Posted by
New Visitor
Member Since: ‎10-11-2003
Posts: 24

Help with Huntbar removal

I am having serious issues with getting the "Huntbar" spyware off my computer system. I've used Spybot, AD-aware and Spysweeper, but none of them can get rid of it fully. I made sure all of them are updated, with the newest upgrades but it's still not helping. I have looked into using the DOS command and finding the roots for where the files are suppose to exisist, but it just said that they already were deleted. This is three problems that happen when I boot my PC up:

A message comes up saying if you'd like to install the Huntbar tool bar.

Yahoo martial (messenger service, email, links) automatically install themselves at boot up for no reason at all

I get three different pop up ad's from microsoft when I'm not even online.

PLEASE, if you have any information on how to get rid of this I would be much appreciated. I admit I don't have a good tolerance on PC problems, as I'm not an expert in the field. Thank you for helping!
Posted by
New Visitor
Member Since: ‎10-11-2003
Posts: 24

Re: Help with Huntbar removal

Here are the running processes in the background, in case this helps:

System idle process
Posted by
Bronze Star Contributor
Member Since: ‎08-19-2003
Posts: 125

Re: Help with Huntbar removal

I had Huntbar also and I admit it was difficult to get rid of. This worked for me because I had to go thru all the variants to get rid of it once and for all. If you are not that experienced, please get some help with these instructions as there can be problems if you do not do this correctly, or maybe someone will come up with an easier way.
I hope this helps.
Posted by
Recognized Contributor
Member Since: ‎06-30-2003
Posts: 4,409

Re: Help with Huntbar removal

Download HijackThis, set it up in a permanent folder, run a scan and post the results here. Hopefully this will tell us something.

Geez. PestPatrol lists 9 variants of this bugger.

Pest Patrol Huntbar info
Message was edited by: JohnD
Posted by
New Visitor
Member Since: ‎10-11-2003
Posts: 24

Re: Help with Huntbar removal

Logfile of HijackThis v1.97.7
Scan saved at 6:47:51 PM, on 2/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Daniel Magelinski\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo -
O16 - DPF: Buckaroo Blackjack TM by pogo -
O16 - DPF: ChatSpace Full Java Client -
O16 - DPF: Cribbage by pogo -
O16 - DPF: Dice Derby by pogo -
O16 - DPF: Dominoes by pogo -
O16 - DPF: Euchre by pogo -
O16 - DPF: First Class Solitaire by pogo -
O16 - DPF: Fortune Bingo by pogo -
O16 - DPF: Hammerhead Pool by pogo -
O16 - DPF: Hearts by pogo -
O16 - DPF: Jungle Gin by pogo -
O16 - DPF: Payday FreeCell by pogo -
O16 - DPF: Pebble Beach Golf by pogo -
O16 - DPF: Pop Fu by pogo -
O16 - DPF: Poppit TM by pogo -
O16 - DPF: SciFi Slots by pogo -
O16 - DPF: Squelchies by pogo -
O16 - DPF: Sweet Tooth TM by pogo -
O16 - DPF: The Sims Pinball by pogo -
O16 - DPF: Tri-Peaks by pogo -
O16 - DPF: Tumble Bees by pogo -
O16 - DPF: Turbo 21 TM by pogo -
O16 - DPF: Word Whomp by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
Posted by
Recognized Contributor
Member Since: ‎06-30-2003
Posts: 4,409

Re: Help with Huntbar removal


Please go to Settings at the top of the Forum page and assign yourself a Forum Name so we know you from the hundreds of other Anonymouses.

Also, please unzip the HijackThis executable into a permanent folder (such as "C:\Program Files\HijackThis"). When you "fix" any items, HijackThis will create backups in case you want to restore any changes you make. The temporary folder it is in now will disappear once you close the zip file.

I do not see anything in your running processes which looks suspicious. This has a good and bad thing. Nothing is running from your startups that would be causing your problems but something could be attached to your Windows Shell that starts when Windows initially boots. First, we can clean some things out which could be a problem or are left over from running anti-spyware programs. Close everything other than HJT and have HijackThis "fix" the following. Once they are fixed, reboot your system.

--> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

--> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

--> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

--> R3 - Default URLSearchHook is missing

I am not sure about all those "red.client.." lines which seem to be associated with Yahoo. They are probably ok.

The "O16" section indicates Active-X downloads installed on your system. I dont know if you need all those. They could have been a source of some of your problems. You might want to consider getting rid of some of those, especially if they are not associated with Microsoft, Macromedia, Yahoo, etc. You can always reinstall them if you want to do this game again.

After you reboot your system, if there still is a problem, we can try to find something in the Registry which might point to the source of your problems.

Note: The toolbar.dll entry is associated with Huntbar. But we need to find what is causing it to be reinstalled eachtime.
Message was edited by: JohnD
You must be signed in to add attachments