1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Me Too! Startium Bar & other problems

Discussion in 'Web & Email' started by bomasa, Sep 13, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. bomasa

    bomasa Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    5
    Thanks in advance for your help. I run Win2000. I have the problem of the dastardly Startium Search Bar, plus a slowing down of all other functions. I've been cleaning ups as much as I know how. I run Norton AV, ZoneAlarm basic, Pop-Up Stopper and Spybot S&D, and have cleaned out a lot of junk. Here's my HikackThis log. Hope it doesn't scare you...
    ...
    Logfile of HijackThis v1.97.1
    Scan saved at 10:38:00 AM, on 09/13/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\system32\PROMon.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Media\Media\UpdateStats.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINNT\System32\RunDLL32.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINNT\system32\Pnh01tlr.exe
    C:\WINNT\system32\Pnh01tlr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Bob Lohmeyer\Desktop\Hijack\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4 - (no file)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C - (no file)
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B9 - (no file)
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B99 - (no file)
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-0 - (no file)
    O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
    O2 - BHO: (no name) - {06 - (no file)
    O2 - BHO: (no name) - {068 - (no file)
    O2 - BHO: (no name) - {0684 - (no file)
    O2 - BHO: (no name) - {06849 - (no file)
    O2 - BHO: (no name) - {06849E - (no file)
    O2 - BHO: (no name) - {06849E9 - (no file)
    O2 - BHO: (no name) - {06849E9F - (no file)
    O2 - BHO: (no name) - {06849E9F- - (no file)
    O2 - BHO: (no name) - {06849E9F-C - (no file)
    O2 - BHO: (no name) - {06849E9F-C8 - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7- - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {08 - (no file)
    O2 - BHO: (no name) - {083 - (no file)
    O2 - BHO: (no name) - {0835 - (no file)
    O2 - BHO: (no name) - {08351 - (no file)
    O2 - BHO: (no name) - {083512 - (no file)
    O2 - BHO: (no name) - {0835122 - (no file)
    O2 - BHO: (no name) - {08351226 - (no file)
    O2 - BHO: (no name) - {08351226- - (no file)
    O2 - BHO: (no name) - {08351226-6 - (no file)
    O2 - BHO: (no name) - {08351226-64 - (no file)
    O2 - BHO: (no name) - {08351226-647 - (no file)
    O2 - BHO: (no name) - {08351226-6472- - (no file)
    O2 - BHO: (no name) - {08351226-6472-4 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43B - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD- - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A4 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40- - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D92 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D922 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221F - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4 - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4C - (no file)
    O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINNT\Downloaded Program Files\SbCIe026.dll
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\system32\stlbdist.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {65 - (no file)
    O2 - BHO: (no name) - {65C - (no file)
    O2 - BHO: (no name) - {65C8 - (no file)
    O2 - BHO: (no name) - {65C8C - (no file)
    O2 - BHO: (no name) - {65C8C1 - (no file)
    O2 - BHO: (no name) - {65C8C1F - (no file)
    O2 - BHO: (no name) - {65C8C1F5 - (no file)
    O2 - BHO: (no name) - {65C8C1F5- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
    O2 - BHO: (no name) - {96668024-83BD-4A42-AEF6-9B9A9FEB332D} - C:\WINNT\system32\atmifd.dll
    O2 - BHO: (no name) - {A - (no file)
    O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINNT\bs3.dll
    O2 - BHO: (no name) - {AA - (no file)
    O2 - BHO: (no name) - {AA5 - (no file)
    O2 - BHO: (no name) - {AA58 - (no file)
    O2 - BHO: (no name) - {AA58E - (no file)
    O2 - BHO: (no name) - {AA58ED - (no file)
    O2 - BHO: (no name) - {AA58ED5 - (no file)
    O2 - BHO: (no name) - {AA58ED58 - (no file)
    O2 - BHO: (no name) - {AA58ED58- - (no file)
    O2 - BHO: (no name) - {AA58ED58-0 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01D - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD- - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d9 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91- - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-83 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-833 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
    O2 - BHO: (no name) - {BD - (no file)
    O2 - BHO: (no name) - {BDF - (no file)
    O2 - BHO: (no name) - {BDF3 - (no file)
    O2 - BHO: (no name) - {BDF3E - (no file)
    O2 - BHO: (no name) - {BDF3E4 - (no file)
    O2 - BHO: (no name) - {BDF3E43 - (no file)
    O2 - BHO: (no name) - {BDF3E430 - (no file)
    O2 - BHO: (no name) - {BDF3E430- - (no file)
    O2 - BHO: (no name) - {BDF3E430-B - (no file)
    O2 - BHO: (no name) - {BDF3E430-B1 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B10 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101- - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-4 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42A - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD- - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A5 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A54 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544- - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FA - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FAD - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F - (no file)
    O2 - BHO: (no name) - {F0 - (no file)
    O2 - BHO: (no name) - {F0A - (no file)
    O2 - BHO: (no name) - {F0A4 - (no file)
    O2 - BHO: (no name) - {F0A42 - (no file)
    O2 - BHO: (no name) - {F0A42B - (no file)
    O2 - BHO: (no name) - {F0A42BD - (no file)
    O2 - BHO: (no name) - {F0A42BD9 - (no file)
    O2 - BHO: (no name) - {F0A42BD9- - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B9 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B98 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989- - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4F - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1- - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-9 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1- - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-7 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-76 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768A - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F4 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F42 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F423 - (no file)
    O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F4239 - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\system32\stlbdist.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
    O4 - HKLM\..\Run: [[email protected]] C:\WINNT\system32\FmrCj.exe
    O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT\bs3.dll,DllRun
    O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: SideStep (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt0_x.cab
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct0_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks11_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt0_x.cab
    O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
    O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb026.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/063fb4b5adf48f34d404/netzip/RdxIE601.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.688912037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://babymint.nesteggz.com/NEUtility/PrintingComponents/AvzPrintingActiveX1600.cab
    O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    good heavens..........what the heck have you been doing?

    run hijackthis again and put a checkmark against these entries....
    .....then,close all browser and outlook windows and "fix checked"



    R3 - Default URLSearchHook is missin
    all the o2 entries except these:

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    I REPEAT,DONT "FIX" THOSE 3 ITEMS!

    YOU CAN "FIX" ALL THESE.
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\system32\stlbdist.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [[email protected]] C:\WINNT\system32\FmrCj.exe
    O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT\bs3.dll,DllRun
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/063fb4b5adf48f...ip/RdxIE601.cab

    re-boot and delete:
    C:\WINNT\system32\stlbdist.DLL
    C:\WINNT\system32\FmrCj.exe
    C:\WINNT\bs3.dll

    after that........

    Spybot Search & Destroy http://beam.to/spybotsd

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows...... hit 'Check for Problems', and have SpyBot remove/fix all it finds.

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.
     
  3. bomasa

    bomasa Thread Starter

    Joined:
    Sep 13, 2003
    Messages:
    5
    Steve, thanks for the instructions. When I got to the step about removing the three files in the WINNT\system32 folder, they were not there. There was a stlbdist.xml file, which I left since you did not mention it. The accursed Startium bar is gone. Here is the HijackThis log...
    ...
    Logfile of HijackThis v1.97.1
    Scan saved at 1:18:30 PM, on 09/13/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\system32\PROMon.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Media\Media\UpdateStats.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINNT\System32\RunDLL32.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINNT\system32\Pnh01tlr.exe
    C:\WINNT\system32\UsyYx.exe
    C:\Documents and Settings\Bob Lohmeyer\Desktop\Hijack\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
    O4 - HKLM\..\Run: [[email protected]] C:\WINNT\system32\Pbe3.exe
    O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt0_x.cab
    O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct0_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks11_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt0_x.cab
    O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
    O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.688912037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://babymint.nesteggz.com/NEUtility/PrintingComponents/AvzPrintingActiveX1600.cab
    O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
     
  4. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Hi bomasa ,

    On your Desktop click My Computer , Click view , Click options , Click the view tab , Tick Show all Files , Click Ok.

    Shutdown & Reboot in Safe Mode , Tap the F8 key on Reboot , and Delete the following ,

    C:\WINNT\system32\stlbdist.DLL > File
    C:\WINNT\system32\FmrCj.exe > File
    C:\WINNT\system32\Pbe3.exe > File
    C:\Winnt\System32\stlbdist.xml > File
    C:\WINNT\bs3.dll > File

    Shutdown & Normal Reboot

    Next please do the following , Download and install Ad-aware 6.0 Personal , Build 6.181 www.lavasoftusa.com Open Ad-aware , Click check for updates now , Click connect , update to reference file 01R218 13.09.2003 , Click Start , Click perform smart system scan , put a check in Activate in-depth scan. Click Settings (Gear wheel), put a check in the following , Automatically save log file , Automatically quarantine objects prior to removal , Safe mode ( Always request confirmation ). Click scanning , put a check in the following , Scan within archives , Scan active processes , Scan registry , Scan my IE favorites for banned URL's , Scan my Host file. Click Tweak , Scanning engine , put a check in Unload recognized processes during scanning. Click Cleaning engine , put a check in the following , Automatically try to unregister objects prior to deletion , Let windows remove files in use at next reboot. Click proceed , Run Ad-aware and remove every entry Ad-aware returns.


    Shutdown & Reboot your computer

    You can prevent the installation and running of Spyware active X controls by downloading and installing SpywareBlaster www.javacoolsoftware.com/spywareblaster.htm Open SpywareBlaster , click select all , click Protect Against Checked Items! , Click settings , put a check in Only show New/Unprotected Items on the protection list after an update , Click save settings. Click Check for updates , download all available updated definitions , Click select all , Click Protect against checked items.


    Good luck
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    i didnt mention the"stlbdist.DLL" file"?......look again:)

    you should be ok following bluespruce`s advice.

    also.......check out the link below(in my sig) for advice and free apps to help stop getting re-infected.

    good luck;)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164482

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice