Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: toolbar malware keeps showing up? how?

10 Jun 2013   #11
macgig

Mac OSX 10.6.8, Win 7 home premium sp1
 
 

will do thanks.


My System SpecsSystem Spec
.
10 Jun 2013   #12
macgig

Mac OSX 10.6.8, Win 7 home premium sp1
 
 

contents of that file...

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 13:10:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : user - ale
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\5aedb88b468bf40
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

*************************

AdwCleaner[S1].txt - [1695 octets] - [10/06/2013 13:10:40]

########## EOF - C:\AdwCleaner[S1].txt - [1755 octets] ##########
My System SpecsSystem Spec
10 Jun 2013   #13
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

See? You did have more junk
My System SpecsSystem Spec
.

10 Jun 2013   #14
macgig

Mac OSX 10.6.8, Win 7 home premium sp1
 
 

yeah. spybot and malwarebytes reported nothing else. interesting. running on my laptop, same thing. more junk.
My System SpecsSystem Spec
10 Jun 2013   #15
macgig

Mac OSX 10.6.8, Win 7 home premium sp1
 
 

here is the one for my laptop... conduit search.... again spybot and Malwarebytes said it removed that. guess not.


# AdwCleaner v2.303 - Logfile created 06/10/2013 at 13:26:28
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : user - ALELAPTOP
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295465
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={9D61DA01-BD86-11E2-9FE8-001B3838B947} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

*************************

AdwCleaner[S1].txt - [1915 octets] - [10/06/2013 13:26:28]

########## EOF - C:\AdwCleaner[S1].txt - [1975 octets] ##########
My System SpecsSystem Spec
10 Jun 2013   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Some of this stuff is "whitelisted" (like an opt-in) .... so it's not detected by some anti-malware scanners.

Whitelist - Wikipedia, the free encyclopedia
My System SpecsSystem Spec
10 Jun 2013   #17
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
Some of this stuff is "whitelisted" (like an opt-in) .... so it's not detected by some anti-malware scanners.

Whitelist - Wikipedia, the free encyclopedia
Hope you don't mind me jumping back in with a question!
Is this "whitelist" on a user PC, or is it somehow a Global whitelist so some scanners don't detect it for anyone?
My System SpecsSystem Spec
10 Jun 2013   #18
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

It depends on what scanner is used. There are people who actually install these search BHO's
My System SpecsSystem Spec
Reply

 toolbar malware keeps showing up? how?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Changing File Decription for link to Malware Bytes Anti-Malware
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
System Security
ntoskrnl.exe showing up in task manager,malware?
I noticed a couple of days ago,a process "SYSTEM PID 4 ntoskrnl.exe",located in windows,C,system32.A bit of searching indicates that this particular process,should never show up in TM.As a precaution,could you help me out?Malware or not,should it be there in plain sight,or not?
System Security
Toolbar on taskbar should only be showing an arrow but is showing icon
I have a toolbar on my taskbar titled "Programs". It has about eight folders in it. I made another toolbar, and placed it directly adjacent to the Programs toolbar, to obscure the eight folders and force it to be a dropdown menu. Trouble is, as soon as I lock my taskbar, right next to the arrow...
Customization
Explorer.exe showing as malware
Hi All Ive just run a scan with Hitman Pro and its flagged explorer.exe as Malware.MSE and Malwarebytes scans come back clear.Is this just an FP or do i have a problem. Any help appreciated. Danny
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:03.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App