Author Topic: HitmanPro Unwanted Programs and Emsisoft  (Read 2357 times)

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
HitmanPro Unwanted Programs and Emsisoft
« on: July 30, 2015, 02:23:20 PM »
I do NOT want toolbars and these unwanted programs seem to be associated with the Yahoo Toolbar.
I searched the registry and could not find the Yahoo Toolbar.

In running HitmanPro I found these unwanted files and wanted to delete them, but the only thing that finds them is HitmanPro, and my trial has expired.  Is there any other free program that will find them and delete them ?

I could go through the registry and delete files for Yahoo individually, but I am hesitant since Comodo and now Firefox are partners with Yahoo.

I am also hesitant about deleting files for the (Default Tab)

Emsisoft Emergency Tool Kit also finds its own Unwanted Programs that is not found by other scanners
Disable Task Manager and Disable Registry Tools. 

These keep coming back.

See attachments.

UncleDoug



[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #1 on: July 30, 2015, 02:55:28 PM »
Hello,

please download FRST and save it to your desktop.

Run tool as Administrator, and on UAC popup click Yes.

NOTE: If you don't know which version is your OS, download and run both of them. One that works is right version you need.

Accept disclaimer by clicking on Yes,and wait while tool is making a registry backup which takes few seconds.

When you get message in header "The tool is ready to use", click on Scan button, but make sure that Addition is checked before doing it.

Program will generate two logs : FRST.txt and Addition.txt.

Attach logs to your reply.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
« Last Edit: July 30, 2015, 03:01:04 PM by Silwncer »

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #2 on: July 30, 2015, 04:03:58 PM »
Here are the attachments you requested plus a HiJackThis log which I had run just prior to reading your reply.

Not sure what you will find but I would like to delete the registry keys found by HitmanPro and resolvve those keys that Emsisoft keeps finding.

UncleDoug

[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #3 on: July 30, 2015, 04:13:18 PM »
First we need to uninstall some programs.

You have multiple antivirus programs installed. Uninstall following one of them :

 Bitdefender Antivirus Free Edition

 COMODO Antivirus

Avira

Uninstallation procedure :

Go to Control Panel in Start,choose Programs and Features and keep one of antiviruses mentioned above, others you must uninstall .

After uninstallation is done, restart your computer and proceed to next step.

Uninstall following stuff as well (unwanted/unneeded):

Amazon Links
Bing Rewards Client Installer
Eusing Free Registry Defrag
Find Junk Files 1.51
Kaspersky Security Scan
SUPERAntiSpyware
Wise Registry Cleaner 8.62

You can also uninstall Hitman Pro if your trial has expired.

After you're done, rerun FRST and attach fresh logs.

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #4 on: August 06, 2015, 01:16:11 AM »
I removed most of the programs you requested, but Avira is my primary security protection after  Comodo Firewall. The the other security programs I use  as secondary defense.   

 That is why I asked for help, several security programs have their individual quirks, each may find things others don't.

I did not remove HitmanPro so we can check that you were able to help me remove all the Yahoo Toolbar occurrences and those that HitmanPro found for Default Tab.

Another quirk of Emsisoft is that only it finds the registry keys DisableTaskMgr and DisableRegistryTools and they keep coming back ?

The above were my request in my first post.

Attached are the new documents.

UncleDoug

I really wanted to remove "Bing Rewards Client Installer" but I searched and could not find it  ?



[attachment deleted by admin]
« Last Edit: August 06, 2015, 01:19:16 AM by UncleDoug »

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #5 on: August 06, 2015, 01:43:29 AM »
Using more than one antivirus may cause freezing,conflicts,crashes and system slowdown so if you didn't uninstalled and kept one of them,you need to do that.

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #6 on: August 06, 2015, 01:51:57 AM »
Ok i checked out logs and now seems good,but we will need to do some fixes,logs will take some time to analyze and research,so please be patient ;)

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #7 on: August 06, 2015, 03:19:09 AM »
Fix with Farbar Recovery Scan Tool

 :-La This fix is made for use on that particular machine. Running it on another one may cause serious damage.

