1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Unwanted toolbar in on IE

Discussion in 'Internet Explorer & Microsoft Edge' started by charlibob, 2013/11/04.

  1. 2013/11/04
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    Yesterday I inadvertently downloaded Entrusted11 toolbar from Conduit. I have tried repeatedly, and unsuccessfully to remove it. I have removed it from programs in the control panel, followed entrusted's directions for removal, and tried to leave a message for them on their contact page. The result of filling out the contact page and sending it off is "Server Error." They have done a good job of making this thing impossible to get rid of, and of course it is ad driven. Oh, and it is also present now on my Chrome browser.

    Has anyone a solution, please?

    Thanks for any help.
     
    charlibob,
    #1
  2. 2013/11/04
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Sounds like a job for the malware removal forum, Bob.

    I guess if I were in your shoes, I would run a Malware Bytes scan (full scan) and an antivirus scan and see what they pull up. It may be possible to do a system restore, but there is no guarantee that a restore point is not compromised either.

    We'll see what some of the others say about it.

    Have you tried a Google search for a removal method?
     
    James Martin,
    #2


  3. to hide this advert.

  4. 2013/11/04
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,209
    Likes Received:
    514
    Hi charlibob, You got it too! My elder brother picked it up with a Download of Software for his W7 laptop.
    Yes, it is invasive but you can remove it. Control Panel > Add/Remove Programs > look for anything worded Conduit and click on it (highlight it) and up the top of the page click > uninstall.
    Have a look also for Sweet Tunes which could be there as well. Do the same to Sweet Tunes.
    Open your Browser > IE > Tools > Internet Options > home page and set click on Set as Default.
    FireFox > Tools > Add-ons > Extensions and Disable Conduit/Sweet tunes from there.
    Let's know how you get on Neil.
     
    retiredlearner,
    #3
  5. 2013/11/04
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    Hi Bob.

    Before we send you off to the Malware and Virus Removal Forum lets run a few tools first and see if we can solve the problem.

    Follow these steps:

    1. Please download AdwCleaner and save it to your desktop. Run the program by double clicking on it.

    2. When the program opens click on the Scan button.

    3. Then when the program has finished scanning, click on the Clean button. The program will reboot the computer. Post the AdwCleaner log in your next reply.

    4. Next, download the Junkware Removal Tool and save it to your desktop. Run the program and post the JRT log in your next reply.

    5. Then, download HijackThis to your desktop. Run the program and on the Main Menu click the button that says Do a system scan and save a logfile. Post the HijackThis log in your next reply.

    6. Finally, please download MiniToolBox and save it to your desktop.

    7. Run the program and when the program opens check the following boxes:

    Flush DNS
    Reset FF proxy Settings
    Reset IE Proxy Settings
    Report IE Proxy Settings
    Report FF Proxy Settings
    List content of Hosts
    List IP configuration
    List Winsock Entries
    List last 10 Event Viewer log
    List Installed Programs
    List Users, Partitions and Memory size
    List Devices (problems only)

    8. Click the Go button and also post the MiniToolBox log in your next reply.
     
    Evan Omo,
    #4
  6. 2013/11/04
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    Thanks to all of you for your help. I am giving up for the evening, but the things I have tried so far are add/remove programs, removing it didn't help, malware bytes found 3 conduit references but removing them didn't help either, a virus scan was no help. If you will hang in there with me, I will try all your suggestions tomorrow after noon. I thought I would do a registry search as well.
    Thanks again.
     
    charlibob,
    #5
  7. 2013/11/04
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    Whiskeyman,
    #6
  8. 2013/11/05
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,209
    Likes Received:
    514
    Further to Whiskeyman's Post. while in Add/Remove I should have said to look for entries of the days date that the problem started and if you don't recognize them - UNINSTALL them. Neil.

    ps. Make sure you check ALL your Browsers and set them to Default.
     
    retiredlearner,
    #7
  9. 2013/11/05
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,209
    Likes Received:
    514
    Hi charlibob, I've just run through the process of removal again and remembered that when you open your Browser - at the RIGHT end of the Address bar - do you have a Search box?
    Mine shows a small Google search box. There is a small Blue square with a 'g' in it. Alongside, there is a small downwards ARROW head. Click on that to expand it > A menu box opens > Manage Search Engines > click to highlight the Search engines you do not want (one at a time) and REMOVE.
    This should fix it completely. ;)Neil.

