toolbar malware keeps showing up? how?

Page 2 of 2 FirstFirst 12

  1. macgig
    Posts : 249
    Win 7 Pro, Mac OS Sierra
    Thread Starter
       New #11

    will do thanks. :)
      My Computer
    Quote Quote

  3. macgig
    Posts : 249
    Win 7 Pro, Mac OS Sierra
    Thread Starter
       New #12

    contents of that file...

    # AdwCleaner v2.303 - Logfile created 06/10/2013 at 13:10:40
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : user - ale
    # Boot Mode : Normal
    # Running from : C:\Users\user\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\5aedb88b468bf40
    Key Deleted : HKCU\Software\Ask.com.tmp
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0.1 (en-US)

    *************************

    AdwCleaner[S1].txt - [1695 octets] - [10/06/2013 13:10:40]

    ########## EOF - C:\AdwCleaner[S1].txt - [1755 octets] ##########
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #13

    See? You did have more junk
      My Computer
    Quote Quote

  6. macgig
    Posts : 249
    Win 7 Pro, Mac OS Sierra
    Thread Starter
       New #14

    yeah. spybot and malwarebytes reported nothing else. interesting. running on my laptop, same thing. more junk.
      My Computer
    Quote Quote

  7. macgig
    Posts : 249
    Win 7 Pro, Mac OS Sierra
    Thread Starter
       New #15

    here is the one for my laptop... conduit search.... again spybot and Malwarebytes said it removed that. guess not.


    # AdwCleaner v2.303 - Logfile created 06/10/2013 at 13:26:28
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : user - ALELAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\user\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295465
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\PIP

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={9D61DA01-BD86-11E2-9FE8-001B3838B947} --> hxxp://www.google.com

    -\\ Mozilla Firefox v21.0 (en-US)

    *************************

    AdwCleaner[S1].txt - [1915 octets] - [10/06/2013 13:26:28]

    ########## EOF - C:\AdwCleaner[S1].txt - [1975 octets] ##########
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #16

    Some of this stuff is "whitelisted" (like an opt-in) .... so it's not detected by some anti-malware scanners.

    Whitelist - Wikipedia, the free encyclopedia
      My Computer
    Quote Quote

  10. DavidE
    Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       New #17

    Jacee said:
    Some of this stuff is "whitelisted" (like an opt-in) .... so it's not detected by some anti-malware scanners.

    Whitelist - Wikipedia, the free encyclopedia
    Hope you don't mind me jumping back in with a question!
    Is this "whitelist" on a user PC, or is it somehow a Global whitelist so some scanners don't detect it for anyone?
      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #18

    It depends on what scanner is used. There are people who actually install these search BHO's
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
This references: https://www.sevenforums.com/general-discussion/255629-quick-launch-bar-icons-dont-wrap-even-though-there-room.html - a post by chillz which discovers a "bug" with the taskbar not resetting the row-sizing for toolbars when dragging the taskbar to the left then back to the bottom. ...
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
I noticed a couple of days ago,a process "SYSTEM PID 4 ntoskrnl.exe",located in windows,C,system32.A bit of searching indicates that this particular process,should never show up in TM.As a precaution,could you help me out?Malware or not,should it be there in plain sight,or not?
I have a toolbar on my taskbar titled "Programs". It has about eight folders in it. I made another toolbar, and placed it directly adjacent to the Programs toolbar, to obscure the eight folders and force it to be a dropdown menu. Trouble is, as soon as I lock my taskbar, right next to the arrow...
Hi All Ive just run a scan with Hitman Pro and its flagged explorer.exe as Malware.MSE and Malwarebytes scans come back clear.Is this just an FP or do i have a problem. Any help appreciated. Danny
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:05.
Find Us