Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > mysearch / s4bar.dll problem

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

mysearch / s4bar.dll problem

Reply to Message Icon

Name: help~~
Date: October 9, 2003 at 23:56:33 Pacific
OS: win 2k
CPU/Ram: amd athlon xp / 262 ram
Comment:

hello, i have this problem with spywares/adwares... well, at first when i found that mysearch was installed, i uninstalled it using spybot, which worked, except that it wasn't able to delete the s4bar.dll file. When i try to delete the file manually it won't allow me, saying "cannot delete s4bar: access is denied. the source file may be in use"
is there anyway that i can delete it? i've been getting alot of spywares lately and i think that file might be causing the problem (although i'm not sure). please someone help!
thank you.



Sponsored Link
Ads by Google

Response Number 1
Name: Tom41
Date: October 10, 2003 at 00:01:15 Pacific
Reply:

Let's have a look, Download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.

HijackThis!


0

Response Number 2
Name: jae
Date: October 10, 2003 at 18:52:08 Pacific
Reply:

hello.. well, i ran hijack this and this is what i got:
(btw, thank you ^^)

Logfile of HijackThis v1.97.2
Scan saved at 6:51:41 PM, on 10/10/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINNT\rundll16.exe
C:\WINNT\System32\internat.exe
C:\Documents and Settings\jae\Application Data\crro.exe
C:\WINNT\System32\rsvp.exe
C:\Program Files\n-CASE\msbb.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\WINNT\System32\winmine.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\ESTsoft\ALZip\ALZip.exe
C:\Documents and Settings\jae\Local Settings\Temp\_AZTMP0_\HijackThis.exe

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
O2 - BHO: (no name) - {2D5BDE51-A144-4DF9-9E8B-BF2323F8E312} - C:\WINNT\System32\ir41_qcpx.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\System32\stlbdist.DLL (file missing)
O3 - Toolbar: (no name) - {AF259C77-E126-4181-81B8-1397A548CD2D} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [58Y9XRW533ENPX] C:\WINNT\System32\Lmu4.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\n-CASE\msbb.exe
O4 - HKLM\..\Run: [DRJT] C:\WINNT\DRJT.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Verizon Online Control Pad] "C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe"
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - HKCU\..\Run: [Taat] C:\Documents and Settings\jae\Application Data\crro.exe
O8 - Extra context menu item: Ç÷¡½¬°ÙÀ¸·Î ¸ðµÎ ¹Þ±â(&Z) - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Ç÷¡½¬°ÙÀ¸·Î ¹Þ±â(&G) - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: {021D0DFA-A386-43CC-BF60-C9CDB24D48B9} (FreeBBS Control) - http://pdslist-download.korea.com/Freebbs/Release/Release20000510/BBSList.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5A5A6075-27F2-4DE0-9493-FF0F985225D5} (ObjTPPDn Class) - http://club-download.korea.com/WYSIWYG/tppclient.cab
O16 - DPF: {5E4E4EA6-F3FF-11D3-B7DE-005004BC96F7} (DownloadControl Control) - http://pdslist-download.korea.com/Freebbs/Release/Release20000510/FreeDownload.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} (InlivePlayer Control) - http://inlive.co.kr/js/ShortCut.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37885.4099305556
O16 - DPF: {A1410988-8ADB-4145-B11B-83B0AA23B6BA} (fileSizeCheck Class) - http://club.korea.com/_bbs/KComEditor/KFileCheck.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugsmusic.co.kr/SetGlb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab



0

Response Number 3
Name: Tom41
Date: October 11, 2003 at 02:54:47 Pacific
Reply:

Run HT again and check the following items. Doublecheck so as to be sure not to miss one.
Next, close all browser Windows, and have HT fix all checked.

You NEED to restart your computer when you're done.

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
O2 - BHO: (no name) - {2D5BDE51-A144-4DF9-9E8B-BF2323F8E312} - C:\WINNT\System32\ir41_qcpx.dll
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\System32\stlbdist.DLL (file missing)
O3 - Toolbar: (no name) - {AF259C77-E126-4181-81B8-1397A548CD2D} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [58Y9XRW533ENPX] C:\WINNT\System32\Lmu4.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINNT\rundll16.exe
O4 - HKLM\..\Run: [msbb] C:\Program Files\n-CASE\msbb.exe
O4 - HKLM\..\Run: [DRJT] C:\WINNT\DRJT.exe
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - HKCU\..\Run: [Taat] C:\Documents and Settings\jae\Application Data\crro.exe

After restarting delete the following:

Folders:
C:\Program Files\Media
C:\Program Files\SuperBar
C:\Program Files\n-CASE

Files:
C:\WINNT\System32\Lmu4.exe
C:\WINNT\System32\stlbdist.DLL
C:\WINNT\rundll16.exe
C:\WINNT\DRJT.exe
CD_Load.exe
C:\Documents and Settings\jae\Application Data\crro.exe

Then install, update and run Spybot-S&D. Have Spybot remove all red entries.

Spybot


0

Response Number 4
Name: jae
Date: October 11, 2003 at 16:52:31 Pacific
Reply:

thank you. i did as you suggested ^^


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: mysearch / s4bar.dll problem
cant delete s4bar.dll (mysearch) www.computing.net/answers/security/cant-delete-s4bardll-mysearch/7097.html

multiple problems www.computing.net/answers/security/multiple-problems/7770.html

ADW.Tenget.A virus? www.computing.net/answers/security/adwtengeta-virus/5765.html