I ran mbam and the results were clean. However, the hotbar uninstaller wouldn't install.

Fantastical!

Check Add/Remove for Hotbar if there uninstall it first, then do the below even if not in Add/Remove.

Try this one: http://fileforum.betanews.com/download/HotBar_Adware_Removal_Tool/1101766545/1

Then reboot and run SAS Quick Scan to finish the job or come up clean.

OK it looks like you are finally clean so run the tool below to allow a deep look at your system in case we missed something. You had so much so hard to clean, and most of them real bad boys!
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
Close all Apps and Browsers

Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.

If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

Enter the OTScanit folder and run OTScanit.exe.

In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

Top Left click Run Scan.

The scan can take some time so allow it time.

Then finished a log will open, save log, copy and paste contents back to here.
You may split/spread over multiple posts or post as an Attachment.

Mike

When i run the hotbar uninstaller it says hotbar adware is not installed on my system. It was also classified as shopperreports, so maybe a shopperreports remover?

Yes that is what it is attached to.

Get rid of it in Add/remove and quick scan with SAS.

Mike

I re-ran the SAS scan but it still showed up with the hotbar. I cant find it in add/remove either.

COMBOFIX-Script

Delete and create new or edit the one you have and delete the old text and replace with the below.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Code:

Folder::
c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
File::
c:\windows\system32\Agent.OMZ.Fix.exe
Registry::
[-HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}]

Then drag this script and drop on top of ComboFix.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

When finished, it will create a log. Attach the log back to us.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then get me the OTScanit log.

Mike

When i run Otscanit it only has Disabled MS Config Items under the additional scans. Should i run the scan even though i don't have the others?

Yes get it here tho I am leaving and may not be back for a couple hours.

Mike

Hi Mike,
Here are the ComboFix and OTscanit logs. I appreciate your help so far,
Jake

OK Jake you did it!

Run me 1 more ComboFix so I can see it clean. Then update your virus scanner and do a full scan.

Then tell me if all is well how the computer is running.

Mike

Hi Mike,
I'm a little upset the SAS full scan came up with 14 hotbar.adwares. I ran the combo fix scan and attached that log too. There has to be some program that will fix my computer.
Jake

EDIT: Now my SAS scan came up with the same 14 viruses AND an adware tracking cookie. I attached that log below as SASlog3

Ok go back to post #26 and do again.

I had a typo and have corrected the Box.

Reboot rerun SAS!

Mike

Should i run the Otscanit again also?

No not needed!

Mike

Ok i ran ComboFix with the code you gave me and i think it worked.
Ok i just ran a full scan with SAS and still the same 14 viruses and the adware tracking cookie keep showing up.

Hi jake

This is a really low risk item but we both want it gone. SAS is supposed to eradicate it permanently. Should not be that hard to get rid of.

Go here get thi but don't run : http://securityresponse.symantec.com/avcenter/FxHotbar.exe

Then boot to safe mode and run SAS click Preferences-Repairs counting from top as #1 do the following entries.
5-7-9-10-11-13-14-15-18 -19-21-22

Then still in SAS clean again, then without rebooting run the FxHotbar.

Reboot and quick scan SAS to confirm gone.

Mike

Hi Mike,
Sorry i haven't been here for a few days, Happy Holidays by the way. The SAS scan still showed up with the same adware, although i think i got rid of the tracking cookies. I ran the repairs. The hotbar scan still didn't find the adware although the SAS scan still does.
Thanks,
Jake

I have a copy of your Hyjack this file and edited the keys in BOLD wordpad doc file.
this is not that easy anymore. there is a better tool out there but it will not run on a PC with Mcfee

IDriverT.exe process which belongs to the InstallShield product installation service, related to microvision, which should only appear when you are installing a new piece of software. if you were not installing software it may be the trojan.

You could do a system restore then clean the related files left behind but i have seen this does not always work.

What i do is turn offsystem restore and Delete ALL temporary files and folders run Malwarebytes "short scan" and hijack this at the same time. check the links I bolded in the file but do not hit the fix button yet. DO not exclude google. or Yahoo companion

when Malware bytes is completed its short scan tell both programs to fix at the same time to prevent the trojan from rewritting itself and break the process's.
do a hard shut down right away.

It is great if you can find a adapter and plug your hard drive into another PC to clean it up but if not then you may need to do it a few times as it seems to be a matter of timing.

Do do a search for googl in the reg to see if it is a listed provider for google also and remove it. cleanup the folders, regkeys and files listed in hijackthis.

if you are new to this export your registry and a copy of deleted files to a backup.
You can also get and make a BART boot CD to restore files if you make a mistake

jakerazy, it appears that efforts are directed at using standard tools to remove a low risk threat. Perhaps answering the exception appearing in the log may be the solution. It's worth trying - disable the antivirus program. Seeing a fresh HJT log adds to the current picture.