...control015.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - http://exweb.exchange.uk.com/clientbinaries/pvdt70.CAB
O16 - DPF: {EC97795B-7867-40BA-92CA-32C2F219616E} () - http://195.10.116.33/scotprov/downlo...06/install.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...74/mcfscan.cab
O16 - DPF: {EF9A1539-BB45-4691-91A6-BF2EC9B054DB} () - http://195.10.116.33/scotprov/downlo...3a/install.cab
O16 - DPF: {F26CB3E7-AAC0-4ECD-9884-8C88764E60E9} () - http://195.10.116.33/scotprov/downlo...5a/install.cab
O16 - DPF: {F41DB19B-E6B2-11D8-81BB-400009907187} () - http://195.10.116.33/scotprov/downlo...07/install.cab
O16 - DPF: {FBF3A7F3-22D0-42F0-9461-2CBF77EDF9B3} () - http://195.10.116.33/scotprov/downlo...04/install.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\SHARP\Sharpdesk\ExplorerExtensions.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - "C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server"
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - "C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP"
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - "C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter>
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 ZPMODEMSYSNTDRVNT - c:\windows\system32\drivers\zpmodemnt.sys (file missing)
S3 ATHFMWDL (NETGEAR WG111T bootloader driver) - c:\windows\system32\drivers\athfmwdl.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-21 11:50:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-05 20:00:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-12-02 00:36:02 260 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2007-06-23 and 2007-07-23 -----------------------------

2007-07-23 13:17:41 0 d-------- C:\ie-spyad
2007-07-23 13:04:38 0 d-------- C:\Program Files\SpywareBlaster
2007-07-23 10:43:24 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-23 10:43:22 0 d-------- C:\WINDOWS\LastGood
2007-07-21 11:44:48 13132 --a------ C:\dnsbak.reg
2007-07-17 10:57:46 0 d-------- C:\Program Files\Common Files\xing shared
2007-07-16 12:51:06 0 d-------- C:\Program Files\Spyware Doctor
2007-07-11 18:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-07-04 18:08:39 0 d-------- C:\Documents and Settings\Chris McPherson\Application Data\Feedreader
2007-07-04 18:08:31 0 d-------- C:\Program Files\FeedReader30


-- Find3M Report ---------------------------------------------------------------

2007-07-23 12:03:35 0 d-------- C:\Program Files\Windows Defender
2007-07-23 11:58:09 0 d-------- C:\Program Files\RMClient
2007-07-23 11:53:23 0 d-------- C:\Program Files\NoPops
2007-07-23 11:45:27 0 d-------- C:\Program Files\iTunes
2007-07-23 11:40:56 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-07-20 14:21:01 0 d-------- C:\Documents and Settings\Chris McPherson\Application Data\AdobeUM
2007-07-17 11:15:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 10:58:09 0 d-------- C:\Program Files\Google
2007-07-17 10:57:50 0 d-------- C:\Program Files\Common Files\Real
2007-05-25 17:57:31 0 d-------- C:\Program Files\Northern Rock Online


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\C-Major Audio\\stacmon.exe"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Drag'n Drop CD+DVD"="C:\\Program Files\\drag'n drop cd+dvd\\BinFiles\\DragDrop.exe /StartUp"
"MplSetUp"="C:\\Program Files\\RMClient\\MplSetUp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe"
"NoPops"="C:\\Program Files\\NoPops\\NoPops.exe"
"StartI3DB"="C:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\scm.exe -Action 1 -Silent 1 -Server INERTIA3 -Service MSSQL$INERTIA3"
"StartSQLManager"="C:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe /n"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"LOPTCON"="browsebar.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"pdfFactory Dispatcher v2"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"JobHisInit"="C:\\Program Files\\RMClient\\JobHisInit.exe"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"IndexTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\IndexTray.exe\" /n"
"SharpTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\SharpTray.exe\""
"TypeRegChecker"="\"C:\\Program Files\\Sharp\\Sharpdesk\\TypeRegChecker.exe\""
"FtpServer.exe"="\"C:\\Program Files\\Sharp\\Sharpdesk\\FtpServer.exe\" -usedefault"
"Receiver"="C:\\Program Files\\SHARP\\PCFAX2\\PcfaxRcv.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RKPAVPROC


-- End of Deckard's System Scanner: finished at 2007-07-23 at 13:45:01 ---------
Last edited by Chris McPherson; 07-23-2007 at 07:51 AM.
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 07:53 AM   #9 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
And here's the fixwareoutlog which I did over the weekend...


Username "Chris McPherson" - 21/07/2007 11:44:47 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="jbtuw"
HKLM\SOFTWARE\~\Winlogon\ "System"="csihu.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "puorgdopd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nbilbaj" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
....
»»»»» Misc files.
C:\WINDOWS\System32\drivers\zpmodemnt.sys Deleted
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\C-Major Audio\\stacmon.exe"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Drag'n Drop CD+DVD"="C:\\Program Files\\drag'n drop cd+dvd\\BinFiles\\DragDrop.exe /StartUp"
"MplSetUp"="C:\\Program Files\\RMClient\\MplSetUp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe"
"NoPops"="C:\\Program Files\\NoPops\\NoPops.exe"
"StartI3DB"="C:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\scm.exe -Action 1 -Silent 1 -Server INERTIA3 -Service MSSQL$INERTIA3"
"StartSQLManager"="C:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe /n"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"LOPTCON"="browsebar.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"pdfFactory Dispatcher v2"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"JobHisInit"="C:\\Program Files\\RMClient\\JobHisInit.exe"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"IndexTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\IndexTray.exe\" /n"
"SharpTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\SharpTray.exe\""
"TypeRegChecker"="\"C:\\Program Files\\Sharp\\Sharpdesk\\TypeRegChecker.exe\""
"FtpServer.exe"="\"C:\\Program Files\\Sharp\\Sharpdesk\\FtpServer.exe\" -usedefault"
"Receiver"="C:\\Program Files\\SHARP\\PCFAX2\\PcfaxRcv.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 08:26 AM   #10 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Ok,

I've followed the process you stated. I'm not sure if I got a sucess message so I did the process again. The second time around I got the following message: -

"[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service."

This is not the same message that I got the 1st time so I'm presuming it was successfull the first time around!

Please let me know if you think different.

Unfortunately I can't seem to update Java. It seems to hang on 0% downloaded. Not sure if it's my firewall?

Hope that helps!

Thanks

Chris





Quote:
Originally Posted by LonnyRJones View Post
Curious When did you use fixwareout ?
If recently post its log

your missing the topmost part of the DDS log, thats ok

manualy delete this file c:\windows\sdkrn32.exe

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LOPTCON"=-
"iexplore.exe"=-
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Open a command prompt (start run type cmd press enter) type
sc delete "ZPMODEMSYSNTDRVNT"
press enter, type exit and press enter to exit the command prompt
did you see a success message ?

Use the option to update your java program, windows control panel > java icon
then uninstall its older versions >
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_07
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 04:35 PM   #11 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,648
OS: xp


Re: Browsebar.exe
Good you ran fixwareout

You should delete it now, its a one time use fix.

java update, go here http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java
afterwards It is very important to uninstall all the old version's via addremove programs.

Turn your popup blocker off before going there and dont use a download manager.
If there are problems read the installation notes

Let us know of any problems
Last edited by LonnyRJones; 07-23-2007 at 04:37 PM.
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 05:08 PM   #12 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Hi Lonny

Sorry to be a pain. Are Java & J2SE the same thing?

Just want to be sure before I download. I presume that this is the correct download?

>>>
Java Runtime Environment (JRE) 6 Update 2
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
<<<


Thought I'd better check first!

Thanks

Chris
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-23-2007, 05:11 PM   #13 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,648
OS: xp


Re: Browsebar.exe
Yes thats it
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 03:54 PM   #14 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Cornwall, UK
Posts: 9
OS: XP home


Re: Browsebar.exe
Ok, sorry for the delay.

I've now updated Java and removed the older versions.

Everything seems ok so far!
Chris McPherson is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-24-2007, 05:54 PM   #15 (permalink)
Expert Analyst, Moderator, Security Team
 
Join Date: Sep 2006
Posts: 1,648
OS: xp


Re: Browsebar.exe
You have more that one antivirus installed.
I suggest you uninstall all but one, keep your favorite.


Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm

To help avoid reinfection see "So how did I get infected in the first place?" http://castlecops.com/postlite7736-.html by Tony Klein
See Recommended Minimal Security Settings: http://www.mvps.org/winhelp2002/unwanted.htm#happen
MAKING INTERNET EXPLORER SAFER http://www.bleepingcomputer.com/foru...fer-tut102.htm
Understanding and Using Firewalls http://www.bleepingcomputer.com/forums/tutorial60.html
LonnyRJones is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:43 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85