Computer Clean Up

I was trying to clean up my computer when I noticed that SpyBot Search&Destroy would not remove something called HotsearchBar. So I came here for help. I've followed all the steps on the " READ & RUN ME FIRST Before Asking for Support" thread and I am still having the same issue.

Furthermore, Windows Defender would not remove BearShare and WhenU.SaveNow.

My computer is a Dell Inspiron 8600 with Windows XP (home) SP2, 1.50 GHz, 512 MB of RAM.

My HijackThis, BitDefender, and Panda ActiveScan logs are attached.

Thanks for the help,
Phil

 

We also need the logs from GetRunKeys and ShowNew.

 

Sorry about that.

Here they are...

Thanks again,
Phil

 

Download
- Pocket Killbox

Empty the Norton AntiVirus Quarantine Folder
Empty the Recycle Bin
Run CCleaner

WinRAR is version 3.60, There is no Pro version. If you really like WinRAR that much buy it. It's only $29.00 USD and you get a perpetual license.

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Using Add or Remove Programs in the Control Panel; uninstall the following:

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files

Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Now run CCleaner.

For Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Ok. All done.

Here's the new HijackThis log.

Thanks,
Phil

 

Your HijackThis log is clean.

How is your computer running?

 

My computer is running well. Your help is greatly appreciated.

However, Spybot still will not remove "HotsearchBar". Should this be a cause for concern?

Thanks,
Phil

 

Start -> Run
type cmd
Click 'OK'

Command terminal will open; enter the following commands at the command prompt. Make sure to push ENTER after each.

If you receive an error message just continue.

Uninstall HotBar through Add/Remove Programs in the Control Panel, however it leaves behind some tracks that will have to be removed manually.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop.

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Search for and delete the following files:

If the above does not work use this uninstaller: Hotbar Uninstall Program

 

I completed both procedures, ran Spybot again, and it still will not remove "HotsearchBar".

What do you suggest?

Thanks,
Phil

 

Post a log from Spybot; so, that I can see what exactly it is finding.

 

I've never posted a Spybot - Searh & Destroy log. Is this what you were were asking for?

Thanks,
Phil

 

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop.

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

REBOOT to Safe Mode.

Using the search feature in the Start Menu serach for and Delete:

REBOOT to Normal Mode.

The below is purely informational; and can be ignored.

Code:

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

 

I followed your instructions, and when I rebooted in safe mode and searched for nsoC37.dll and nscC4D.dll, neither were present. What should I do next?

Thanks,
Phil

 

If the files are not there, then they are not there.

How is your computer running?

 

It is running well. I greatly appreciate all of your help.

Thanks,
Phil

 

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.