Strange Pinned topic -

[noknojon]

Hi -

I have this strange problem with the recently pinned topics at - General Malwarebytes Anti-Malware (pinned) section -

There 'appears' to be 18 items in Tiggers (first) section - On F/Fox it is OK, but for several days now there is 18 items in the post on I.E. -

After turning everything off for 3 nights there has been no change -

I have done everything I can think of including deleting MBAM (fully) and reinstalling -

The posts go from #3 to #5 (no #4) and then there is a #10 at the code box lower down in the topic - I know AdvancedSetup has said it is ME ,

But why -

[AdvancedSetup]

From within IE please do the following. Go to Tools/Internet Options/Advanced and click on the RESET button.

If that does not correct it then run the following.

From within IE please do the following. Go to Tools/Internet Options/ click the Delete button and uncheck the Preserve Favorites website data and put a check mark in the other Top 4 top items in that box and then click the Delete button.

[noknojon]

- Sorry AdvancedSetup - I did both options twice and rebooted after each time = 4 reboots -

Still the same - ??

[AdvancedSetup]

Please run the following.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
   
   
2. Attach.txt
   
   

• Save both reports to your desktop
  
  
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

[noknojon]

Sorry delete this -

[AdvancedSetup]

You need to run that and post back the logs, not the file you downloaded.

Please include the following logs in your next reply: DDS.txt and Attach.txt

[noknojon]

[AdvancedSetup]

I need the DDS.txt file. I'm getting some shut eye now though so I'll take a look this weekend.

[noknojon]

[noknojon]

Sorry - Will get back - Thanks -

[noknojon]

Sorry I took so long - Sat night here - Had her family visit and was stopped for a while and lost track of it -

Hope this is it -

[noknojon]

It appears OK now - Thanks for your time and trouble

Also removed Cookies and rebooted then checked more settings - Not sure where it was -

[AdvancedSetup]

You have way too many toolbars and bits and pieces of left over Anti-Virus from other products.

You also have Spybot that might be controlling and preventing changes to IE.

After having done a RESET in IE it is impossible to have these entries unless something either blocked the change or put it back.

uSearch Page =

uStart Page = hxxp://www.google.com/

uSearch Bar =

mSearchAssistant =

I'll leave this one up to Exile360 to assist you with cleaning it up maybe since it does not appear (on the surface) to be Malware related.

If it were me, I'd remove all the toolbars, and Spybot for now and verify if you can make IE changes now.

[exile360]

Give the following a shot to see if it corrects it:

Please download ATF Cleaner by Atribune from here and save the file to your desktop.

• Close all open internet browser windows
  
• Run ATF Cleaner by double clicking it.
  
• Once the program opens, click the box next to Select All (Note: this will delete all cookies saved by sites that you have visited so if you need to keep any cookies for automatic logins etc then uncheck the Cookies option)
  
• Once that's all set click on the Empty Selected button and it will remove the temporary files from your system.
  
• If you use Firefox or Opera browsers then click the appropriate button at the top of the program and delete the temp files from them as well following the same procedure.
  

I'd like to take a look at the security software you're running as well as other startups.

Please download Sysinternals Autoruns from here.

• Save Autoruns.exe to your desktop and double-click it to run it.
  
• Once it starts, please press the Esc key on your keyboard.
  
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  
• Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  
• Attach the Autoruns.zip folder you just created to your next reply
  

[noknojon]

Sorry I was a bit slow getting back - The AFT Cleaner was run first - Then this was made -

EDIT -

Deleted Spybot like AdvancedSetup said to -

Should I open F/Fox and run AFT even though I.E. is normal browser - Or has this 'cleaned in general' -

[exile360]

Do you have Avira and MSE installed and active as well as Windows Defender? You know my thoughts on this, but at the very least get rid of Windows Defender, its entire database is contained in the database of MSE so having MSE installed and running renders Windows Defender absolutely useless and redundant. You're just wasting resources on it.

As for your core issue, did ATF Cleaner correct the problem for you? If not then it may be one of the toolbars you have installed so you'll need to either remove them or check their settings.

You have a lot of orphaned entries listed from software that you've removed. None of them would cause this issue though so we can deal with those later if you wish. Many of the startups we previously disabled have returned as well, but again, they wouldn't cause this issue so we'll leave that for another time.

edit:

Should I open F/Fox and run AFT even though I.E. is normal browser - Or has this 'cleaned in general' -

It cleans the temp files for IE unless you click the Firefox button on ATF Cleaner, I'd recommend cleaning both to be safe.

