[hawai]

Here is the "Open Uninstall Manager" list. The first line in "gibberish" is the the Baidu Bar program. Even though I tried to unistall it, it repairs itself and reappears again. What's frustrating is that everytime I try to delete the keys relating to Baidu in the registry, it would either be "not responding" or the keys I am able to delete reappears again in a second.


°Ù¶È³¬¼¶ËÑ°Ô
Ad-Aware SE Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
ALPS Touch Pad Driver
AOL Instant Messenger
AsianSuite
ATI Control Panel
ATI Display Driver
AviSynth 2.5
BCM V.92 56K Modem
BitComet 0.60
Broadcom Advanced Control Suite
ccCommon
CleanUp!
Dell Bluetooth Software
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (766)
Diet K
Direct Show Ogg Vorbis Filter (remove only)
DivX
DivX Player
DVD X Copy Platinum 4.0.3
DVD X Rescue
EarthLink Setup Files
ewido security suite
Get High Speed Internet!
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
Handy Recovery 2.0
Hijackthis 1.99.1
HijackThis 1.99.1
ICQ
ICQ 5
Intel(R) mDriver
Intel(R) PROSet for Wireless
Intel(R) Sebring API
Internet Explorer Default Page
Internet Worm Protection
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_05
JD Secure 3.1
Learn2 Player (Uninstall Only)
LimeWire
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech MouseWare 9.80
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Mjuice Components
Modem Helper
MSN Messenger 7.5
MSN Music Assistant
MUSICMATCH® Jukebox
Nero 6 Ultra Edition
Netscape Browser (remove only)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
PokerStars
PowerDVD 5.1
PPLive 1.1.0.7
PPStream ²âÊÔ°æ
PSP Video 9 1.74
QuickSet
QuickTime
RealPlayer
RealProducer Plus 10
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
SPBBC
Spy Sweeper
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
SSH Secure Shell
Symantec
Symantec Script Blocking Installer
SymNet
Synacast Plug-in 1.1.0.7
Tvants 1.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp (remove only)
WinAVI VideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinStdup
WordPerfect Office 12
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

[Flrman1]

Do you know what this is?

°Ù¶È³¬¼¶ËÑ°Ô

[Flrman1]

I see from the entries in your Hijack THis log that this is the entry for the baidu toolbar:

°Ù¶È³¬¼¶ËÑ°Ô

* Go to Add/Remove programs and uninstall these:

°Ù¶È³¬¼¶ËÑ°Ô
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_05
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WinStdup

* Now go here and install the latest version of Java.


*Download Cleanup from here

• Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
• Click the Options... button on the right.
• Move the arrow down to "Custom CleanUp!"
• Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Cleanup! All Users
  Click OK
• DO NOT RUN IT YET

* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by any of these that may be left after uninstalling the Baidu bar. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll (file missing)

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: °Ù¶È³¬¼¶ËÑ°Ô - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll

O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O8 - Extra context menu item: °Ù¶È-´ÊµäËÑË÷ - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM

O8 - Extra context menu item: °Ù¶È-ËÑË÷MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM

O8 - Extra context menu item: °Ù¶È-ËÑË÷¸è´Ê - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM

O8 - Extra context menu item: °Ù¶È-ËÑË÷Ìù°É - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM

O8 - Extra context menu item: °Ù¶È-ËÑË÷ͼƬ - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM

O8 - Extra context menu item: °Ù¶È-ËÑË÷ÍøÒ³ - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM

O8 - Extra context menu item: °Ù¶È-ËÑË÷ÐÂÎÅ - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM

O9 - Extra button: Ãââ··ÑѾ¾««²²ÊÊÊÊÓÓÆƵµ³³¬¬ÁÁ÷÷³³©©ÔÔÚÚÏÏßß¹¹ÛÛ¿¿´´'
val - {022C4009-5283-4365-97BF-144054B40E2E} - C:\WINDOWS\System32\shdocvw.dll


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

• Put a tick by Standard File Kill.
• In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:
  
  C:\Program Files\Common files\SearchUpgrader
  
  C:\Program Files\Common files\WinTools
  
  C:\Program Files\baidu
  
  
• Click on the button that has the red circle with the X in the middle after you enter each file.
• It will ask for confimation to delete the file.
• Click Yes.
• Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
• Killbox may tell you that one or more files do not exist.
• If that happens, just continue on with all the files. Be sure you don't miss any.
• Exit the Killbox.

* Run Cleanup:

• Click on the "Cleanup" button and let it run.
• Once its done, close the program.

* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

[Sequal7]

Removal of Badiu.Sobar is as simple as downloading and instaling Windows Defender ,(if not already installed) , rebooting in safe mode (not with networking) and running Defender. The files will be deleted and the system will ask to re-boot to complete removal.

Works on Windows XP Home SP2 and Pro SP2 as tested on my machines.

These are the files associated with it:

C:\Program Files\Baidu\bar
-baidubar.dat
-BaiDuBar.dll
-bdgdins.dll
C:\Program Files\Baidu\bar\img
-imglist.bmp
-logo.bmp

Registry Keys:

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}

regkey:
HKLM\SYSTEM\CurrentControlSet\Services\BdGuard

regkey:
HKLM\Software\Classes\MimeFilter.AdFilter.1

regkey:
HKLM\Software\Classes\MimeFilter.AdFilter

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}

regkey:
HKLM\Software\Classes\BaiduBarEx.DropTarget.1

regkey:
HKLM\Software\Classes\BaiduBarEx.DropTarget

regkey:
HKLM\Software\Classes\BaiduBarEx.BandIE.1

regkey:
HKLM\Software\Classes\BaiduBarEx.BandIE

regkey:
HKLM\Software\Classes\BaiduBar.Tool.1

regkey:
HKLM\Software\Classes\BaiduBar.Tool

regkey:
HKLM\Software\Classes\BaiduBar.Baidu.1

regkey:
HKLM\Software\Classes\BaiduBar.Baidu

regkey:
HKCU@S-1-5-21-1715567821-1482476501-725345543-1003\software\baidu

driver:
BdGuard

file:
C:\WINDOWS\system32\drivers\BDGuard.SYS

[Flrman1]

Due to lack of feedback, I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".