PDA

View Full Version : spybot 1.4 log



Ginh1
2005-12-21, 16:26
hi all,

I'm new on this forum and i'm not sure wether this section is also meant for those logs.

2 months ago i had a annoying problem, i was surfing the net and got re-directed to adult sites which re-directed me to a site that loaded stuff on my comp, i was too late to pull out the plugs to prevent that from happening, so after reboot it finished it's loading, and what it did was.. disabling windows user to do anything in windows i couldn't find details about it only the part that got loaded on my comp which was unwanted and the bundle taht came in is named "Unspy" something, this came in as well.

Now i went to a shop to cure it, and downloaded spybot 1.4, ran a scan, now i'm not sure based on the results what to fix:

Such as HBtools and lots of other hb, along with more stuff.

So, could anyone please help me with what i should do:
- adjust settings for spybot to work more efficient
- what to fix based on the log

Thx in advance,

Ginh.

tashi
2005-12-21, 16:47
Hello Ginh1.

The log is incomplete, please try the following or copy/paste the log into your thread. You may have to use more than one post.

Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

Someone will take a look at the log as soon as able.

Cheers.

Ginh1
2005-12-21, 18:56
Hotbar: Instellingen (Register sleutel, nothing done)
HKEY_USERS\.DEFAULT\Software\HbTools

Hotbar: Instellingen (Register sleutel, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}

Hotbar: Instellingen (Register sleutel, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{19EBCBE0-9245-4397-BC5D-883D34782043}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{27C4569F-8728-4958-A920-A607CAE8153C}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{38370864-346F-4AFA-8C4B-4FBFF518C0BB}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{397A208B-3D09-4B3E-93E8-CA171886612E}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{8654592E-952A-4E7C-A960-304763B35FA6}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{8D5C4EC6-AF8E-4B85-BA27-64BABE410510}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{8E98FAF8-794F-47F9-AF90-15305564ED81}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{AF15975B-1498-4740-8E6C-90AF78E4198C}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{BC8C2E5F-D8B4-4997-BCE3-8775C3707956}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{F43EC88B-B6C8-4969-A763-E2BF55602CCE}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}

Hotbar: Interface (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\Interface\{F814BE58-1BF9-4B50-829A-E889F86127AD}

Hotbar: Soort library (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}

Hotbar: Soort library (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4CF5A3C1-07A2-4336-9B54-6870452EBDE1}

Hotbar: Soort library (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{71E9CF40-AF72-4B55-BD3F-1FEA2A0EAEA6}

Hotbar: Soort library (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}

Hotbar: Soort library (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{9967A873-40F3-4C7E-9239-6C8760F19F61}

Hotbar: Soort library (Register sleutel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{B9F51D42-CCA0-4408-BB02-D433D1865A3A}

Hotbar: Instellingen (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools

Hotbar: Instellingen (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Instellingen (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HbtHostOL.HbtMailAnim

Hotbar: Browser helper object (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: IE werbalk (Registerwaarde., nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Autorun instellingen (HbTools) (Registerwaarde., nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HbTools

Hotbar: Programmabestand (Bestand, nothing done)
C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

Ginh1
2005-12-21, 18:57
Hotbar: Verwijderinstellingen (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.HbtCoreServices

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.HbtCoreServices.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.LfgAx

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.LfgAx.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostIE.Bho

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostIE.Bho.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtMailAnim

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtMailAnim.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtWebmailSend

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtWebmailSend.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtInstIE.HbInstObj

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtInstIE.HbInstObj.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtCommBand

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtCommBand.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtTravelCompareBar

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtTravelCompareBar.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtSrv.HbtCoreServices

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtSrv.HbtCoreServices.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtHtmlMenuUI

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtHtmlMenuUI.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtToolbarCtl

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtToolbarCtl.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtTools.HbMain

Hotbar: Root class (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbtTools.HbMain.1

Hotbar: Class ID (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}

Hotbar: Programma-map (Map, nothing done)
C:\WINDOWS\Application Data\HbTools\IESkins\

Hotbar: Programma-map (Map, nothing done)
C:\WINDOWS\Application Data\HbTools\v3.0\

Hotbar: Programma-map (Map, nothing done)
C:\Program Files\HbTools\

Hotbar: Programma-map (Map, nothing done)
C:\Program Files\HbTools\bin\

Hotbar: Programma-map (Map, nothing done)
C:\Program Files\HbTools\bin\4.7.1.0\

Pipas.A: Instellingen (Register sleutel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

WebTrends live: Tracking cookie (Internet Explorer: ) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: ) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: ) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2004-12-25 spybotsd13.exe (0.0.0.0)
2005-12-21 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-16 Includes\Cookies.sbi (*)
2005-12-16 Includes\Dialer.sbi (*)
2005-12-16 Includes\Hijackers.sbi (*)
2005-12-16 Includes\Keyloggers.sbi (*)
2005-12-16 Includes\Malware.sbi (*)
2005-12-16 Includes\Revision.sbi (*)
2005-12-16 Includes\Security.sbi (*)
2005-12-16 Includes\Spybots.sbi (*)
2005-12-16 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-16 Includes\PUPS.sbi (*)

(End)

Ginh1
2005-12-21, 19:03
Fixes part.1

--- Report generated: 2005-12-21 16:57 ---

Hotbar: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\HbTools

Hotbar: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}

Hotbar: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}

Hotbar: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{19EBCBE0-9245-4397-BC5D-883D34782043}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{27C4569F-8728-4958-A920-A607CAE8153C}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{38370864-346F-4AFA-8C4B-4FBFF518C0BB}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{397A208B-3D09-4B3E-93E8-CA171886612E}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5D9C84E7-FA45-49E2-A0B8-B6B5E9A4F6BE}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8654592E-952A-4E7C-A960-304763B35FA6}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8D5C4EC6-AF8E-4B85-BA27-64BABE410510}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8E98FAF8-794F-47F9-AF90-15305564ED81}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{AF15975B-1498-4740-8E6C-90AF78E4198C}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BC8C2E5F-D8B4-4997-BCE3-8775C3707956}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F43EC88B-B6C8-4969-A763-E2BF55602CCE}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}

Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F814BE58-1BF9-4B50-829A-E889F86127AD}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{4CF5A3C1-07A2-4336-9B54-6870452EBDE1}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{71E9CF40-AF72-4B55-BD3F-1FEA2A0EAEA6}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{9967A873-40F3-4C7E-9239-6C8760F19F61}

Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{B9F51D42-CCA0-4408-BB02-D433D1865A3A}

Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools

Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HbtHostOL.HbtMailAnim

Hotbar: Browser helper object (Registry key, fixed)

Ginh1
2005-12-21, 19:04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: IE toolbar (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Autorun settings (HbTools) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HbTools

Hotbar: Program file (File, fixed)
C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

Hotbar: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.HbtCoreServices

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.HbtCoreServices.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.LfgAx

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtCoreSrv.LfgAx.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostIE.Bho

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostIE.Bho.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtMailAnim

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtMailAnim.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtWebmailSend

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtHostOL.HbtWebmailSend.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtInstIE.HbInstObj

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtInstIE.HbInstObj.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtCommBand

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtCommBand.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtTravelCompareBar

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbTools.HbtTravelCompareBar.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtSrv.HbtCoreServices

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtSrv.HbtCoreServices.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtHtmlMenuUI

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtHtmlMenuUI.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtToolbarCtl

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtToolbar.HbtToolbarCtl.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtTools.HbMain

Hotbar: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\HbtTools.HbMain.1

Hotbar: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}

Hotbar: Program directory (Directory, fixed)
C:\WINDOWS\Application Data\HbTools\IESkins\

Hotbar: Program directory (Directory, fixed)
C:\WINDOWS\Application Data\HbTools\v3.0\

Hotbar: Program directory (Directory, fixing failed)
C:\Program Files\HbTools\

Hotbar: Program directory (Directory, fixing failed)
C:\Program Files\HbTools\bin\

Hotbar: Program directory (Directory, fixing failed)
C:\Program Files\HbTools\bin\4.7.1.0\

Pipas.A: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

WebTrends live: Tracking cookie (Internet Explorer: ) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Internet Explorer: ) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: ) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: ) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2004-12-25 spybotsd13.exe (0.0.0.0)
2005-12-21 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-16 Includes\Cookies.sbi (*)
2005-12-16 Includes\Dialer.sbi (*)
2005-12-16 Includes\Hijackers.sbi (*)
2005-12-16 Includes\Keyloggers.sbi (*)
2005-12-16 Includes\Malware.sbi (*)
2005-12-16 Includes\Revision.sbi (*)
2005-12-16 Includes\Security.sbi (*)
2005-12-16 Includes\Spybots.sbi (*)
2005-12-16 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-16 Includes\PUPS.sbi (*)

After reboot the remaining fixes.

Ginh1
2005-12-21, 19:05
Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\bin\

Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\bin\4.7.1.0\


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2004-12-25 spybotsd13.exe (0.0.0.0)
2005-12-21 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-16 Includes\Cookies.sbi (*)
2005-12-16 Includes\Dialer.sbi (*)
2005-12-16 Includes\Hijackers.sbi (*)
2005-12-16 Includes\Keyloggers.sbi (*)
2005-12-16 Includes\Malware.sbi (*)
2005-12-16 Includes\Revision.sbi (*)
2005-12-16 Includes\Security.sbi (*)
2005-12-16 Includes\Spybots.sbi (*)
2005-12-16 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-16 Includes\PUPS.sbi (*)

(End)

I'm not sure if i have done these steps right with posted logs. Will this be good enough ? what should i do now do you guys need a new log to see if it's all good ? if so, how ?

