Quantcast

PC related issue - Hotbar removal......

SK6

Turbo Monkey
Jul 10, 2001
7,596
0
Shut up and ride...
I have NEVER loaded Hotbar on my computer! Never ever. It keeps popping up......

Now it is not listed in the add/remove programs, however, it ends up back in the registry.

The reason I know that this is happening, is every other day, my system slows down. I run all of my spyware programs. The list is as follows:

Spysweeper
Adaware Pro
Spybot S&D
Microsoft Anti-spyware

Every time I find it, it is in the registry. So I know the program doesn’t exist, as there is no program file on any of the drives, which gives the indication that this is a browser redirect. This also answers the degradation in performance of the browser itself over a high speed connection.

So the question is, what can I do to permanently remove it, or is there a program that specifically scans the registry for problems?
 

Tenchiro

Attention K Mart Shoppers
Jul 19, 2002
5,407
0
New England
Try Hijackthis it seems to get list about everything including registry items. Run it and post the results here.
 

SK6

Turbo Monkey
Jul 10, 2001
7,596
0
Shut up and ride...
Tenchiro said:
Try Hijackthis it seems to get list about everything including registry items. Run it and post the results here.

oops, I forgot that one.....That the thing, I remove it, sometimes manually, and it reinstalls.

BTW, I love hijack this! :thumb:
 

fiddy_ryder

Turbo Monkey
Jun 17, 2005
1,655
0
Hollywood
youre missing a reg key that probably points to the dll... you need to find out what dll its loading and remove all keys and instances of this file, or it will keep coming back
 

SK6

Turbo Monkey
Jul 10, 2001
7,596
0
Shut up and ride...
fiddy_ryder said:
youre missing a reg key that probably points to the dll... you need to find out what dll its loading and remove all keys and instances of this file, or it will keep coming back
MMikes post had a great article on the registered DLL's for the program. As far as the registry keys are concerned, I pretty much have them memorized...:rolleyes: sadly...

However, now that I know which DLL's are associated with it, I can delet the DLL, search the registry for the all keys and instances of the files, and safly remover them.

The only real issue that I need to be careful of is to makie sure that it's not a shared DLL.....

We'll see what happens...
 

Changleen

Paranoid Member
Jan 9, 2004
9,900
5
Hypernormality
HotBar is a real bitch, I had to try and remove it when I was support at my last job form some POS PC and in the end I just said 'F it' and reinstalled. I tried several 'Hotbar removal tools' and none of 'em worked. If I ever meet the creator of HotBar I'm gonna punch him in the teef.
 

Transcend

My Nuts Are Flat
Apr 18, 2002
18,045
0
Towing the party line.
Changleen said:
Nope.

Been using extremely high end PCs for the last 10 years or so. finally gave up on them 40 days ago and am now switching over to being completely mac.

I need to keep a single pc for proofing web stuff in IE (holy POS). Reasons like this thread are why i get rid of it. Too many hosers want to take advantage of neophyte users who can barely drive a mouse and will click ok to everything.
 

fiddy_ryder

Turbo Monkey
Jun 17, 2005
1,655
0
Hollywood
sirknight6 said:
MMikes post had a great article on the registered DLL's for the program. As far as the registry keys are concerned, I pretty much have them memorized...:rolleyes: sadly...

However, now that I know which DLL's are associated with it, I can delet the DLL, search the registry for the all keys and instances of the files, and safly remover them.

The only real issue that I need to be careful of is to makie sure that it's not a shared DLL.....

We'll see what happens...
ive never come across an instance that shared files with system or app files.. they have come in numerous names that mimic system files to scare people off, but ive just always shft+delete away :D

one thing,, double check for any associated services or exe's.. ive seen a few that dump multiple exe's to go to reinstall the malware.. dont forget any BHO's also. :cool:
 

Tenchiro

Attention K Mart Shoppers
Jul 19, 2002
5,407
0
New England
Transcend said:
I need to keep a single pc for proofing web stuff in IE (holy POS). Reasons like this thread are why i get rid of it. Too many hosers want to take advantage of neophyte users who can barely drive a mouse and will click ok to everything.
hah, you just described 75% of Mac users. I know this becuse I worked for apple for a few years and specifically dealt with the end users.
 

yonton228

Turbo Monkey
Mar 7, 2005
1,238
0
lacey washington
macs have their uses, read maximum pc for some good ideas, some that come to mind are: foot rest, blender, stool, paper weight,boat anchor, dog toy, hrmmmmmm i know there is more.:thumb:

pc>mac
 

Transcend

My Nuts Are Flat
Apr 18, 2002
18,045
0
Towing the party line.
Tenchiro said:
hah, you just described 75% of Mac users. I know this becuse I worked for apple for a few years and specifically dealt with the end users.
Oh I completely agree - only thing is now they won't get infected with 19 million virri as they would on a PC.
 

SK6

Turbo Monkey
Jul 10, 2001
7,596
0
Shut up and ride...
fiddy_ryder said:
ive never come across an instance that shared files with system or app files.. they have come in numerous names that mimic system files to scare people off, but ive just always shft+delete away :D

one thing,, double check for any associated services or exe's.. ive seen a few that dump multiple exe's to go to reinstall the malware.. dont forget any BHO's also. :cool:
I'm on BHO's like white on rice! :thumb:
 

SK6

Turbo Monkey
Jul 10, 2001
7,596
0
Shut up and ride...
Logfile of HijackThis v1.99.1
Scan saved at 9:06:43 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HistoryKill\histkill.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [Microsoft Anti Spy] C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: SpamSubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130037411000
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


The one in red is unknown to me. I've made attempts to fix it, but it still keeps coming back.
 

Tenchiro

Attention K Mart Shoppers
Jul 19, 2002
5,407
0
New England
IDriverT.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software.
Damn dude you got alot of stuff running... I don't see anything that stands out though. I would use msconfig if I were you to pare down your startup items though.
 

SK6

Turbo Monkey
Jul 10, 2001
7,596
0
Shut up and ride...
Tenchiro said:
Damn dude you got alot of stuff running... I don't see anything that stands out though. I would use msconfig if I were you to pare down your startup items though.

Might seem a lot, but I'm good with free RAM and system resources. With cable internet, I really don't mind the compromise......:thumb:

However, suggestions are ALWAYS welcomed! :thumb:
 

Tenchiro

Attention K Mart Shoppers
Jul 19, 2002
5,407
0
New England
I see alot of different spam and AV software running you really don't need that much of it. One good app of each kind is generally sufficient. Especially when it comes to AV software which is already a huge perfomance inhibitor.

For example I simply run Firefox w/ Adblock & Mcafee. Once in a while I check up on things with Hijackthis and maybe Ad-Aware but other than the occasional cookie my computer stays clean.