Please download attached fixlist.txt and save it on same location where is FRST.

Re-run FRST as Administrator, make sure that script and FRST are in same location, then click Fix once and wait while it's doing it's job, it takes few seconds.

It will ask you for restart, allow it to do so . After restart program will make fixlog.txt which you will attach to your reply.

===============================================================================================

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.


https://www.malwarebytes.org/antirootkit/

Attach log to your reply.

[attachment deleted by admin]

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #8 on: August 08, 2015, 12:55:24 AM »
Here are the the files you requested plus I ran HitmanPro to see what was still there.

The scan results showed a lot more than what the log shows !
YahooToolbar dominates in the number of unwanted files followed by DefaultTab.

Auslogic is one of the defrag programs I use and a new update came out "with a lot of unwanted offerings"  I used custom install but had to delete the setup file from downloads (HitmanPro saw it as a Trojan)
But the results showed Google Analytics / Auslogics as unwanted but it was not shown in logfile?

Hope we can eliminate these unwanted traces of the Yahoo Toolbar and Default Tab
Plus still would like to remove Bing Rewards Client Installer that you included in the list to uninstall.

Thank You
UncleDoug


[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #9 on: August 08, 2015, 04:56:00 AM »
Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.

http://www.bleepingcomputer.com/download/adwcleaner/

Download JRT by Malwarebytes and save it to your desktop.

Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.

Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.

Attach log here.

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #10 on: August 10, 2015, 12:00:20 AM »
Attached or the logs.
AdwCleaner and JRT are 2 tools I already use, and they did not find anything !

I tried to use regedit to look for some of the keys and using Find  did not find anything but when I manually searched the registry keys I found the keys but instead of Ybar it showed Yahoo Companion.

Some where there should be a tool to Uninstall the Yahoo Toolbar and remove all traces of it.
The traces with Default Tab will probably have the same problems.

I doubt the average free registry cleaner can find these remnants in a scan of the registry.

Using the Find in the registry editor would probably be the easiest solution for the unwanted programs found by HitmanPro.
But I am waiting for your suggestions.

Also still have not figured out how to remove the Bing Rewards Client Installer that you listed.

UncleDoug



[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #11 on: August 10, 2015, 05:45:06 AM »
Download ZOEK by Smeenk and save it on your desktop.

Disable your antivirus (right-click on tray > stop protection), because it may conflict with tool.

Run tool as Administrator and input following script :

Code: [Select]
createsrpoint;
emptyalltemp;
emptyclsid;
chrdefaults;
FFdefaults;

Push Run script button once and wait when it's done, if requires a reboot allow it to do so.

Attach log in your reply (zoek-results.txt) .

http://home.kpn.nl/stefsmeenk/zoek.exe/

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #12 on: August 12, 2015, 01:57:00 AM »
I ran Zoek twice, 1st with your script and no boxes checked under advanced, 2nd with your script and Deep Scan checked under advanced

Also included is a scan with HitmanPro I just ran, showing the traces /remnants are still there for Yahoo Toolbar and Default Tab.

These traces / remnants are registry keys that I mentioned before.

Do you know of a program that I can scan for each key and delete using a script from you ?

I told you the problem using Find from the registry.  Also tried 2 different registry cleaners and they could not find them and when keys are listed the information listed was not helpful in determining what the keys were for.

Thank you again,
UncleDoug
 

[attachment deleted by admin]

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #13 on: August 12, 2015, 02:47:50 AM »
You should not run Zoek with custom scripts,it may cause serious damage.

Offline Silwncer

  • Board moderator
  • Comodo Family Member
  • ***
  • Posts: 92
  • Malware Removal Expert
    • TechForums
Re: HitmanPro Unwanted Programs and Emsisoft
« Reply #14 on: August 12, 2015, 04:51:04 AM »
Re-run FRST so i can see better look at your system.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek