Quantcast

PC related issue - Hotbar removal......

Discussion in 'The Lounge' started by SK6, Oct 27, 2005.

  1. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...
    I have NEVER loaded Hotbar on my computer! Never ever. It keeps popping up......

    Now it is not listed in the add/remove programs, however, it ends up back in the registry.

    The reason I know that this is happening, is every other day, my system slows down. I run all of my spyware programs. The list is as follows:

    Spysweeper
    Adaware Pro
    Spybot S&D
    Microsoft Anti-spyware

    Every time I find it, it is in the registry. So I know the program doesn’t exist, as there is no program file on any of the drives, which gives the indication that this is a browser redirect. This also answers the degradation in performance of the browser itself over a high speed connection.

    So the question is, what can I do to permanently remove it, or is there a program that specifically scans the registry for problems?
     

    Please register to disable this ad.

  2. Tenchiro

    Tenchiro Attention K Mart Shoppers

    Rep/Likes:
    5 / 0
    Joined:
    Jul 19, 2002
    Messages:
    5,407
    Location:
    New England
    Try Hijackthis it seems to get list about everything including registry items. Run it and post the results here.
     
  3. MMike

    MMike A fowl peckerwood.

    Rep/Likes:
    61 / 84
    Joined:
    Sep 5, 2001
    Messages:
    18,261
    Location:
    just sittin' here drinkin' scotch
  4. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...

    oops, I forgot that one.....That the thing, I remove it, sometimes manually, and it reinstalls.

    BTW, I love hijack this! :thumb:
     
  5. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...
    I'll run it and post when I get home. Thanks for the help.
     
  6. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...
  7. fiddy_ryder

    fiddy_ryder Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jun 17, 2005
    Messages:
    1,655
    Location:
    Hollywood
    youre missing a reg key that probably points to the dll... you need to find out what dll its loading and remove all keys and instances of this file, or it will keep coming back
     
  8. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...
    MMikes post had a great article on the registered DLL's for the program. As far as the registry keys are concerned, I pretty much have them memorized...:rolleyes: sadly...

    However, now that I know which DLL's are associated with it, I can delet the DLL, search the registry for the all keys and instances of the files, and safly remover them.

    The only real issue that I need to be careful of is to makie sure that it's not a shared DLL.....

    We'll see what happens...
     
  9. Changleen

    Changleen Paranoid Member

    Rep/Likes:
    1 / 4
    Joined:
    Jan 9, 2004
    Messages:
    9,890
    Location:
    Hypernormality
    HotBar is a real bitch, I had to try and remove it when I was support at my last job form some POS PC and in the end I just said 'F it' and reinstalled. I tried several 'Hotbar removal tools' and none of 'em worked. If I ever meet the creator of HotBar I'm gonna punch him in the teef.
     
  10. Transcend

    Transcend My Nuts Are Flat

    Rep/Likes:
    5 / 0
    Joined:
    Apr 18, 2002
    Messages:
    18,062
    Location:
    Towing the party line.
    I love my mac.
     
  11. Changleen

    Changleen Paranoid Member

    Rep/Likes:
    1 / 4
    Joined:
    Jan 9, 2004
    Messages:
    9,890
    Location:
    Hypernormality
    Weirdo.
     
  12. Transcend

    Transcend My Nuts Are Flat

    Rep/Likes:
    5 / 0
    Joined:
    Apr 18, 2002
    Messages:
    18,062
    Location:
    Towing the party line.
    Nope.

    Been using extremely high end PCs for the last 10 years or so. finally gave up on them 40 days ago and am now switching over to being completely mac.

    I need to keep a single pc for proofing web stuff in IE (holy POS). Reasons like this thread are why i get rid of it. Too many hosers want to take advantage of neophyte users who can barely drive a mouse and will click ok to everything.
     
  13. johnbryanpeters

    Rep/Likes:
    247 / 2,763
    Joined:
    Sep 27, 2001
    Messages:
    25,092
    Location:
    Making moss sad in New Haven, Vermont
    Their day will come...
     
  14. yonton228

    yonton228 Turbo Monkey

    Rep/Likes:
    5 / 0
    Joined:
    Mar 7, 2005
    Messages:
    1,238
    Location:
    lacey washington
  15. fiddy_ryder

    fiddy_ryder Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jun 17, 2005
    Messages:
    1,655
    Location:
    Hollywood
    ive never come across an instance that shared files with system or app files.. they have come in numerous names that mimic system files to scare people off, but ive just always shft+delete away :D

    one thing,, double check for any associated services or exe's.. ive seen a few that dump multiple exe's to go to reinstall the malware.. dont forget any BHO's also. :cool:
     
  16. Transcend

    Transcend My Nuts Are Flat

    Rep/Likes:
    5 / 0
    Joined:
    Apr 18, 2002
    Messages:
    18,062
    Location:
    Towing the party line.
    keep dreaming pretty boy
     
  17. Tenchiro

    Tenchiro Attention K Mart Shoppers

    Rep/Likes:
    5 / 0
    Joined:
    Jul 19, 2002
    Messages:
    5,407
    Location:
    New England
    hah, you just described 75% of Mac users. I know this becuse I worked for apple for a few years and specifically dealt with the end users.
     
  18. Tenchiro

    Tenchiro Attention K Mart Shoppers

    Rep/Likes:
    5 / 0
    Joined:
    Jul 19, 2002
    Messages:
    5,407
    Location:
    New England
    Probably not, simply because it is too small of a target to be of much interest to most hackers.
     
  19. fiddy_ryder

    fiddy_ryder Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jun 17, 2005
    Messages:
    1,655
    Location:
    Hollywood
    mac users: people who think rt-clk is mind boggling.. ;)
     
  20. yonton228

    yonton228 Turbo Monkey

    Rep/Likes:
    5 / 0
    Joined:
    Mar 7, 2005
    Messages:
    1,238
    Location:
    lacey washington
    macs have their uses, read maximum pc for some good ideas, some that come to mind are: foot rest, blender, stool, paper weight,boat anchor, dog toy, hrmmmmmm i know there is more.:thumb:

    pc>mac
     
  21. Transcend

    Transcend My Nuts Are Flat

    Rep/Likes:
    5 / 0
    Joined:
    Apr 18, 2002
    Messages:
    18,062
    Location:
    Towing the party line.
    Oh I completely agree - only thing is now they won't get infected with 19 million virri as they would on a PC.
     
  22. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...
    I'm on BHO's like white on rice! :thumb:
     
  23. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...
    Logfile of HijackThis v1.99.1
    Scan saved at 9:06:43 PM, on 10/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HistoryKill\histkill.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\HistoryKill\hkPopupKiller.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
    O4 - HKCU\..\Run: [Microsoft Anti Spy] C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
    O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: SpamSubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130037411000
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    The one in red is unknown to me. I've made attempts to fix it, but it still keeps coming back.
     
  24. Tenchiro

    Tenchiro Attention K Mart Shoppers

    Rep/Likes:
    5 / 0
    Joined:
    Jul 19, 2002
    Messages:
    5,407
    Location:
    New England
    Damn dude you got alot of stuff running... I don't see anything that stands out though. I would use msconfig if I were you to pare down your startup items though.
     
  25. SK6

    SK6 Turbo Monkey

    Rep/Likes:
    0 / 0
    Joined:
    Jul 10, 2001
    Messages:
    7,596
    Location:
    Shut up and ride...

    Might seem a lot, but I'm good with free RAM and system resources. With cable internet, I really don't mind the compromise......:thumb:

    However, suggestions are ALWAYS welcomed! :thumb:
     
  26. Tenchiro

    Tenchiro Attention K Mart Shoppers

    Rep/Likes:
    5 / 0
    Joined:
    Jul 19, 2002
    Messages:
    5,407
    Location:
    New England
    I see alot of different spam and AV software running you really don't need that much of it. One good app of each kind is generally sufficient. Especially when it comes to AV software which is already a huge perfomance inhibitor.

    For example I simply run Firefox w/ Adblock & Mcafee. Once in a while I check up on things with Hijackthis and maybe Ad-Aware but other than the occasional cookie my computer stays clean.