Toolbars gone wild after Freshbar removal

Question

Den. 0 Newbie Poster

19 Years Ago

After having to spend a few hours healing a hijacker (Freshbar), now my IE toolbar won't stay the way I want it to. Everytime I go to any website the toolbars look like this. Then I re-configure it to look like this. But, no matter how I customize or lock the toolbars, I can't get it to stay that way, it always reverts to the old one when I go to another website or link.
I am prepared to post a HijackThis log if needed.

windows-virus

6 Contributors
21 Replies
268 Views
1 Week Discussion Span
Latest Post 19 Years Ago Latest Post by crunchie

caperjack 875 I hate 20 Questions

19 Years Ago

A hijackthis log will help maybe !

dlh6213 27 Posting Maven

19 Years Ago

Go here:

http://forums.skads.org/index.php?showtopic=80

Get the file that is attached in post #3

Then get Hijackthis (as Caperjack suggested) from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, then copy and past it here.

DMR 152 Wombat At Large

19 Years Ago

While I doubt this has anything to do with your toolbar settings problem, the following HijackThis entry indicates that you're infected with a keylogger trojan:

O4 - HKCU\..\Run: [BPK] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE

This is not a Good Thing. :mad:
More information on the trojan (including removal instructions) can be found here:

http://securityresponse.symantec.com/avcenter/venc/data/spyware.perfect.b.html

dlh6213 27 Posting Maven

19 Years Ago

O4 - HKCU\..\Run: [BPK] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
NO.....I downloaded that for my personal use. Any other suggestions?

I have a question, why do you have a keylogger?

Unzip the remv3.zip files to a permanent folder and run it in SAFE MODE ONLY.

Then, after rebooting , post the results from c:\log.txt.

DMR 152 Wombat At Large

19 Years Ago

I have a question, why do you have a keylogger?

Um... you might just want to leave that one alone, Danny. ;)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Den. 0 Newbie Poster · Answer 1 · 2005-02-07T22:05:18+00:00

I got the file remv3. Here is my log.

Logfile of HijackThis v1.99.0
Scan saved at 10:56:09 AM, on 2/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\BABYLON\BABYLON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRABCLIPSAVE\GRABCLIPSAVE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\PROGRAM FILES\ANALOGX\POW\POW.EXE
C:\WINDOWS\DESKTOP\DESKTOP\DOWNLOADS\ARSCLIP\ARSCLIP.EXE
C:\PROGRAM FILES\STAR DOWNLOADER\STARDOWN.EXE
C:\PROGRAM FILES\WIRELESS DEVICE\WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\WIRELESS DEVICE\WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WIRELESS DEVICE\WIRELESS KEYBOARD\OSD.EXE
C:\PROGRAM FILES\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\AD-AWARE\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Name - {CB06C080-7632-11D9-9CB3-444553540000} - C:\WINDOWS\SYSTEM\MSXQC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [GCS] "C:\PROGRAM FILES\GRABCLIPSAVE\GRABCLIPSAVE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BPK] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Startup: Shortcut to ArsClip.exe.lnk = C:\WINDOWS\Desktop\DESKTOP\DOWNLOADS\ArsClip\ArsClip.exe
O4 - Startup: Star Downloader.lnk = C:\Program Files\Star Downloader\stardown.exe
O4 - Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27c3b91283e8e0142919/netzip/RdxIE601.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9EAA7F1-934A-11D0-958A-0060975AE865} (OFX Parser Class) - http://fdl.msn.com/public/investor/v13/ofx/ofxpb.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

Den. 0 Newbie Poster · Answer 2 · 2005-02-08T06:37:23+00:00

O4 - HKCU\..\Run: [BPK] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
NO.....I downloaded that for my personal use. Any other suggestions?

Den. 0 Newbie Poster · Answer 3 · 2005-02-09T04:20:55+00:00

Unzip the remv3.zip files to a permanent folder and run it in SAFE MODE ONLY.
Then, after rebooting , post the results from c:\log.txt.

I ran in safe mode and answered "no" to three surprise questions about merging things into the registry.

ECHO is on
Checking for version 1 Files.......
"Files found"
---------------------------------------------------------------------

deleting files........
---------------------------------------------------------

"Files Not Deleted"
---------------------------------------------------------------------

Checking for version 2 files..........
Files Found
------------------------------------------------------------

deleting files........
---------------------------------------------------------

Files Not deleted
------------------------------------------------------------

Checking version 3 Files...................
Files Found ..................
----------------------------------------

Files not Deleted.............
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------

Other bad files to be Manually deleted.. Please Note that This might also list Legit Files, be careful while Deleting
-----------------------------------------------------------------

Den. 0 Newbie Poster · Answer 4 · 2005-02-11T11:06:42+00:00

What's my next move? Have we given up?

Den

DMR 152 Wombat At Large Team Colleague · Answer 5 · 2005-02-11T15:22:31+00:00

Have we given up?

No- we definitely haven't; please just hang in there Den.

Those of us who volunteer here do so in/from different time-zones, and also have "real-life" circumstances which can keep us from being as "present" here as we would like to be (the flu and other such fun ailments being the case at the moment for at least a few of us).

As dlh6213 asked you to run remv3.zip, please wait for his response; I'm sure he'll get back to as soon as he can.

Thanks for understanding.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2005-02-11T16:50:18+00:00

I ran in safe mode and answered "no" to three surprise questions about merging things into the registry.

What questions? There are a lot of registry entries that are created by this infection that remv3 removes.

Also, please do not shout. As DMR stated, we are all volunteers. We eat, sleep etc., the same as you :).

chound 1 Junior Poster · Answer 7 · 2005-02-11T18:36:41+00:00

Just download Firefox. No headaches. Fast speed.

dlh6213 27 Posting Maven Team Colleague · Answer 8 · 2005-02-11T21:59:00+00:00

I ran in safe mode and answered "no" to three surprise questions about merging things into the registry.

What were the questions and why did you answer "no"?

Den. 0 Newbie Poster · Answer 9 · 2005-02-14T05:12:32+00:00

What were the questions and why did you answer "no"?

Sorry for my delay in responding. Here are the four questions that popped up while running remv3. I answered no to these questions because I wasn't sure how to procede. How shall I procede? Thanks.

Are you sure you want to add the information in c:\bad.txt to the registry?

Are you sure you want to add the information in HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\Hd to the registry?

Are you sure you want to add the information in c:\bad.reg to the registry?

Are you sure you want to add the information in HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\Ms4Hd to the registry?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2005-02-14T16:27:47+00:00

remv3 removes files then fixes the affected registry entries. It must be allowed to continue for the fix to complete :).

Den. 0 Newbie Poster · Answer 11 · 2005-02-14T23:28:13+00:00

Ran remv3 and got this answer to all four yes clicks to the four questions mentioned above:

Cannot import (information mentioned above) : Error opening the file. There may be a disk or file system error.

Ran in normal and safe mode; same response in either mode.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 12 · 2005-02-15T16:15:50+00:00

crunchie 990 Most Valuable Poster

19 Years Ago

Might be an idea then to post a new hijackthis log :).

Den. 0 Newbie Poster · Answer 13 · 2005-02-15T20:05:10+00:00

My bad. Here you go.

Logfile of HijackThis v1.99.0
Scan saved at 8:59:40 AM, on 2/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\BABYLON\BABYLON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRABCLIPSAVE\GRABCLIPSAVE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\PROGRAM FILES\ANALOGX\POW\POW.EXE
C:\WINDOWS\DESKTOP\DESKTOP\DOWNLOADS\ARSCLIP\ARSCLIP.EXE
C:\PROGRAM FILES\STAR DOWNLOADER\STARDOWN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WIRELESS DEVICE\WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\WIRELESS DEVICE\WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\WIRELESS DEVICE\WIRELESS KEYBOARD\OSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\AD-AWARE\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysite.verizon.net/res0zat2/index.html
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Name - {CB06C080-7632-11D9-9CB3-444553540000} - C:\WINDOWS\SYSTEM\MSXQC.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [GCS] "C:\PROGRAM FILES\GRABCLIPSAVE\GRABCLIPSAVE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [bpk] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Startup: Shortcut to ArsClip.exe.lnk = C:\WINDOWS\Desktop\DESKTOP\DOWNLOADS\ArsClip\ArsClip.exe
O4 - Startup: Star Downloader.lnk = C:\Program Files\Star Downloader\stardown.exe
O4 - Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27c3b91283e8e0142919/netzip/RdxIE601.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B9EAA7F1-934A-11D0-958A-0060975AE865} (OFX Parser Class) - http://fdl.msn.com/public/investor/v13/ofx/ofxpb.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 14 · 2005-02-16T02:56:15+00:00

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27c3b91283e8e0...ip/RdxIE601.cab

Have you tried a repair to Internet Explorer? Could try that.

Den. 0 Newbie Poster · Answer 15 · 2005-02-16T11:11:13+00:00

Ran Hijackthis and "fixed" the entry you mentioned. No change in the toolbar problem. Tried your other suggestion to repair Internet Explorer. Had already tried that unsuccessfully, however this time it did the trick; toolbars no longer gone wild. Thank you all for your help. Den.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 16 · 2005-02-16T15:43:36+00:00

crunchie 990 Most Valuable Poster

19 Years Ago

You are welcome. Glad that you got it fixed :).