1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Startium Search Bar - HiJackThis log

Discussion in 'Virus & Other Malware Removal' started by bdagnall, Sep 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. bdagnall

    bdagnall Thread Starter

    Joined:
    Sep 21, 2003
    Messages:
    2
    I can't get rid a search bar that use to appear on the top banner of IE but now appears in another frame along the left of the browser. I have Spy Sweeper installed and running but somehow this pest is too evasive to destroy. Below is my HiJackThis log. Please help!


    Logfile of HijackThis v1.97.2
    Scan saved at 8:15:24 AM, on 9/21/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT2\System32\smss.exe
    C:\WINNT2\system32\winlogon.exe
    C:\WINNT2\system32\services.exe
    C:\WINNT2\system32\lsass.exe
    C:\WINNT2\System32\termsrv.exe
    C:\WINNT2\system32\svchost.exe
    C:\WINNT2\system32\spoolsv.exe
    C:\WINNT2\System32\msdtc.exe
    C:\WINNT2\system32\cisvc.exe
    C:\WINNT2\System32\CTsvcCDA.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT2\System32\tcpsvcs.exe
    C:\WINNT2\System32\svchost.exe
    C:\WINNT2\System32\llssrv.exe
    C:\WINNT2\System32\sfmprint.exe
    c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT2\System32\nvsvc32.exe
    C:\WINNT2\system32\regsvc.exe
    C:\WINNT2\system32\MSTask.exe
    C:\WINNT2\System32\snmp.exe
    C:\WINNT2\System32\WBEM\WinMgmt.exe
    C:\WINNT2\System32\wins.exe
    C:\WINNT2\System32\MsPMSPSv.exe
    C:\WINNT2\system32\svchost.exe
    C:\WINNT2\system32\Dfssvc.exe
    C:\WINNT2\System32\dns.exe
    C:\WINNT2\System32\inetsrv\inetinfo.exe
    C:\WINNT2\System32\sfmsvc.exe
    C:\WINNT2\System32\mqsvc.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINNT2\system32\MsgSys.EXE
    C:\WINNT2\System32\svchost.exe
    C:\WINNT2\Explorer.EXE
    C:\WINNT2\System32\TrayIcon.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\KMaestro\KMaestro.exe
    C:\Program Files\DeltaNet VPN Connector\AutoExt.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT2\system32\rundll32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
    C:\WINNT2\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
    C:\WINNT2\system32\cidaemon.exe
    C:\WINNT2\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Administrator.BO\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com
    O2 - BHO: (no name) - { - (no file)
    O2 - BHO: (no name) - {0 - (no file)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT2\bi.dll
    O2 - BHO: (no name) - {03 - (no file)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT2\system32\stlbdist.DLL
    O2 - BHO: (no name) - {4 - (no file)
    O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
    O2 - BHO: (no name) - {6 - (no file)
    O2 - BHO: (no name) - {65 - (no file)
    O2 - BHO: (no name) - {65C - (no file)
    O2 - BHO: (no name) - {65C8 - (no file)
    O2 - BHO: (no name) - {65C8C - (no file)
    O2 - BHO: (no name) - {65C8C1 - (no file)
    O2 - BHO: (no name) - {65C8C1F - (no file)
    O2 - BHO: (no name) - {65C8C1F5 - (no file)
    O2 - BHO: (no name) - {65C8C1F5- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
    O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINNT2\bs3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT2\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
    O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINNT2\System32\TrayIcon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT2\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT2\System32\spool\DRIVERS\W32X86\hpoopm07.exe
    O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
    O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\DeltaNet VPN Connector\AutoExt.exe
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT2\bs3.dll,DllRun
    O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT2\system32\stlbdist.DLL,DllRunMain
    O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
    O9 - Extra button: PopupPopper Control Panel (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Edit with XML Spy (HKCU)
    O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)
    O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://www.comcastsupport.com/sdccommon/download/tgctlsi.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37752.0831712963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    welcome to T.S.G:)

    1st you need to go download and run lspfix from here:http://www.cexx.org/lspfix.htm


    re-boot and run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything
    .....then,close all browser and outlook windows and "fix checked"

    O2 - BHO: (no name) - { - (no file)
    O2 - BHO: (no name) - {0 - (no file)
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT2\bi.dll
    O2 - BHO: (no name) - {03 - (no file)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT2\system32\stlbdist.DLL
    O2 - BHO: (no name) - {4 - (no file)
    O2 - BHO: (no name) - {6 - (no file)
    O2 - BHO: (no name) - {65 - (no file)
    O2 - BHO: (no name) - {65C - (no file)
    O2 - BHO: (no name) - {65C8 - (no file)
    O2 - BHO: (no name) - {65C8C - (no file)
    O2 - BHO: (no name) - {65C8C1 - (no file)
    O2 - BHO: (no name) - {65C8C1F - (no file)
    O2 - BHO: (no name) - {65C8C1F5 - (no file)
    O2 - BHO: (no name) - {65C8C1F5- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
    O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINNT2\bs3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT2\Updreg.exe
    O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINNT2\bs3.dll,DllRun
    O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT2\system32\stlbdist.DLL,DllRunMain
    O10 - Broken Internet access because of LSP provider 'lsp.dll' missing

    re-boot and delete:
    C:\WINNT2\bs3.dll
    C:\WINNT2\system32\stlbdist.DLL
     
  3. bdagnall

    bdagnall Thread Starter

    Joined:
    Sep 21, 2003
    Messages:
    2
    Thanks $teve. I followed your instructions and although there were some things you said I should have removed that I did not find, the cleanup was a success. I no longer have that annoying search bar and hopefully no longer have any trojans downloading spyware and adware to my machine.

    Thanks again!
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    your welcome(y)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166349

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice