Me Too! Startium Bar & other problems

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bomasa

Thread Starter
Joined
Sep 13, 2003
Messages
5
Thanks in advance for your help. I run Win2000. I have the problem of the dastardly Startium Search Bar, plus a slowing down of all other functions. I've been cleaning ups as much as I know how. I run Norton AV, ZoneAlarm basic, Pop-Up Stopper and Spybot S&D, and have cleaned out a lot of junk. Here's my HikackThis log. Hope it doesn't scare you...
...
Logfile of HijackThis v1.97.1
Scan saved at 10:38:00 AM, on 09/13/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\PROMon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINNT\System32\RunDLL32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\Pnh01tlr.exe
C:\WINNT\system32\Pnh01tlr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob Lohmeyer\Desktop\Hijack\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4 - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C - (no file)
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B9 - (no file)
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B99 - (no file)
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-0 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
O2 - BHO: (no name) - {06 - (no file)
O2 - BHO: (no name) - {068 - (no file)
O2 - BHO: (no name) - {0684 - (no file)
O2 - BHO: (no name) - {06849 - (no file)
O2 - BHO: (no name) - {06849E - (no file)
O2 - BHO: (no name) - {06849E9 - (no file)
O2 - BHO: (no name) - {06849E9F - (no file)
O2 - BHO: (no name) - {06849E9F- - (no file)
O2 - BHO: (no name) - {06849E9F-C - (no file)
O2 - BHO: (no name) - {06849E9F-C8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08 - (no file)
O2 - BHO: (no name) - {083 - (no file)
O2 - BHO: (no name) - {0835 - (no file)
O2 - BHO: (no name) - {08351 - (no file)
O2 - BHO: (no name) - {083512 - (no file)
O2 - BHO: (no name) - {0835122 - (no file)
O2 - BHO: (no name) - {08351226 - (no file)
O2 - BHO: (no name) - {08351226- - (no file)
O2 - BHO: (no name) - {08351226-6 - (no file)
O2 - BHO: (no name) - {08351226-64 - (no file)
O2 - BHO: (no name) - {08351226-647 - (no file)
O2 - BHO: (no name) - {08351226-6472- - (no file)
O2 - BHO: (no name) - {08351226-6472-4 - (no file)
O2 - BHO: (no name) - {08351226-6472-43 - (no file)
O2 - BHO: (no name) - {08351226-6472-43B - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD- - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A4 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40- - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D92 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D922 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221F - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4 - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4C - (no file)
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINNT\Downloaded Program Files\SbCIe026.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\system32\stlbdist.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65 - (no file)
O2 - BHO: (no name) - {65C - (no file)
O2 - BHO: (no name) - {65C8 - (no file)
O2 - BHO: (no name) - {65C8C - (no file)
O2 - BHO: (no name) - {65C8C1 - (no file)
O2 - BHO: (no name) - {65C8C1F - (no file)
O2 - BHO: (no name) - {65C8C1F5 - (no file)
O2 - BHO: (no name) - {65C8C1F5- - (no file)
O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: (no name) - {96668024-83BD-4A42-AEF6-9B9A9FEB332D} - C:\WINNT\system32\atmifd.dll
O2 - BHO: (no name) - {A - (no file)
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINNT\bs3.dll
O2 - BHO: (no name) - {AA - (no file)
O2 - BHO: (no name) - {AA5 - (no file)
O2 - BHO: (no name) - {AA58 - (no file)
O2 - BHO: (no name) - {AA58E - (no file)
O2 - BHO: (no name) - {AA58ED - (no file)
O2 - BHO: (no name) - {AA58ED5 - (no file)
O2 - BHO: (no name) - {AA58ED58 - (no file)
O2 - BHO: (no name) - {AA58ED58- - (no file)
O2 - BHO: (no name) - {AA58ED58-0 - (no file)
O2 - BHO: (no name) - {AA58ED58-01 - (no file)
O2 - BHO: (no name) - {AA58ED58-01D - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d9 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-83 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-833 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
O2 - BHO: (no name) - {BD - (no file)
O2 - BHO: (no name) - {BDF - (no file)
O2 - BHO: (no name) - {BDF3 - (no file)
O2 - BHO: (no name) - {BDF3E - (no file)
O2 - BHO: (no name) - {BDF3E4 - (no file)
O2 - BHO: (no name) - {BDF3E43 - (no file)
O2 - BHO: (no name) - {BDF3E430 - (no file)
O2 - BHO: (no name) - {BDF3E430- - (no file)
O2 - BHO: (no name) - {BDF3E430-B - (no file)
O2 - BHO: (no name) - {BDF3E430-B1 - (no file)
O2 - BHO: (no name) - {BDF3E430-B10 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-4 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A5 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A54 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FA - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FAD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F - (no file)
O2 - BHO: (no name) - {F0 - (no file)
O2 - BHO: (no name) - {F0A - (no file)
O2 - BHO: (no name) - {F0A4 - (no file)
O2 - BHO: (no name) - {F0A42 - (no file)
O2 - BHO: (no name) - {F0A42B - (no file)
O2 - BHO: (no name) - {F0A42BD - (no file)
O2 - BHO: (no name) - {F0A42BD9 - (no file)
O2 - BHO: (no name) - {F0A42BD9- - (no file)
O2 - BHO: (no name) - {F0A42BD9-B - (no file)
O2 - BHO: (no name) - {F0A42BD9-B9 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B98 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989- - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4F - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1- - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-9 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1- - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-7 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-76 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768A - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F4 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F42 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F423 - (no file)
O2 - BHO: (no name) - {F0A42BD9-B989-4FE1-93C1-768AC4F4239 - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\system32\stlbdist.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [[email protected]] C:\WINNT\system32\FmrCj.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT\bs3.dll,DllRun
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: SideStep (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt0_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct0_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks11_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt0_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb026.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/063fb4b5adf48f34d404/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.688912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://babymint.nesteggz.com/NEUtility/PrintingComponents/AvzPrintingActiveX1600.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
 
Joined
Oct 9, 2001
Messages
9,396
good heavens..........what the heck have you been doing?

run hijackthis again and put a checkmark against these entries....
.....then,close all browser and outlook windows and "fix checked"



R3 - Default URLSearchHook is missin
all the o2 entries except these:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

I REPEAT,DONT "FIX" THOSE 3 ITEMS!

YOU CAN "FIX" ALL THESE.
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\system32\stlbdist.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [[email protected]] C:\WINNT\system32\FmrCj.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT\bs3.dll,DllRun
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/063fb4b5adf48f...ip/RdxIE601.cab

re-boot and delete:
C:\WINNT\system32\stlbdist.DLL
C:\WINNT\system32\FmrCj.exe
C:\WINNT\bs3.dll

after that........

Spybot Search & Destroy http://beam.to/spybotsd

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows...... hit 'Check for Problems', and have SpyBot remove/fix all it finds.

Reboot

Last, run HJT again and post your log again to see if anything was missed.
 

bomasa

Thread Starter
Joined
Sep 13, 2003
Messages
5
Steve, thanks for the instructions. When I got to the step about removing the three files in the WINNT\system32 folder, they were not there. There was a stlbdist.xml file, which I left since you did not mention it. The accursed Startium bar is gone. Here is the HijackThis log...
...
Logfile of HijackThis v1.97.1
Scan saved at 1:18:30 PM, on 09/13/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\PROMon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINNT\System32\RunDLL32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\Pnh01tlr.exe
C:\WINNT\system32\UsyYx.exe
C:\Documents and Settings\Bob Lohmeyer\Desktop\Hijack\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [[email protected]] C:\WINNT\system32\Pbe3.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt0_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct0_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks11_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt0_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://www.toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.688912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F8DCFE8E-7B2B-4FF8-B8A7-A52B6C4B0170} (AvzPrintingComponent Class) - http://babymint.nesteggz.com/NEUtility/PrintingComponents/AvzPrintingActiveX1600.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
 
Joined
Jul 24, 2003
Messages
420
Hi bomasa ,

On your Desktop click My Computer , Click view , Click options , Click the view tab , Tick Show all Files , Click Ok.

Shutdown & Reboot in Safe Mode , Tap the F8 key on Reboot , and Delete the following ,

C:\WINNT\system32\stlbdist.DLL > File
C:\WINNT\system32\FmrCj.exe > File
C:\WINNT\system32\Pbe3.exe > File
C:\Winnt\System32\stlbdist.xml > File
C:\WINNT\bs3.dll > File

Shutdown & Normal Reboot

Next please do the following , Download and install Ad-aware 6.0 Personal , Build 6.181 www.lavasoftusa.com Open Ad-aware , Click check for updates now , Click connect , update to reference file 01R218 13.09.2003 , Click Start , Click perform smart system scan , put a check in Activate in-depth scan. Click Settings (Gear wheel), put a check in the following , Automatically save log file , Automatically quarantine objects prior to removal , Safe mode ( Always request confirmation ). Click scanning , put a check in the following , Scan within archives , Scan active processes , Scan registry , Scan my IE favorites for banned URL's , Scan my Host file. Click Tweak , Scanning engine , put a check in Unload recognized processes during scanning. Click Cleaning engine , put a check in the following , Automatically try to unregister objects prior to deletion , Let windows remove files in use at next reboot. Click proceed , Run Ad-aware and remove every entry Ad-aware returns.


Shutdown & Reboot your computer

You can prevent the installation and running of Spyware active X controls by downloading and installing SpywareBlaster www.javacoolsoftware.com/spywareblaster.htm Open SpywareBlaster , click select all , click Protect Against Checked Items! , Click settings , put a check in Only show New/Unprotected Items on the protection list after an update , Click save settings. Click Check for updates , download all available updated definitions , Click select all , Click Protect against checked items.


Good luck
 
Joined
Oct 9, 2001
Messages
9,396
i didnt mention the"stlbdist.DLL" file"?......look again:)

you should be ok following bluespruce`s advice.

also.......check out the link below(in my sig) for advice and free apps to help stop getting re-infected.

good luck;)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top