Startium Search Bar - HiJackThis log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bdagnall

Thread Starter
Joined
Sep 21, 2003
Messages
2
I can't get rid a search bar that use to appear on the top banner of IE but now appears in another frame along the left of the browser. I have Spy Sweeper installed and running but somehow this pest is too evasive to destroy. Below is my HiJackThis log. Please help!


Logfile of HijackThis v1.97.2
Scan saved at 8:15:24 AM, on 9/21/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT2\System32\smss.exe
C:\WINNT2\system32\winlogon.exe
C:\WINNT2\system32\services.exe
C:\WINNT2\system32\lsass.exe
C:\WINNT2\System32\termsrv.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\system32\spoolsv.exe
C:\WINNT2\System32\msdtc.exe
C:\WINNT2\system32\cisvc.exe
C:\WINNT2\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT2\System32\tcpsvcs.exe
C:\WINNT2\System32\svchost.exe
C:\WINNT2\System32\llssrv.exe
C:\WINNT2\System32\sfmprint.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT2\System32\nvsvc32.exe
C:\WINNT2\system32\regsvc.exe
C:\WINNT2\system32\MSTask.exe
C:\WINNT2\System32\snmp.exe
C:\WINNT2\System32\WBEM\WinMgmt.exe
C:\WINNT2\System32\wins.exe
C:\WINNT2\System32\MsPMSPSv.exe
C:\WINNT2\system32\svchost.exe
C:\WINNT2\system32\Dfssvc.exe
C:\WINNT2\System32\dns.exe
C:\WINNT2\System32\inetsrv\inetinfo.exe
C:\WINNT2\System32\sfmsvc.exe
C:\WINNT2\System32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT2\system32\MsgSys.EXE
C:\WINNT2\System32\svchost.exe
C:\WINNT2\Explorer.EXE
C:\WINNT2\System32\TrayIcon.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\DeltaNet VPN Connector\AutoExt.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT2\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\WINNT2\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
C:\WINNT2\system32\cidaemon.exe
C:\WINNT2\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator.BO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
O2 - BHO: (no name) - { - (no file)
O2 - BHO: (no name) - {0 - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT2\bi.dll
O2 - BHO: (no name) - {03 - (no file)
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT2\system32\stlbdist.DLL
O2 - BHO: (no name) - {4 - (no file)
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {6 - (no file)
O2 - BHO: (no name) - {65 - (no file)
O2 - BHO: (no name) - {65C - (no file)
O2 - BHO: (no name) - {65C8 - (no file)
O2 - BHO: (no name) - {65C8C - (no file)
O2 - BHO: (no name) - {65C8C1 - (no file)
O2 - BHO: (no name) - {65C8C1F - (no file)
O2 - BHO: (no name) - {65C8C1F5 - (no file)
O2 - BHO: (no name) - {65C8C1F5- - (no file)
O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINNT2\bs3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINNT2\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINNT2\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT2\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\DeltaNet VPN Connector\AutoExt.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT2\bs3.dll,DllRun
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT2\system32\stlbdist.DLL,DllRunMain
O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O9 - Extra button: PopupPopper Control Panel (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Edit with XML Spy (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://www.comcastsupport.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37752.0831712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
 
Joined
Oct 9, 2001
Messages
9,396
welcome to T.S.G:)

1st you need to go download and run lspfix from here:http://www.cexx.org/lspfix.htm


re-boot and run hijackthis again and put a checkmark against these entries....double check
in case you miss anything
.....then,close all browser and outlook windows and "fix checked"

O2 - BHO: (no name) - { - (no file)
O2 - BHO: (no name) - {0 - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT2\bi.dll
O2 - BHO: (no name) - {03 - (no file)
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT2\system32\stlbdist.DLL
O2 - BHO: (no name) - {4 - (no file)
O2 - BHO: (no name) - {6 - (no file)
O2 - BHO: (no name) - {65 - (no file)
O2 - BHO: (no name) - {65C - (no file)
O2 - BHO: (no name) - {65C8 - (no file)
O2 - BHO: (no name) - {65C8C - (no file)
O2 - BHO: (no name) - {65C8C1 - (no file)
O2 - BHO: (no name) - {65C8C1F - (no file)
O2 - BHO: (no name) - {65C8C1F5 - (no file)
O2 - BHO: (no name) - {65C8C1F5- - (no file)
O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINNT2\bs3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINNT2\Updreg.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT2\bs3.dll,DllRun
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT2\system32\stlbdist.DLL,DllRunMain
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing

re-boot and delete:
C:\WINNT2\bs3.dll
C:\WINNT2\system32\stlbdist.DLL
 

bdagnall

Thread Starter
Joined
Sep 21, 2003
Messages
2
Thanks $teve. I followed your instructions and although there were some things you said I should have removed that I did not find, the cleanup was a success. I no longer have that annoying search bar and hopefully no longer have any trojans downloading spyware and adware to my machine.

Thanks again!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top