1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Adware.hotbar Files That I Can't Delte

Discussion in 'Virus & Other Malware Removal' started by babalubaby, Feb 13, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. babalubaby

    babalubaby Thread Starter

    Joined:
    Feb 13, 2005
    Messages:
    20
    My husband changed my operating system from Windows ME to Windows XP but did not do a clean install. My Norton Antivirus (Norton System Works) listed six Adware.Hotbar files when it scanned for viruses but said that deletion failed. I took my computer in for a professional clean install of the Windows XP because of other problems and asked that all Adware.Hotbar files be deleted. Only two were deleted. I still have four that my Norton Antivirus will not delete. When I try to delete it by using Norton System Works I am warned that by deleting Hotbar I may cause other programs not to run. My computer is running slower than normal. When I click on "explorer" it takes two or three clicks to get a reponse and then, after four to 8 seconds, it opens three windows instead of one. When I try to open Outlook Express the arrow doesn't change to show that it's responding until I click at least three times. I suspect it's due to the Adware.Hotbar files that I can't delete. Please help. Thank you.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    Go to Control Panel - Add/Remove Programs
    If "HotBar", "HotBar for Internet Explorer", or "Web Tools by Hotbar" is listed there, uninstall it.

    Download and run the following:

    Ad-Aware SE: http://www.lavasoftusa.com/support/download/

    Install and run it. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

    Reboot

    SpyBot: http://majorgeeks.com/download2471.html

    Install and run it. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

    Reboot again

    Hijack This: http://www.majorgeeks.com/download3155.html

    Make sure it's downloaded to a permanent folder of your creation on the hard drive.
    Launch it, hit Scan, then Save Log
    Copy & paste the log into this thread
    Do not attempt to fix anything yet
    Someone will analyze the log and see if any nasties are leftover to remove
     
  3. babalubaby

    babalubaby Thread Starter

    Joined:
    Feb 13, 2005
    Messages:
    20
    Hi Cheeseball81,

    I tried my best, but I don't know if I did everything correctly. When I ran the "Search and Destroy" a window popped up that said it was backing everything up before it proceeded, but I don't think it did because the window was supposed to disappear when it was through with the backup but it never did so I had to end that part before the "Fix selected problems" could begin. I also though logging off was sufficient to reboot after running Ad-Aware SE, but my husband said I must shut down the computer, which I did after running SpyBot. You can tell I'm a real beginner here.

    Here is the log after running "Hijack This". I hope I'm doing this right....something tells me I'm not. Thanks for all your help.

    Logfile of HijackThis v1.99.0
    Scan saved at 12:30:44 PM, on 2/15/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\Program Files\Novatix\SendPhotos\spoe.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe
    C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: SendPhotos For Outlook Express.lnk = C:\Program Files\Novatix\SendPhotos\spoe.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: CreataCard Plus 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Plus\FMRMD32.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi babalubaby,

    Your log seems clean
    Is Norton still detecting Hotbar?
     
  5. babalubaby

    babalubaby Thread Starter

    Joined:
    Feb 13, 2005
    Messages:
    20
    Hi, Cheeseball81,

    The only place I see Hotbar is in the Activity Log for Norton that shows six files for Adware.Hotbar from July of last year, two of which no action was taken and four where deletion by Norton failed. Norton did a scan today and did not detect Hotbar anywhere. Does this mean I no longer have it in my system? Nortan does a complete system scan once a week. Is this sufficient to protect my computer from spyware? Do I need to run updates on Ad-Aware, Spybot and Hijackthis frequently? My computer is running and responding faster already. Thank you for your help.
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi babalubaby

    Most anti-virus programs cannot delete adware related files. At least Norton usually can't. If it's only in the activity log and not being detected, then that's a good sign :)

    The best thing to do is definitely keep the programs Ad-Aware and SpyBot updated. Check for updates on a weekly basis. I run a scan every now and then just to make sure my system is clean.

    In the future, if you ever feel concerned about infection, you can always post a Hijack log here for someone to check. It would be best that way if you are unfamiliar with the program.

    Another good program to have is Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html

    This helps block spyware and browser hijackers from invading your system.
    That's another one you should keep updated. Then enable all protection.

    Glad to hear that everything is running better :)
    You can mark your thread "Solved" from the Thread Tools drop down menu
     
  7. babalubaby

    babalubaby Thread Starter

    Joined:
    Feb 13, 2005
    Messages:
    20
    Hi Cheeseball 81,

    I started a reply but hit a wrong button and everything disappeared. Anyway, I want to thank you for all your great advice and help. I forgot to mention earlier that the scans uncovered not only Hotbar but 8 other infections which were eliminated. This is a great website and I hope everyone makes a donation. I know I will.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/330215

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice