# Eaccess Violation/stoolbar



## tim2727 (May 8, 2003)

I posted a problem about "Eaccess Violation inmodule stoolbar.dll-Read of address ffffffff. I no longer have the error message but I don't know if this will work for everyone. I have windows ME..What I did was go to add/remove programs. I had something saying Internet tools. I removed that. I also did a scandisk to check for errors and then defraged my computer. I think getting rid of Internet tools in add/remove programs is what really solved the problem. Good luck I hope it works for you my system is no longer getting the error message.


----------



## TonyKlein (Aug 26, 2001)

You've been infected by the latest version of HuntBar: http://www.doxdesk.com/parasite/HuntBar.html

It installs the Stoolbar.dll browser plugin, and it's been causing lots of similar error messages.

The real solution would be to actually _remove_ that browser plugin, and in your case it would appear it's still there.

As neither Ad-Aware nor SpyBot detect it yet, it needs to be removed manually.

Please do the following:

Go to http://www.tomcoyote.org/hjt/, and download Hijack This.

Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless, so do NOT fix anything yet.
Someone here will be happy to help you interpret the results.


----------



## IMM (Feb 1, 2002)

Was what you uninstalled called
'Internet 404' and 'Tools for Internet Explorer' ?
This is actually HuntBar and not Internet Explorer.


----------



## little (May 14, 2003)

I went to that site because I have the same problem. But when I got there and clicked on highjack this the same thing(stoolar.dll) popped up and wouldn't let me download it. I really want to get rid of it.


----------



## NiteHawk (Mar 9, 2003)

Little: Try this
Go to Start > Run and type in msconfig
Look for an entry with the word stoolbar in it and uncheck that.
Exit msconfig and reboot to windows. See if you can then go to the site and d/l HiJackThis

Let us know if this helps


----------



## little (May 14, 2003)

I did what you said with the highjack this thing. For Eaccess Violation inmodule stoolbar.dll-Read of address ffffffff. But it wouldn't let me attach the file, so I'm not sure what to do.


----------



## NiteHawk (Mar 9, 2003)

Were you able to do the above? Were you able to d/l HiJackThis? I assume so. Were you trying to attach the resulting scan file or were you trying to paste it into the post. If you can paste it in, that would be better.


----------



## TonyKlein (Aug 26, 2001)

A copy and paste would be fine.

Also, if you rename Hijackthis.log to Hijackthis.txt, you'll be able to attach it.


----------



## little (May 14, 2003)

Here's what's inside. Logfile of HijackThis v1.94.0
Scan saved at 06:28:40, on 5/15/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://ie.twrds.com/r.phtml/d/150/n/WFsUUVwLVkAWXxAIFgYH/?Click%20-YES-%20To%20Set
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.sureseeker.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.netscapeonline.co.uk/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by BTopenworld
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O1 - Hosts: 216.65.115.193 members.tripod.com
O1 - Hosts: 216.65.115.193 www.geocities.com
O1 - Hosts: 216.65.115.193 angelfire.com
O1 - Hosts: 216.65.115.193 www.angelfire.com
O1 - Hosts: 216.65.115.193 www.fortunecity.com
O1 - Hosts: 216.65.115.193 smutserver.com
O1 - Hosts: 216.65.115.193 www.smutserver.com
O1 - Hosts: 216.65.115.193 www1.smutserver.com
O1 - Hosts: 216.65.115.193 www2.smutserver.com
O1 - Hosts: 216.65.115.193 www3.smutserver.com
O1 - Hosts: 216.65.115.193 www4.smutserver.com
O1 - Hosts: 216.65.115.193 www5.smutserver.com
O1 - Hosts: 216.65.115.193 www6.smutserver.com
O1 - Hosts: 216.65.115.193 www7.smutserver.com
O1 - Hosts: 216.65.115.193 www8.smutserver.com
O1 - Hosts: 216.65.115.193 www9.smutserver.com
O1 - Hosts: 216.65.115.193 www10.smutserver.com
O1 - Hosts: 216.65.115.193 www11.smutserver.com
O1 - Hosts: 216.65.115.193 www12.smutserver.com
O1 - Hosts: 216.65.115.193 www13.smutserver.com
O1 - Hosts: 216.65.115.193 www14.smutserver.com
O1 - Hosts: 216.65.115.193 www15.smutserver.com
O1 - Hosts: 216.65.115.193 www16.smutserver.com
O1 - Hosts: 216.65.115.193 www17.smutserver.com
O1 - Hosts: 216.65.115.193 www18.smutserver.com
O1 - Hosts: 216.65.115.193 www19.smutserver.com
O1 - Hosts: 216.65.115.193 www20.smutserver.com
O1 - Hosts: 216.65.115.193 tgpfriendly.com
O1 - Hosts: 216.65.115.193 www.tgpfriendly.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [s3syskey] s3syskey.exe
O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
O4 - HKLM\..\Run: [TEscKey] TEscKey.exe
O4 - HKLM\..\Run: [TFunckey] TFuncKey.exe
O4 - HKLM\..\Run: [THotkey] THotkey.Exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE & SOUND\FBMOUNT.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [TCDPlay] TCDPlay.drv
O4 - HKLM\..\RunServices: [TSPower] SPower.drv
O4 - HKLM\..\RunServices: [TDockNUndock] TEject.drv
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.9676273148
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: Yahoo! Chat (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50014/btiein.cab

Hope you can figure out what i should do.


----------



## IMM (Feb 1, 2002)

First shut down all internet related software (especially IE)
If it was me then I'd go to Control Panel > Add/remove Programs and choose to uninstall
*'Internet 404' and 'Tools for Internet Explorer'*
if it's present. - Reboot

After that start Hijack this, press 'Scan' and put a check beside the following items (if they still remain) then press 'Fix Checked'
*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,StartPage=http://ie.twrds.com/r.phtml/d/150/n/WFsUUVwLVkAWXxAIFgYH/?Click%20-YES-%20To%20Set
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.sureseeker.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O15 - Trusted Zone: http//free.aol.com
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http//dst.trafficsyndicate.com/Dnl/T_50014/btiein.cab
*
After fixing it - reboot

To be sure I'd also do the following
Open a DOS box and enter the following pressing enter after each.
*
cd C:\windows\System"
regsvr32 /u btiein.dll
regsvr32 /u "\Program Files\Common Files\BTLINK\btlink.dll" 
*
Post back with a new HJT log after you're done - Tony may find more


----------



## IMM (Feb 1, 2002)

As a performance tuning note:
FindFast is a rather useless resource hog - I'd get it out of there - see the following links.
Q158705 - OFF97: How to Disable the Find Fast Indexer
http://support.microsoft.com/support/kb/articles/Q158/7/05.asp
or
Q199787 - OFF2000: How to Turn Off the Find Fast Indexer
http://support.microsoft.com/support/kb/articles/Q199/7/87.ASP


----------



## NiteHawk (Mar 9, 2003)

Gee, I'm glad I looked back just before submitting. Looks like IMM was faster than me.
What about all those "01" entries? I would get rid of those too. Other the 01 entries I was about to post the same list.
Gotta learn to type faster lol

Also one more BHO
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL


----------



## IMM (Feb 1, 2002)

Well I got the btiein listed but I seem to have dropped the
O2 - BHO: (no name) part off the front (or tacked it to the previous line) - I'll fix it. I'm also a bit out of order which makes it easy to miss 

Re: the O2 entries - you're right (and thanx). I'd passed them by w/o thinking about them just assuming them to be blocking entries pointing to localhost - but looking again I can see they are not.

It might be just as simple to delete the c:\windows\hosts. file as check the O2 entries in HJT but either way works.


----------



## NiteHawk (Mar 9, 2003)

No problem. At first I wondered if those were host entries for blocking also. To be honest I think this was the first log I've seen with O1 entries. Somewhere I recall seeing a web page that broke doswn the different entry types but I guess I forgot to bookmark it.


----------



## IMM (Feb 1, 2002)

perhaps little knows what's going on there - all those ip's seem to point to the same location which 43's as belonging to maxim.net


----------



## musik01 (May 16, 2003)

Per the prior comment I am posting the info that I obtained from HIJACK scan. Please assist in the removal of the above nuisance STOOLBAR.DLL from my computer!

Logfile of HijackThis v1.94.0
Scan saved at 10:19:34 PM, on 5/15/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nba.com/lakers/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.evidence-eliminator.com/go.shtml?A661639
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - C:\WINDOWS\SYSTEM\COMET.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\XUPITERTOOLBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} (CometCursor Class) - http://files.cometsystems.com/cometcursor/cobrand/comet.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - http://jobs.spb.ca.gov/Codebase/FormCtl.cab
O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://jobs.spb.ca.gov/codebase/plsspeller.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (FormFlow Soft Font Installer) - http://jobs.spb.ca.gov/codebase/fontinstaller.cab
O16 - DPF: LiveWorld EZTalk 3.0 (FormFlow Soft Font Installer) - http://bizchat.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/276e232897d6107b1c16/netzip/RdxIE6.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://fr4-download.nocreditcard.com/download/Object/ieaccess2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37588.9983217593
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://205.252.89.9/mp3cashonline/818/mp3.exe
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livesc02.custhelp.com/swoosh/nike_store/rnt/rnl/java/RntX.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50014/btiein.cab


----------



## NiteHawk (Mar 9, 2003)

musik01, here are a number of items that should be removed. Run HiJackThis again and check the followling and let it fix/remove them. I not sure why there are so many lines referencing evidence-eliminator.com, but that's not a major thing. There are also a few others I want to take a look at before I list then as baddies.

*O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM
FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
C:\WINDOWS\SYSTEM\COMET.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\XUPITERTOOLBAR.DLL
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: http://free.aol.com 
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} (CometCursor Class) - http://files.cometsystems.com/comet...brand/comet.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -
http://dst.trafficsyndicate.com/Dnl/T_50014/btiein.cab

Also you should download Spybot at http://spybot.eon.net.au/. Once installed d/l the latest updates by clicking on the "Online tab". Then click on the Settings Tab > File sets Check mark everything under Spybot Search&Destroy and leave the System Internals and Usage tracking unchecked. Back to the top Spybot tab and in the lower left hand corner click on check for problems. Any entry that shows up in RED check mark and then at the bottom click on fix selected problems.*


----------



## Gordon7000 (Mar 22, 2003)

Hi Musik01

There are several malicious entries here, including STOOLBAR, HuntBar and Xupiter. Could you go to Add/Remove Programs to see if any of these programs are listed. If you find them, uninstall them from Add/Remove.

Before proceeding with the HijackThis fixes, could you download, install and run Spybot Search and Destroy?

http://security.kolla.de/index.php?lang=en&page=download

Before using the program, click "Online" and install all updates.
Now, close all web browser windows and disconnect from the Internet.
Then run Spybot (click "Check for Problems").
When the results appear, tick everything highlighted in red.
DELETE all entries in red using Spybot.
After this, REBOOT your PC.

Spybot may appear to 'hang' at certain points. Please allow it several minutes to continue the scan, as it may be carrying out some extensive file checking at these points.

Sometimes, Spybot will show a dialogue box, asking that you run the utility again - after rebooting your PC. If you see this box, click "Yes". Then, after running Spybot a second time, reboot your PC again and check once more to ensure that there are no red items remaining.

Caution: Don't use the 'Immunize' feature until you're more familiar with Spybot S&D.

When you've done this, please post a new HijackThis log.

Regards, Gordon

[Sorry NiteHawk - cross post


----------



## NiteHawk (Mar 9, 2003)

No problem Gordon. While I was posting and then editing in additional info, you were also busy posting. At least we are both on the same page. It will be interesting to see the second run of HiJackThis.


----------



## NiteHawk (Mar 9, 2003)

It's starting to get a little confusing because we have 3 different people all with the same/simular problem. Tim2727 started the thread, Little added her HiJackThis log and now Musick01. I hope that each has come back and read the thread and been helped by the suggestions offered.


----------



## Gordon7000 (Mar 22, 2003)

Hi NiteHawk,

I've had more at one time on the same thread! but each person seemed to benefit from the other's remarks  It could become confusing, but at least it keeps the same/similar problems together.

Gordon


----------



## NiteHawk (Mar 9, 2003)

As long as they learn and benefit by the suggestions, that's what counts. There's a lot of knowledge and experience on this board. And the nice part is, as I'm helping, I'm also learning. So much to learn, so little time.


----------



## musik01 (May 16, 2003)

Nitehawk and Gordon7000:

Thanks so much for your speedy assistance. I did what you both suggested. I went to Add/Remove programs in the Control Panel and got rid of items called Stoolbar, Huntbar and Xupiter.

Then I went to the Spybot site and downloaded Spybot Search and Destroy. I ticked then fixed (Deleted) the selected problems that were in red.

A few did not delete at first so I rebooted and ran the scan again.

It worked exactly as you both explained.

Below is the revised Hijack log minus the bad items.

THANKS A MILLION FOR YOUR ASSISTANCE.

I will now see what happens as I use my computer:

Logfile of HijackThis v1.94.0
Scan saved at 8:20:25 PM, on 5/16/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nba.com/lakers/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.evidence-eliminator.com/go.shtml?A661639
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - http://jobs.spb.ca.gov/Codebase/FormCtl.cab
O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://jobs.spb.ca.gov/codebase/plsspeller.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (FormFlow Soft Font Installer) - http://jobs.spb.ca.gov/codebase/fontinstaller.cab
O16 - DPF: LiveWorld EZTalk 3.0 (FormFlow Soft Font Installer) - http://bizchat.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/276e232897d6107b1c16/netzip/RdxIE6.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37588.9983217593
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livesc02.custhelp.com/swoosh/nike_store/rnt/rnl/java/RntX.cab


----------



## IMM (Feb 1, 2002)

I think I'd get this of this crap - check it in HJT and hit the Fix button (but first close IE and other internet porgrams)
*
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL=http//www.evidence-eliminator.com/go.shtml?A661639
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL=http//www.evidence-eliminator.com/go.shtml?A661639
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page=http//www.evidence-eliminator.com/go.shtml?A661639
R1 - HKCU\Software\Microsoft\Internet 
Explorer\SearchURL,(Default)=http//www.evidence-eliminator.com/go.shtml?A661639
*

as well as
*
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http//207.188.7.150/276e232897d610...tzip/RdxIE6.cab
*

some of the stuff u have I'm not really familiar with tho' (eg those font installers)


----------



## NiteHawk (Mar 9, 2003)

Hi Rory, welcome to TSG

First question is what IS or what do you WANT to be your default browser page? It looks like several things are trying to be your default.

Go to Add/Remove Programs to see if Stoolbar or Huntbar are listed. If so, remove them.

Also you should download Spybot at http://spybot.eon.net.au/. Once installed d/l the latest updates by clicking on the "Online tab" then "Search for Updates" and then "Download Updates". Then click on the Settings Tab > File Sets check mark everything under Spybot Search&Destroy and leave the System Internals and Usage tracking unchecked. Close all web browser windows and disconnect from the Internet. Back to the top Spybot tab and in the lower left hand corner click on check for problems. Any entry that shows up in RED check mark and then at the bottom click on "Fix Selected Problems".

Pause for a minute or two and then reboot.

Run HiJackThis again and check mark the following items (some may have been removed by Spybot already)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.websearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {A6250FB8-2206-499E-A7AA-E1EC437E71C0} - C:\PROGRA~1\COMMON~1\MSIETS\MSIELINK.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab

Pause for a minute or two and then reboot.

Re-run HiJackThis and post a copy back.

There are a few other things I would like to look into, but Windows ME is not my strong suit and I don't want to give you any wrong info. This will give me time to do some research

Edit:
I just noticed this is a cross post. Rory posted the same problem at thread http://forums.techguy.org/t134214/s.html


----------



## walker1982 (May 21, 2003)

I have scanned with Hijack This and here is the log. Now what do I do?

Logfile of HijackThis v1.94.0
Scan saved at 5:46:04 PM, on 5/27/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=www.worldnet.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: ExpressServices 2000.lnk = C:\Program Files\Day-Timer Organizer SHARP Edition\xserv2k.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.worldnet.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio4_0_2_10a.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1250/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37596.3716435185
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab


----------



## NiteHawk (Mar 9, 2003)

> _Originally posted by walker1982:_
> *I'm having problems with the Stoolbar.dll. I have downloaded Hijack This and have scanned. I save the log, but now what do I do. *


If you have scanned and saved the log file, open it up in Notepad, and paste it into your next post here. Someone will be glad to look it over and make suggestions of what to get rid of and what other things to do.

Thanks


----------



## Rory (May 17, 2003)

NiteHawk, with your help and Rollin 'Rog help, the problem has been corrected. I just wanted to thank you.

Keep up the good work.


----------



## NiteHawk (Mar 9, 2003)

Rory, you're quite welcome. Glad to hear that everything is working for you.
If you have any more problems, you know where to come.


----------



## walker1982 (May 21, 2003)

I have downloaded Hijack This and have scanned. Below is my log. Please tell me what to do now. Thanks for all your help.

Logfile of HijackThis v1.94.0
Scan saved at 2:53:58 PM, on 5/21/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=www.worldnet.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE026.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\trickler_3210.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ETraffic] "C:\Program Files\topMoxie\JavaRun.exe" /cp "C:\Program Files\topMoxie" com.ETraffic.ETProxy.ETMain C:\Program Files\topMoxie
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: ExpressServices 2000.lnk = C:\Program Files\Day-Timer Organizer SHARP Edition\xserv2k.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: RemindU - file://C:\Program Files\topMoxie\TEMP\upromise_script0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: SideStep (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: RemindU (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.worldnet.att.net
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio4_0_2_10a.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/29339e472e58d0e96f23/netzip/RdxIE2.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1250/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37596.3716435185
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k26617/sb026.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - http://www.topmoxie.com/external/builds/upromise/upromise_moxie0.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50010/btiein.cab


----------



## Top Banana (Nov 11, 2002)

walker1982.

1. Download Spybot Search and Destroy.

Before scanning check for updates via the "Online" tab. Search for and download all updates. Close IE. "Check for problems" and "Fix" all the red entries.

*Reboot*.

2. Scan with HijackThis. Save the log and copy and paste the HijackThis log into your next post.

Do not fix anything in HijackThis.


----------



## subgoat (May 22, 2003)

I am getting the EAcess STOOLBAR.DLL error so here is my hijack analyis. Please let me know what I should remove thanks.

Logfile of HijackThis v1.94.0
Scan saved at 1:03:37 PM, on 5/22/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] d:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] F:\PROGRAMS\AOL IM 4.0\aim.exe -cnetwait.odl
O4 - Startup: Exif Launcher.lnk = D:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = D:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Power Search - res://C:\PROGRAM FILES\COMMON FILES\MSIETS\MSIELINK.DLL//iemenu
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab


----------



## walkeriam (Feb 19, 2002)

You should go to post #18 in this thread and follow Gordons7000 suggestions in that order (top to bottom).


----------



## Top Banana (Nov 11, 2002)

Close IE. Scan with HT, tick and "Fix" *all* the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O8 - Extra context menu item: Power Search - res://C:\PROGRAM FILES\COMMON FILES\MSIETS\MSIELINK.DLL//iemenu

*Reboot* and remove/delete:

Program Files\Search Toolbar
sentry.exe
Program Files\Common Files\MSIETS


----------



## walker1982 (May 21, 2003)

I downloaded Spybot Search and Destroy. Scanned and fix all red rntries. Rebooted. Scanned with HijackThis. Following please find my log. What do I do next?

Logfile of HijackThis v1.94.0
Scan saved at 4:16:56 PM, on 5/27/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=www.worldnet.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: ExpressServices 2000.lnk = C:\Program Files\Day-Timer Organizer SHARP Edition\xserv2k.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.worldnet.att.net
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio4_0_2_10a.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/29339e472e58d0e96f23/netzip/RdxIE2.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1250/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37596.3716435185
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50010/btiein.cab


----------



## TonyKlein (Aug 26, 2001)

You have a lot of spyware left, which indicates you didn't update SpyBot before scanning.

Meanwhile, check and have HT fix the following:

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx

O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL

O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL

O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.26/Hiwire.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/29339e472e58d0...tzip/RdxIE2.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http//dst.trafficsyndicate.com/Dnl/T_50010/btiein.cab*

Restart your computer, update SpyBot, and run another scan.

Cheers,


----------



## walker1982 (May 21, 2003)

I have scanned with Hijack This. Here is my log. Now what do I do?

Logfile of HijackThis v1.94.0
Scan saved at 5:46:04 PM, on 5/27/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=www.worldnet.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: ExpressServices 2000.lnk = C:\Program Files\Day-Timer Organizer SHARP Edition\xserv2k.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.worldnet.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio4_0_2_10a.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1250/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37596.3716435185
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab


----------



## TonyKlein (Aug 26, 2001)

> _Originally posted by walker1982:_
> *I have scanned with Hijack This. Here is my log. Now what do I do?
> *


I don't know. Have a beer? 

Are you still having any problems we should be aware of. For all spyware ought now to have been removed.

There's one more thing though: 
You really have too many applications starting up automatically as Windows starts, and you would benefit considerably by trimming down that list.

I would go to Start > Run > Msconfig, and uncheck _everything_ but the absolutely necessary on the 'Startup' tab.

Then click OK, close Msconfig, and reboot.

You can use the LAFN list of Startup Programs to help you determine what should stay and what should go.

In case of doubt, please don't hesitate to ask


----------



## walker1982 (May 21, 2003)

Thank you all so much for all the GREAT help. I really don't know what I would have done without you all. You all are #1 in my book. Take care and have a GREAT week.


----------



## TonyKlein (Aug 26, 2001)

You're welcome!


----------



## jennrite (Jun 24, 2003)

I have been receiving the error " Exception EAccess Violation in module STOOLBAR.DLL at 000076BO. Access violation at address 00EB7C10 in module "STOOLBAR.DLL Read of address FFFFFFFF. Then shortly after get IE performed an illegal operation and will shut down. I fixed this issue by going to Double clicking on my computer, double clicking on the c drive and opening up the windows folder. Then I clicked on downloaded Internet files and deleted the files in there. While doing so, I begin to get same error several times. So I shut down and rebooted in safe mode. Went to start, Find all Files and folders and typed in STOOLBAR.DLL. It pulled up four files and I deleted everything it pulled up. That resolved issue for me.


----------



## walker1982 (May 21, 2003)

I getting an error:
Memory access violation in module kernel 32 at 6988:33611936

What should I do?


----------



## walkeriam (Feb 19, 2002)

Run SpyBot Search and Destroy. Make sure you update it first.
http://www.lurkhere.com/~nicefiles/


----------



## walker1982 (May 21, 2003)

I ran Spybot & Destroy. Here are my error: Now what do I do?

Advertising.com: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected]rtising[2].txt

Advertising.com: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][1].txt

Advertising.com: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][1].txt

Advertising.com: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected][1].txt

Alexa Related: What's related link (Replace file, nothing done)
C:\WINDOWS\Web\RELATED.HTM

Avenue A, Inc.: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][2].txt

Avenue A, Inc.: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected][2].txt

BackWeb lite: Main executable (File, nothing done)
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

BFast: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][2].txt

Commission Junction: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][2].txt

CoreMetrics: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][1].txt

DoubleClick: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected][1].txt

DoubleClick: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][1].txt

Gator: Gator uninstall log (File, nothing done)
C:\WINDOWS\GatorUninstaller_cme_u.log

Gator: Gator uninstall log (File, nothing done)
C:\WINDOWS\GatorUninstaller_cme.log

Gator: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][1].txt

HitBox: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][2].txt

HitBox: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected]ox[1].txt

HitBox: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][2].txt

HitBox: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][2].txt

HitBox: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected]ox[1].txt

HitBox: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected][1].txt

Hotbar: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\HbSrv.EXE

Hotbar: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{B701A705-F828-11D4-A466-00508B5BA2DF}

Hotbar: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hotbar

Hotbar: Browser Helper Object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Hotbar.HbCommBand.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Hotbar.HbMain.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Hotbar.HbBho

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbHostIE.HbBho.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HBInstIE.HbInstObj.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HBInstIE.HbInstObj

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbSrv.HbCoreServices.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbSrv.HbCoreServices

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbToolbar.HbToolbarCtl.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbToolbar.HbToolbarCtl

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim.1

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Hotbar.HbMain

Hotbar: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Hotbar.HbCommBand

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F}

Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}

Hotbar: Explorer bar (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}

Hotbar: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Hotbar

Hotbar: IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}

Hotbar: Installer (File, nothing done)
C:\WINDOWS\Downloaded Program Files\hotbar.inf

Hotbar: Installer (File, nothing done)
C:\WINDOWS\SYSTEM\Hbinst.exe

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{918E4B7A-4D80-43A4-83A7-39ADCC11841F}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9EE87A26-B2C8-4130-83F6-E8511D939976}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DA603411-0593-11D5-A46B-10101B1B1111}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A}

Hotbar: Interface ( (IHbStats)) (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF}

Hotbar: Interface ( (IHbCTB)) (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DA603411-0593-11D5-A46B-10101DDD1111}

Hotbar: Interface ( (IHbMapiAddrBook)) (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{46417AFD-7A15-4ED1-B764-CB72CD4D904F}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6A6EBAE8-8C66-4675-B423-95B3BA530940}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6F885F52-B45F-45BC-8642-FE3D56155A3A}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{4BF4FAFA-186E-4E36-8F74-525290438D7B}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746}

Hotbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{17719B53-FAD1-11D4-A466-00508B5BA2DF}

Hotbar: Program directory (Directory, nothing done)
C:\Program Files\Hotbar

Hotbar: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}

Hotbar: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{94BEB7A2-36B7-46DC-8AD1-81A8332409C0}

Hotbar: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{B701A704-F828-11D4-A466-00508B5BA2DF}

Hotbar: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{A80347D3-F757-11D4-A466-00508B5BA2DF}

Hotbar: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{60F63095-41EC-11D5-B558-00D0B77F0A6D}

Hotbar: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{B195B3A5-8A05-11D3-97A4-0004ACA6948E}

Hotbar: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Hotbar

HuntBar: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\BTLINK

MediaPlex: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\[email protected][1].txt

MediaPlex: Tracking cookie or cookie of tracking site (File, nothing done)
C:\WINDOWS\Cookies\elizabeth [email protected][2].txt

MS Works: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection

MS Works: Program file (File, nothing done)
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

VX2/f.InfWin: Executable (File, nothing done)
C:\WINDOWS\MSVprep.exe

--- Spybot-S&D version: 1.2 ---
2003-08-28 Includes\Temporary.sbi
2003-09-05 Includes\Cookies.sbi
2003-09-09 Includes\Dialer.sbi
2003-09-08 Includes\Hijackers.sbi
2003-09-05 Includes\Keyloggers.sbi
2003-09-08 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-09-05 Includes\Security.sbi
2003-09-09 Includes\Spybots.sbi
2003-09-05 Includes\Tracks.uti
2003-09-05 Includes\Trojans.sbi


----------



## NiteHawk (Mar 9, 2003)

Run Spybot again and delete (fix) all entires that are in RED.


----------



## walkeriam (Feb 19, 2002)

Go to ADD and REMOVE PROGRAMS in the Control Panel and REMOVE GATOR, HITBOX, BACKWEB or HOTBAR if they appear. 

Then like NITEHAWK said Run SpyBot again and after it's done searching, check ALL in RED and click on FIX SELECTED PROBLEMS.


----------



## walker1982 (May 21, 2003)

After running & fixing problems with Spybot I'm still getting this error:
Memory access violation in module kernel 32 at 7982:16593585.
What should I do?


----------



## walkeriam (Feb 19, 2002)

Run another scan with HighJackThis and post the result back here.


----------



## walker1982 (May 21, 2003)

Where do I find Hijack This?


----------



## walkeriam (Feb 19, 2002)

I'm sorry, I assumed since you posted three copies of your HJT LOG already (Post#26, 30, 35 of this thread) that you had it in-stalled on your computer.

Go to PAGE#1, POST #2 of this thread and TonyKlein explains it and gives the link.


----------



## walker1982 (May 21, 2003)

I have ran HiJack This and here is my log:

Logfile of HijackThis v1.97.2
Scan saved at 8:13:07 AM, on 9/24/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RJYDBB.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BELKIN MOUSE 1.0\MOUSE32A.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [zosbcoxz] rjydbb.exe autorun
O4 - HKLM\..\Run: [dptr] kebmv.exe autorun
O4 - HKLM\..\Run: [mmvljoe] axsnfdwp.exe autorun
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio4_0_2_10a.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1250/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37886.3016550926
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) - 
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab


----------



## NiteHawk (Mar 9, 2003)

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.

Next, close all browser Windows, and have HT fix all checked.
*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr...//www.yahoo.com

O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [zosbcoxz] rjydbb.exe autorun
O4 - HKLM\..\Run: [dptr] kebmv.exe autorun
O4 - HKLM\..\Run: [mmvljoe] axsnfdwp.exe autorun

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Related (HKLM)

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1.../v6/brix6ie.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cab
*

None of these need to be run every time you start your computer. They can be run from the Start Programs menu on an as needed basis.

O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE

Next reboot into Safe Mode and remove the following files and folders that are *bolded*

Search for, find and delete the following files. They will most likely be in \windows or \windows\system

*rjydbb.exe 
kebmv.exe 
axsnfdwp.exe *

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Reboot into normal mode

Now download Spybot - Search & Destroy  (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks


----------



## walkeriam (Feb 19, 2002)

Quote: "None of these need to be run every time you start your computer. They can be run from the Start Programs menu on an as needed basis.

O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE "

You can disable the ones that say RUN and RUN SERVICES by going to START>RUN and typing in *msconfig* and clicking OK. Then click the STARTUP TAB and un-check them.

The ones that say STARTUP you can disable by RIGHT clicking START then clicking OPEN, then PROGRAMS, then STARTUP and RIGHT CLICKING and DELETE them.

I would also go to Trend Micro and run an ONLINE SCAN for viruses as I assume these three files contain.
rjydbb.exe 
kebmv.exe 
axsnfdwp.exe

http://housecall.trendmicro.com/


----------



## walker1982 (May 21, 2003)

Thanks walkeriam for the help. I tried to disable the ones that said RUN and RUN SERVICES, but I'm still getting this error message:
Memory access violation in module kernel 32 at 8595:17116478. I have ran another scan with Hijack This and here is my log:

Logfile of HijackThis v1.97.2
Scan saved at 8:56:04 AM, on 9/25/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RJYDBB.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\BELKIN MOUSE 1.0\MOUSE32A.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\DTIOM98.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v9.5/investor.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio4_0_2_10a.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37886.3016550926
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -


----------



## walkeriam (Feb 19, 2002)

Did you run a scan with HouseCall and SpyBot Search and Destroy?

Make sure you have run HOUSECALL AND SPYBOT before doing these!!

Double click MY COMPUTER then C:\ then WINDOWS. Find this file and DELETE it. "RJYDBB.EXE"

Go to ADD AND REMOVE PROGRAMS in the Control Panel and REMOVE QUICKTIME.

You may consider un-installing GO BACK and see if that helps. It is a resource hog.

RIGHT click START, then click OPEN>PROGRAMS>STARTUP and right click and DELETE anything "Iomega"

Go to START>RUN and type in MSCONFIG and click OK. Click on the STARTUP TAB at the top. UN-CHECK anything that has the word "IOMEGA" in it. 
AND 
OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
If you do-not use a USB SCANNER or CAMERA, you can un-check "STIMON.EXE", If you do use one leave it checked.

After RE-BOOT, Go to INTERNET OPTION in the Control Panel. On the GENERAL TAB click SETTINGS then click VEIW OBJECTS.
DELETE all except "UPDATE CLASS" and anything with "SHOCKWAVE" in it.

Then re-start your computer and let us know how it works.


----------



## NiteHawk (Mar 9, 2003)

Going in and somewhat randomly and permanently deleting programs seems pretty drastic to me. I would rather disable them from starting up while you trouble-shoot the problem. That way once the problem is found you can re-enable what was NOT the cause and delete and/or reinstall what WAS the problem.

Since none of the scans have pointed us to anything positive yet, let's try this. What is known as the Rule of Halves. Open up msconfig and make a list of all the running entries. These would be the ones that have check marks by them. For the sake of numbers, lets say you have 20 checked items. You want to keep Explorer, System Tray, your antivirus, and your firewall. That brings the list down to 16. Now disable (uncheck) half of them (8). Reboot and run your system to see if you still have the problem.

IF you STILL have the problem, go into msconfig and disable half of the remaining ones (4). Reboot and test. IF you STILL have the problem disable the next half (2).

On the other hand, IF the problem is gone you are now into the "add/subtract phase. Go into msconfig and re-enable 4 programs. Reboot and test. Based on the results, either add 2 more programs back in or subtract 2 (of the 4) back out. 

It's time consuming, but no more so than the time you have already spent on the problem. In the end there are only one of two results. Either you find the start up entry that is causing the problem or you determine that none of them cause the problem and you have to look elsewhere.

Good Luck


----------



## walker1982 (May 21, 2003)

Thanks walkeriam and Nite Hawk. I think everything is OK. Thanks for the help.


----------



## walkeriam (Feb 19, 2002)

I was not only trying to fix the ERROR but was also trying to help speed up their computers performance too. I guess I should have waited for them to say the error was fixed but their computer was running slow. 

The programs I suggested be removed can easily be re-installed if needed. Or maybe I'm just use to my DSL. 

Anyway, I'm glad we could help them fix it, have a good day :up:

By the way walker1982, what actually fixed it? Just in case someone else has the same problem and lands on this thread though a search.


----------



## walker1982 (May 21, 2003)

I thought we had everything fix, but I try to transfer pictures from my Kodak camera and they won't transfer.


----------



## walkeriam (Feb 19, 2002)

You may have un-check the "STIMON.EXE" box in the MSCONFIG Utility. Make sure it is ckecked and your USB cable is securely plugged into your computer.


----------



## walker1982 (May 21, 2003)

"STIMON.EXE" box in MSCONFIG Utility is checked. And I checked the USB cable. But it still won't transfer the pictures.


----------



## walkeriam (Feb 19, 2002)

Make sure this one is checked in MSCONFIG also.
dcfssvc.exe


----------



## walker1982 (May 21, 2003)

I can't find that file in MSCONFIG.EXE


----------



## walkeriam (Feb 19, 2002)

Try re-installing your "Kodak EasyShare software" assuming you have the disk.


----------



## walker1982 (May 21, 2003)

I can't print from QuickTime PictureViewer. I have ran HiJack This and here is my log:
Logfile of HijackThis v1.97.2
Scan saved at 12:50:16 PM, on 10/21/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BELKIN MOUSE 1.0\MOUSE32A.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\QUICKTIME\PICTUREVIEWER.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37886.3016550926
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -


----------



## walkeriam (Feb 19, 2002)

walker1982,
All through this post, we have suggested things for you to try and you have not told us what you have done so far. We suggested you re-install Kodak EasyShare to get your Camera to work and you haven't told us if that is fixed or what you did to fix it. We suggested you un-install Quicktime and if you did, then that may explain why Quicktime Picture Viewer is not allowing you to print from it. Try re-installing Quicktime if you must use Quicktime. It always seem to cause my computer to screw up and that's why I use MSPAINT or others to view my pictures. 

Please tell us what you have done and if it fixed any of your problems. We do not know if you are still getting the error messages or not? Please let us know where we stand each step of the way.

For each new problem, you may want to start a new thread if they are not related to each other as it has been a month since you last responded to this thread.

Thank You!


----------



## NiteHawk (Mar 9, 2003)

To put it bluntly, if you can't give us feedback and help us, we can't help you!


----------



## walker1982 (May 21, 2003)

I'm sorry for not posting after my last problem. Yes after re-installed Kodak EasyShare software that got my camera working again. I had forgot that I was having a problem printing from Quicktime, but after you all told me the files to delete, that fix my error messages and my printing problems. I'm not getting any error messages, I just can't print from Quicktime. Thanks for all your help.


----------



## walkeriam (Feb 19, 2002)

Did you try re-installing Quicktime to fix the printing problem?
http://download.com.com/3120-20-0.html?qt=Quicktime&tg=dl-2001&search=+Go!+

Thanks for the feedback!


----------

