[Ibis Toolbar/huntbar Removal]

Well, it keeps showing up in Spybot and Ad Aware. I think the only thing of it that's on my computer is a few registry keys. I can go to them, but it says there's an error when I try to delete them. When I try to get rid of them with Spybot, it says that it couldn't be fixed and to try at startup. I did that and I also tried in safe mode. With Ad Aware, it just acts like it did, but if I immediately do another scan it finds the same thing. The registry key is HKEY_LOCAL_MACHINE\SOFTWARE\BTIEIN and when I try to delete it it says "Can not delete BTIEIN - Error while deleting key"

[Ibis Toolbar/huntbar]

I believe so.

[Ibis Toolbar/huntbar Removal]

Other thread in Spyware/Adware Removal forum

Logfile of HijackThis v1.98.2

Scan saved at 12:46:36 PM, on 9/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\hphmon04.exe

C:\Program Files\Washer\washer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\McAfee.com\VSO\mcshield.exe

C:\Adnan\blackbox\blackbox.exe

C:\WINDOWS\system32\winlogon.exe

C:\Adnan\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thelazygamer.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKUpd] C:\PROGRA~1\mcafee.com\shared\mghtml.exe mcp://C:\Program Files\McAfee\SpamKiller\mskupd.ui::chkupd.htm

O4 - HKLM\..\Run: [Mskexe] c:\program files\mcafee\spamkiller\spamkiller.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0

O4 - HKCU\..\Run: [PCBoost] "C:\Program Files\PCBoost\PCBoost.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Trillian.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl...22/ComCtl32.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/2003...iTunesSetup.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.napster.com/client/isetup.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_0.cab

[Ibis Toolbar/huntbar]

I posted a log a while back and Pete C read it for me, but ok.

[Ibis Toolbar/huntbar]

See, the thing is, none of those work. It says to get rid of registry entries and a file, none of which are existing on my computer. The only remnant of it is HKEY_LOCAL_MACHINE\SOFTWARE\BTIEIN and any subkeys.

The DSO Exploit no longer appears.

[Firefox Skins]

I use the Firefox Modern Theme. A lot of themes I find are just redone buttons. If they were to change other things, I'd probably get one of those. Apollo has some cool buttons.

[Microsoft Calls Out Hackers]

well I don't know if microsoft is brave or stupid....recon they will find out soon enough. 

I say stupid.......

Agreed.

[Ibis Toolbar/huntbar]

I have been finding this for a while. In Spybot it finds it as HuntBar and says its in use. I run Spybot in safe mode and it still says its in use. I let it run at startup, it's still in use. Today I started finding the DSO Exploit which Spybot says gets deleted but finds again in an immediate scan after. Ad-Aware finds the IBIS ToolBar which from a Google I found is the same as the HuntBar. Also, they both list the same registry entry which it won't let me delete. I found a few ways to delete it via Google, but they were either too complicated and something I felt risky or they said to delete certain things which didn't exist. I really have no idea what else to post like an HJT log or something; just tell me what to post, and I will. Oh, XP Home SP1

[The Windows Key, It's Not Useless After All!]

Out of curiosity, I wondered what it does when you do █+PgUp/PgDn. It cycles programs for those of you too lazy to try it yourself. Normally, laziness is high on the list of priorities for me, but not this time.

[The Windows Key, It's Not Useless After All!]

█ will represent the windows key

█+D -- Show Desktop -- Also works with BBLean, shows your "real" desktop with icons

█+L -- Switch User

█, L, L -- Log Off User

█, U, U -- Shutdown

█, U, R -- Restart

█+R or █, R -- Run

EDITED

█ -- Start Menu

█+E -- Explore My Computer

BBLean Win Key shortcuts

█+D -- Display propertiesi

█+P -- Plugins.rc edit

█+S -- Current style edit

█ -- Main Men

█+Y -- Restore window

█+V -- Vertical maximize window

█+G -- Gather windows (bring all to one workspace)

█+Q -- Terminate shell

█+T -- Toggle tray

█+H -- Horizontal maximize

█+M -- Menu.rc edit

█+X -- Maximize window

█+N -- Minimize window

Certain Explorer shortcuts work in BBLean as well.

[Windows Support Board Suggestion]

Nerelda, you like this smiley don't you ?

Add Disk Cleanup. It's in Start=>Programs=>Accessories=>System Tools=>Disk Cleanup for me, XP Home.

[Edit Messages]

I think the minute wait feature is stupid and I don't ever plan on using it.

Go Beluga!

[How Did You Get Your Name?]

My name hmm...I really don't know. I know I came up with it several years ago and that it was most likely come up with a stupid reason. I was in third or fourth grade and, in my opinion, was an idiot. I use it everywhere. If you see a "Snaxe", it most likely is me. The only places I haven't gotten "Snaxe" at are at shizmoo, AIM, Yahoo, and MSN/Hotmail.

I recently made my avatar myself with The GIMP. My sig is plugging.

[I Miss Ttv Board's Style Reply Button]

I'd rather have the quotes go straight to the reply box instead of having a separate one. The only problem with this is that some people have trouble editing the quotes.

As for the "Replying to..." you could try just using hte fast reply box. You have to push the button for it to show. There's an option in the My Controls to have it always open if you so desire.

Is it even possible to do what CurlingSteve was talking about with highlighting the text and then quoting it?

One thing I would like to see is a separate button that quotes to the fast reply box instead.

That's just me...

[Firefox Tweak For Those Who Use Moz.]

I got the same things BitBanger got and I'm on Firefox 0.9.3. I just made a value for the network.http.pipelining.firstrequests

[Minor Suggestion/idea]

Good suggestion. Something not bright will do for me.

[Win Xp2 Does It Beat 3rd Party Programmes]

I wouldn't bet on it.

[Best ! Free, Pc Utilities]

I apologize for not providing links and for any repeats.

Spybot Search and Destroy

SpywareBlaster

A squared

Ad-Aware SE

The GIMP

iTunes

Trillian

Firefox

Vim

Zone Alarm

any utility that can recover deleted files

[Avatars And Sig Images]

Thanks, but it's supposed to be animated...

[Avatars And Sig Images]

'Tis what I did, refused it saying the extension was denied. Most likely due to the fact that it didn't really have an extension. The URL for it is http://tinypic.com/2nmn8

[Avatars And Sig Images]

I think the avatar size limit should be 160x160. It'll make my avatar look better . Any bigger though and the left side starts to move accordingly. Also, it doesn't allow my sig image. I have it hosted at tinypic.com and when I submit it says that the file format isn't allowed. Let's see if it allows it here:

nope

Odd, it told me the 30 second flood control thing when at the G4techTV forums it's twice as long and have never seen it except when editing posts...

[Clock Time On Board]

Go to My Controls=>Board options=>time zone

[Keep It Clean]

Feels familiar to me 'cause my boards use the IPB too..