    Sorry I missed this when I Posted my first reply. :eek:
     
    retiredlearner,
    #8
  10. 2013/11/05
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    Solved

    To All
    I ran ADWcleaner, and let it clean files. I am now free of the toolbar. Thanks to everyone for the help.


    # AdwCleaner v3.011 - Report created 05/11/2013 at 15:39:39
    # Updated 03/11/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Bob - BOB-PC
    # Running from : C:\Users\Bob\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : Application Updater
    [#] Service Deleted : BackupStack
    Service Deleted : FastFreeConverterUpdt

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Systweak
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
    Folder Deleted : C:\Program Files (x86)\Advanced System Protector
    Folder Deleted : C:\Program Files (x86)\Application Updater
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Fast Free Converter
    Folder Deleted : C:\Program Files (x86)\File Type Helper
    Folder Deleted : C:\Program Files (x86)\Ilivid
    Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
    Folder Deleted : C:\Program Files (x86)\myfree codec
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\Mysearchdial
    Folder Deleted : C:\Program Files (x86)\RegClean Pro
    Folder Deleted : C:\Program Files (x86)\Searchprotect
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files (x86)\entrusted11
    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    Folder Deleted : C:\Users\Bob\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Bob\AppData\Local\Conduit
    Folder Deleted : C:\Users\Bob\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Bob\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Bob\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Bob\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Bob\AppData\LocalLow\Fast Free Converter
    Folder Deleted : C:\Users\Bob\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Bob\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Bob\AppData\LocalLow\entrusted11
    Folder Deleted : C:\Users\Bob\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    Folder Deleted : C:\Users\Bob\AppData\Roaming\digitalsite
    Folder Deleted : C:\Users\Bob\AppData\Roaming\Mysearchdial
    Folder Deleted : C:\Users\Bob\AppData\Roaming\Searchprotect
    Folder Deleted : C:\Users\Bob\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    Folder Deleted : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    File Deleted : C:\Users\Bob\Desktop\MySearchDial.url
    File Deleted : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
    File Deleted : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
    File Deleted : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
    File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
    File Deleted : C:\Windows\Tasks\digitalsite.job
    File Deleted : C:\Windows\System32\Tasks\digitalsite
    File Deleted : C:\Windows\Tasks\MySearchDial.job
    File Deleted : C:\Windows\System32\Tasks\MySearchDial
    File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
    File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
    File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
    File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
    File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299568
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hoversnap_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hoversnap_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77BEECE6-3997-403A-92FA-0055BFCF88E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA282E8F-1D48-4A7B-A8BC-86A292F7B8A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77BEECE6-3997-403A-92FA-0055BFCF88E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77BEECE6-3997-403A-92FA-0055BFCF88E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77BEECE6-3997-403A-92FA-0055BFCF88E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA282E8F-1D48-4A7B-A8BC-86A292F7B8A9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{898CBD5C-5B0E-464B-B369-A40111376B94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89E6F103-241F-4DFD-8B20-D6ED00B97CAE}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{77BEECE6-3997-403A-92FA-0055BFCF88E5}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{77BEECE6-3997-403A-92FA-0055BFCF88E5}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77BEECE6-3997-403A-92FA-0055BFCF88E5}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{77BEECE6-3997-403A-92FA-0055BFCF88E5}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AskToolbar
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\mysearchdial
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\WEDLMNGR
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\Fast Free Converter
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\entrusted11
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : urls_to_restore_on_startup
    Deleted : homepage
    Deleted : icon_url
    Deleted : search_url
    Deleted : keyword

    *************************

    AdwCleaner[R0].txt - [19768 octets] - [05/11/2013 15:35:22]
    AdwCleaner[S0].txt - [18802 octets] - [05/11/2013 15:39:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18863 octets] ##########
     
    charlibob,
    #9
  11. 2013/11/05
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    Good heavens, was all that related to one toolbar?

    How did you inadvertently download Entrusted11 toolbar, Bob?
     
    James Martin,
    #10
  12. 2013/11/05
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    I would still suggest that you run the Junkware Removal Tool and HijackThis to make sure that you don't have any other junk programs that are installed on your system.
     
    Evan Omo,
    #11
  13. 2013/11/06
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    I am not sure, except it must have been one of those options you have to reject on a download page I used recently.
     
    charlibob,
    #12
  14. 2013/11/06
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,209
    Likes Received:
    514
    You sure got a collection there charlibob and from more than one download.
    Livid is particularly nasty coupled with Ask. :eek:
    I think once you've followed Evan's procedure, it would pay to install WOT (Web of Trust). Neil.
     
    retiredlearner,
    #13
  15. 2013/11/06
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    PeteC,
    #14
  16. 2013/11/06
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    Hijackthis log file

    So, I don't know what is good or bad...

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:16:35 AM, on 11/6/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16720)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    C:\Users\Bob\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Windows\SysWOW64\WinFLTray.exe
    C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
    C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\Network Associates\PGP\PGPTray.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=echo_is_off.&r=173605109826p0435v185k45815231
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL
    O2 - BHO: Fast Free Converter 4.1 - {C3E50543-BC36-4C80-8070-38A97E02DEB2} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (file missing)
    O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
    O4 - HKCU\..\Run: [EPSON Stylus Photo R1900 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICUA.EXE /FU "C:\Windows\TEMP\E_S2F.tmp" /EF "HKCU "
    O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\Bob\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    O4 - HKCU\..\Run: [WinFLTray] C:\Windows\SysWow64\WinFLTray.exe
    O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
    O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: PGPtray.lnk = C:\Program Files (x86)\Network Associates\PGP\PGPTray.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLService - New Softwares.net - C:\Windows\SysWow64\WinFLService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 14635 bytes
     
    charlibob,
    #15
  17. 2013/11/06
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    Junkware removal tool log

    OK, so here is another log. Also, if everyone is satisfied, I know I am, how to we mark this "Resolved "?

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.1.1 (07.15.2013:2)
    OS: Windows 7 Home Premium x64
    Ran by Bob on Wed 11/06/2013 at 9:24:02.26
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5C372DAA-879D-496A-8B89-D498A40432D7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\couponprinter.ocx "



    ~~~ Folders ( Deleted a ton of folders)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 11/06/2013 at 9:28:34.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    charlibob,
    #16
  18. 2013/11/06
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    By the way, thanks again to all of you. I really appreciate the help.
     
    charlibob,
    #17
  19. 2013/11/06
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    In Hijackthis select the following checkboxes:

    O2 - BHO: Fast Free Converter 4.1 - {C3E50543-BC36-4C80-8070-38A97E02DEB2} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (file missing)
    O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\Bob\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: PGPtray.lnk = C:\Program Files (x86)\Network Associates\PGP\PGPTray.exe
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

    Then click on the Fixed Checked button to remove those items.

    Once that is done you should be all set.
     
    Evan Omo,
    #18
  20. 2013/11/07
    charlibob Contributing Member

    charlibob Well-Known Member Thread Starter

    Joined:
    2002/12/13
    Messages:
    100
    Likes Received:
    0
    Done. Thanks for the info.
     
    charlibob,
    #19
  21. 2013/11/07
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    So would you consider this thread resolved?
     
    Evan Omo,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...