Greetz,

Ginh.

LonnyRJones
2005-12-21, 21:43
Hi

Could we see the entire report please ?
Heres how again
Open SpyBot 1.4, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools,and view report, ensure all the options are select near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items,
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report, Press export, in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "manage attachments" button , navigate to and attach or post that report please.

Ginh1
2005-12-22, 00:49
This is the latest log and it has only found 1 entry, the previous loads were fixed, but not sure if it was something bad or something unneeded.

If i did attach the wrong log let me know :)

Greetz,

Ginh.

LonnyRJones
2005-12-22, 01:39
Great
One more log then we can get started

Post a HijackThis 1.99.1 log
First Make a new folder, example C:\AntiSpyWare
and download/Save HijackThis, to that new folder.
This is necessary to ensure you have backups should anything go wrong
http://www.merijn.org/files/HijackThis.exe
Double click HijackThis.exe, Hit None of the above, just start the program.
Hit Scan When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Ginh1
2005-12-22, 01:48
Hijackthis log

LonnyRJones
2005-12-22, 01:53
Hi
I need it attached or posted in log or txt format. docs can contain unsafe scripts so we dont get in the habit of opening them.

Ginh1
2005-12-22, 01:56
Sorry my bad, i had no clue that it was even possible of what you said :)

LonnyRJones
2005-12-22, 02:02
Thanks

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan,
and check the following items(if there):
O4 - HKLM\..\Run: [cskiq.exe] cskiq.exe
O4 - HKLM\..\Run: [qwe] sysmon12.exe
O4 - HKLM\..\Run: [NopeZ] Brong32.exe
4 - HKCU\..\Run: [___] runload32.exe
O4 - HKCU\..\Run: [control64] sound64.exe
O4 - HKCU\..\Run: [Uint32] Uint32.exe
===========================================================
Click Fix Checked. Close HijackThis, and click OK to proceed.
Finally, please post the contents of report.txt (it should open), along with a new HijackThis log.
C:\Program Files\Sitecom < does that folder exist ?

Ginh1
2005-12-22, 02:15
Report from Fixwareout.

After the reboot during the deletion i was asked to see if any of the entries were still in the list of hijackthis i did see something but i pressed close button and didn't fix it yet :s

Do i do this now, or was it needed before windows was booted ?

LonnyRJones
2005-12-22, 02:17
That was quick

Ok scan again with hijackthis and post back with a new log

Ginh1
2005-12-22, 02:20
New hijackthislog

LonnyRJones
2005-12-22, 11:29
Looks good, any problems now ?

Open SpyBot > tools > system startup > Hilight then choose delete for this item
HK_LM:Run, Click2Share (DISABLED)
C:\Program Files\Sitecom\C2SLoad.exe

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly
How did that go ?

Ginh1
2005-12-22, 19:45
Looks good, any problems now ?

Open SpyBot > tools > system startup > Hilight then choose delete for this item
HK_LM:Run, Click2Share (DISABLED)
C:\Program Files\Sitecom\C2SLoad.exe

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly
How did that go ?

Hi there, thx most of it seems to be fixed indeed, but i'm having doubts about
the "System Startup" in spybot, because everything is checked except for
the lower 4 shown on the screenshot.
When the others are checked green that means they are active on startup ?
if so, nothing will happen to those if i just select the entries you pointed out to delete ?

I'm in a habbit of actually doing something wrong so i would like to be sure :)

Thx in advance,

Ginh.

LonnyRJones
2005-12-22, 21:00
Hi

Just select then delete that one with SpyBots tools, i know its confusing, sounds like it might delete others to but it wont
HK_LM:Run, Click2Share (DISABLED)
C:\Program Files\Sitecom\C2SLoad.exe

C:\Program Files\Sitecom < If the folder exists delete it

Leave the others as they are (disabled) and yes the items which are green means active.

Regards

Ginh1
2005-12-22, 23:44
Hi

Just select then delete that one with SpyBots tools, i know its confusing, sounds like it might delete others to but it wont
HK_LM:Run, Click2Share (DISABLED)
C:\Program Files\Sitecom\C2SLoad.exe

C:\Program Files\Sitecom < If the folder exists delete it

Leave the others as they are (disabled) and yes the items which are green means active.

Regards

Hi there, i have done the last 2 things, everything i was told to fix seems to be dealth with
not experiencing anything weird.

My gratitude...

greetz,

Ginh.

LonnyRJones
2005-12-25, 01:21
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let me know.

Regards