[noknojon]

I mentioned about Defender the other day and you said Remove - MSE + Avira ? Should I do away with Avira for now and just let MSE do it -

I must have forgot to kill Defender -

Origonal Issue seemed to repair itself ?? See post #12 - Not sure why -

I know that I have deleted items that still turn up in other places (like in Win Explorer) after I run the uninstallers -

There is only the normal toolbars visable ?? with a search box (Yahoo I think) in the corner - I do not accept toolbars if I can say no -

Willing to remove any junk - I usually pick through Add/Remove about once a week - Also defrag then -

Machine is kept about 70%-75% free space most of the time as I prefer to remove junk -

Removed Windows Defender from Add/Remove and can not find any other remover tool, so I hope it is gone -

[exile360]

I mentioned about Defender the other day and you said Remove - MSE + Avira ? Should I do away with Avira for now and just let MSE do it -

Right, if you're going to use Avira, remove MSE but keep Windows Defender if you'd like. If you're going to use MSE, remove Avira and Windows Defender .

Origonal Issue seemed to repair itself ?? See post #12 - Not sure why -

I suspect ATF Cleaner cleared it up for you, that's why I had you run it .

I know that I have deleted items that still turn up in other places (like in Win Explorer) after I run the uninstallers -

There is only the normal toolbars visable ?? with a search box (Yahoo I think) in the corner - I do not accept toolbars if I can say no -

Willing to remove any junk - I usually pick through Add/Remove about once a week - Also defrag then -

There's a bunch of leftovers, I'll help you get rid of them but I'll need a bit of time for analysis so give me a little while and I'll return with a long list of things for you to delete .

For now click on Start and select Control Panel and click the link for Other Options on the bottom.

Open the QuickTime settings and look under the various sections (don't personally recall where it is because I no longer use QuickTime to watch .mov files ) and find the option for the system tray icon and uncheck it.

[noknojon]

Quick Time icon (big Q) Sys tray is not checked ( was not when opened) - In Advanced settings - Last item in Advanced settings -

That was the Quick Time Icon in C/Panel -

[exile360]

No problem, it's just one more thing we'll remove with Autoruns exile makes note and adds it to the list

[noknojon]

I can remove Avira to fill in 5 mins ??

Will delete from Add/Remove then run remover tool to be sure -

Removed from Add/Remove - Reboot, and ran Freds remover - Also saved it and will rerun again later -

Only running MSE now - See how it goes -

[exile360]

Restart your computer and then proceed with the following:

Step 1: Deletions:

For each of the following entries right click on them one by one and select Delete:

Under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Note: Only delete the ones that have an empty check box next to them (these are redundant duplicates that you can safely delete)

• Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 9.0\reader\reader_sl.exe
  
• QuickTime Task QuickTime Task (Not Verified) Apple Inc. c:\program files\quicktime\qttask.exe
  

Under HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

• Shockwave Updater File not found: C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; IEMB3; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; yie8)" -"http://www.adobe.com/shockwave/welcome/"
  

Under HKLM\Software\Microsoft\Internet Explorer\Extensions

• ieSpell File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
  
• ieSpell Options File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
  

Under Task Scheduler

• ParetoLogic Registration.job File not found: C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
  
• Scheduled Update for Ask Toolbar.job File not found: C:\Program Files\Ask.com\UpdateTask.exe
  
• SmartDefrag.job File not found: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule
  
• SpeedOptimizer Startup.job File not found: c:\progra~1\speedo~1\SPO.exe /minimized
  

Under HKLM\System\CurrentControlSet\Services

• FreshIO File not found: C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys Note: Only delete this entry if you no longer have FreshDiagnose installed.
  
• pavboot Panda Boot Driver (Verified) Panda Security S.L c:\windows\system32\drivers\pavboot.sys
  
• PCTCore PC Tools KDS Core Driver (Verified) PC Tools c:\windows\system32\drivers\pctcore.sys
  
• SABProcEnum File not found: C:\WINDOWS\System32\Drivers\SABProcEnum.sys
  
• tmcomm TrendMicro Common Module (Verified) Trend Micro, Inc. c:\windows\system32\drivers\tmcomm.sys
  
• WinFLdrv WinFL Filter driver c:\windows\system32\winfldrv.sys Note: Only delete this entry if you no longer have Folder Lock installed.
  

Step 2: Disable:

For each of the following entries uncheck them by clicking on the check box on the left of each entry in Autoruns:

Under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

• Adobe ARM Adobe Reader and Acrobat Manager (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\arm\1.0\adobearm.exe
  
• Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 9.0\reader\reader_sl.exe
  
• QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\program files\quicktime\qttask.exe
  
• SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe Note: Disabling this means Java will not check for updates automatically, if you use a different source for Java update notifications or check manually via Sun's Java website and update Java manually then you should disable this, otherwise leave it alone.
  

Under HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

• &Yahoo! Toolbar Helper Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
  
• Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
  
• Java™ Plug-In 2 SSV Helper Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll
  
• JQSIEStartDetectorImpl Class Java™ Quick Starter binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  
• SingleInstance Class Yahoo! Single Instance for Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
  
• Windows Live Toolbar Helper Windows Live Toolbar Core (Verified) Microsoft Corporation c:\program files\windows live\toolbar\wltcore.dll
  

Under HKLM\Software\Microsoft\Internet Explorer\Toolbar

• &Windows Live Toolbar Windows Live Toolbar Core (Verified) Microsoft Corporation c:\program files\windows live\toolbar\wltcore.dll
  
• Yahoo!7 Toolbar Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
  

Under Task Scheduler

• Google Software Updater.job gusvc (Verified) Google Inc c:\program files\google\common\google updater\googleupdaterservice.exe
  
• GoogleUpdateTaskMachineCore.job Google Installer (Verified) Google Inc c:\program files\google\update\googleupdate.exe
  
• GoogleUpdateTaskMachineUA.job Google Installer (Verified) Google Inc c:\program files\google\update\googleupdate.exe
  
• User_Feed_Synchronization-{BA9B2421-4D0B-46E2-8ADF-8A5FC3289F0E}.job Microsoft Feeds Synchronization (Verified) Microsoft Windows c:\windows\system32\msfeedssync.exe Note: Only disable this entry if you do not use RSS Feeds in Internet Explorer. If you don't use RSS Feeds or you don't know what the heck RSS Feeds are, disable it .
  

Disable Some Services:

• Click on Start and click Run
  
• In the run box type services.msc and press Enter
  
• Once the Services window opens, scroll down the list until you find each of the following and for each one double click on it
  
• Click the Stop button to stop the service from running, then click the drop down menu next to Startup Type and select Disabled
  
• Click the Apply button and click on Ok
  

  
  

• Microsoft Fax Service
  Note:
  Only disable this if you do
  NOT
  do any faxing from your PC, otherwise leave it alone.
  
  
• Google Update
  Note:
  There might be two of these, perhaps with slightly different names, disable them both.
  
  
• Java Quick Starter
  
  
• Yahoo! AutoUpdater
  
  

  
  

• Close the Services control panel
  

Step 3: Post a fresh log:

Once all of that is done and you've uninstalled whatever security software you've decided to uninstall you may delete the attachment of the previous Autoruns.zip file you uploaded by clicking My Controls at the top of the forum page and then clicking Manage Your Attachments on the left.

Then delete the Autoruns.arn and Autoruns.zip files from your desktop and run Autoruns again:

• Double click Autoruns.exe
  
• Once it starts, please press the Esc key on your keyboard.
  
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  
• Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  
• Attach the Autoruns.zip folder you just created to your next reply
  

Thanks

[noknojon]

It is 2.00 AM here now and I cannot focus on these - If it is OK I will do this after I get a few hrs sleep -

Sorry to hold you up but it will be done soon -

[exile360]

No hold up at all, as you know I'm here all the time .

Take your time and make sure you do this when you're wide awake and focused, don't worry about rushing and don't hesitate to ask questions if you have any .

[noknojon]

I needed to go to My Computer > Search to find some items (IObit & PC Tools) - I can't see where they were - Remixed told me they were gone (via HJT) -

Think I got them all - I may have missed 1 or 2 that I had trouble finding, but I got most - I got confused on a few - No removers for traces of IObit & PC Tools -

Any others PM or post back - Always looking -

EDIT -

I still have some vid card problems (Not ??focused etc) - Should I ask on EVGA forum ??

Also ran cleaner prior to post, then reinstalled Autoruns -

Avira and Win Defender are gone - Also Spybot - Will rely on MSE for a while and do MBAM & SAS scans still -