Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

So sick of apmebf cookie


Melvin_Deal

Recommended Posts

I want to thank everybody who's responded to the launch and development of 360!!! I don't need to mention names! I am humbled and no longer post useless B/S.

 

I cannot seem to remove this cookie, nothing will... pLZ HLP! The commission junction co. seems to have a permanent cookie in my system even if I don't launch my browser.

 

 

they say on their site you can opt out. I did this two weeks ago. Their cookie remains despite back to back scans and searches. Any and all (real) softwares seem to remove... but don't.

 

I can disconnect from inet, run various software including iobit360... they all detect and remoove this cookie and i run them all again without reconnecting to inet, still there &remove, reboot(still no inet), scan (still there) remove (again) cookie still there' again and again w 360, ASC, AVG... etc!

Link to comment
Share on other sites

Hi Melvin

Do you have Norton installed?

Do you have these in your services:

Automatic LiveUpdate Scheduler - Symantec Corporation

Symantec Lic NetConnect service (CLTNetCnService)

LiveUpdate - Symantec Corporation

LiveUpdate Notice Service - Symantec Corporation

LiveUpdate Notice Service Ex (LiveUpdate Notice Ex)

If so try disabling them

If you have a commission junction service in your services instead, then try to disable that.

services.msc in Run

Cheers

solbjerg

 

I want to thank everybody who's responded to the launch and development of 360!!! I don't need to mention names! I am humbled and no longer post useless B/S.

 

I cannot seem to remove this cookie, nothing will... pLZ HLP! The commission junction co. seems to have a permanent cookie in my system even if I don't launch my browser.

 

 

they say on their site you can opt out. I did this two weeks ago. Their cookie remains despite back to back scans and searches. Any and all (real) softwares seem to remove... but don't.

Link to comment
Share on other sites

You are so there!

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

 

 

Thought I was done with this beast! Maybe i will be now!! Welcome to Thanx-a-billion!!

Link to comment
Share on other sites

symantic services gone now! Apmebf still there.

 

Tired of this for now! Sol led me to the right place to stop a bit of crap, but not the continuous apmebf. Here's my newest log. Thanx! Gotta sleep!

ogfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 4:44:51 AM, on 9/26/2009

Platform: Windows Vista (WinNT 6.0)

MSIE: Internet Explorer v8.0 (8.0.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} -

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (gpsvc) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: Swupdtmr - Unknown - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

Link to comment
Share on other sites

Hi Melvin

Just to clarify that you are talking about the Norton/Symantec removal tool - available at their home site.

They probably use that cookie, but there may be others that use it too - if you have made your firewall accept one of those programs - you may still have it - because it is generated every time it is deleted on account of your acceptance of that program/cookie.

At least that is how I see it. :-)

Cheers

solbjerg

 

 

It took a minute to find, retrieve, and run the tool. Symantic isn't friendly. Sol took me to the right place. Scanning with 360 to verify extinction of symantic in system, will edit this post when done. Thanx Sol!!!
Link to comment
Share on other sites

Indeed was authentic remooval tool!

 

There's no more symantec software running here that I can see. What you're saying is the cookie is attached to something else now. Ill try to figure that attachment out. Most of my processes are fairly clean, but i'm still a rookie. You have helped me clean the last of the stupid symantic stuff from my system! Thanks!

Link to comment
Share on other sites

Possible solution

 

Hi Melvin

Have you tried this:

Click Start/Controlpanel/Internet options/Privacy Tab/sites/enter apmebf.com/click Block.

In firefox you click Disable instead of Block

Be aware that the blocking of the apmebf.com cookie may result in the apmebf.com website working incorrectly in your browser or not working at all.

If you have that cookie from another site too, this may not work

You had a Chinese or Asian site for watching movies or TV that I had suspicions about - I forgot the name, sorry!

tvunetworks

 

Cheers

solbjerg

Link to comment
Share on other sites

Hi again Melvin,

 

I would try to do the following if I were you:

 

-Update Adobe Reader to 9.1.3

 

-Update Java to 1.6.0_16, and use JavaRA to get rid of the old residues.

 

-Delete the following:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

-Disable the following:

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} -

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

 

- Try disabling and then enabling the following, and see if they change any behaviour.

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

 

 

Cheers.

Link to comment
Share on other sites

Hi melvin

 

The site apnebf.com could be dangarous for a PC and must be included in the restricted Zone.

 

IE8 by default and if windows are updated recularly include it in SECURITY ( in internet-options ) and in RESTRICTED SITES.

 

you must insert it in this list.

 

Now in order to remove the cookies set by it TRY to load windows in SAFE MODE and scan using S-360 (use PC SECURITY ANALYSIS of S-360)

 

scanning and removing of tracking cookies can also be performed by ASC of IObit

 

before scanning set the options for Inernet Privacy (cookies)

 

cheers

Link to comment
Share on other sites

Dear Sol done that a long time ago!! Thanks!

 

There must be insidiousness still running on my system. Gonna take eno's suggestions, try them. apembf cookie is from Australia. I know 4 sure. Thanx for alerting/showing me the path to be rid of symantic (( I hope)) (which I reported as a poss. false positive in 360 testing) 360 beta was correct.

 

I believe I must follow eno's suggestions & see what happens.

Link to comment
Share on other sites

Hi Melvin

:-) Yes I thought you might have - but good for others to know the path, right!

enoskypes suggestion about java is also good.

And please try his suggestions and give feedback please!

Have you tried the secure deletion option, as vman suggested?

Cheers

solbjerg

 

 

There must be insidiousness still running on my system. Gonna take eno's suggestions, try them. apembf cookie is from Australia. I know 4 sure. Thanx for alerting/showing me the path to be rid of symantic (( I hope)) (which I reported as a poss. false positive in 360 testing) 360 beta was correct.

 

I believe I must follow eno's suggestions & see what happens.

Link to comment
Share on other sites

Followed instructions carefully. Thanx!

 

To Sol and Eno thank you! My system is definitely running cleaner and more efficiently. Looks like about 10 unnecessary processes have been eliminated... residuals. Apmebf still there. not many places left to look! Heres my latest log.

 

Thank you Eno especially for the residual elimination link.

 

Thank you Sol for the Symantic elimination information.

 

Here's my new log... very lean...

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 4:40:09 AM, on 9/27/2009

Platform: Windows Vista (WinNT 6.0)

MSIE: Internet Explorer v8.0 (8.0.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AcroIEHelperStub - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Google Dictionary Compression sdch - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} -

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (gpsvc) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: Swupdtmr - Unknown - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

 

 

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab

 

Synaptic..??? Symmantic??? Thought I was rid of this as well.... I mean Tvu

 

Don't think either is source of apmebf cookie.

 

Link given earlier to other discussion was no good either.

Link to comment
Share on other sites

Running new 360 scan to try vmans suggestion.

 

Don't know how to do "secure delete" Plz advise me Vman! Don't see option. You running pro version or something? Running scan again now to see if I missed(overlooked) this option earlier. Thx!

 

"sandboxing" browsing won't change anything. I can sever the physical connection from Inet and apmebf cookie remains... coming from inside, not out. Thx!

Link to comment
Share on other sites

Hi Melvin

I think vman is referring to the option in ASC!

This program deletes cookies too!

Cheers

solbjerg

 

Don't know how to do "secure delete" Plz advise me Vman! Don't see option. You running pro version or something? Running scan again now to see if I missed(overlooked) this option earlier. Thx!

 

"sandboxing" browsing won't change anything. I can sever the physical connection from Inet and apmebf cookie remains... coming from inside, not out. Thx!

Link to comment
Share on other sites

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

Synaptic..??? Symmantic??? Thought I was rid of this as well.... I mean Tvu

 

To check on Synaptics SynTPEnh or anything in Windows StartUp:

 

1) Launch Advanced System Care

2) Select Utilities

3) Select Admin Tools

4) Select StartUp Manager

5) Select (but not Tick or UnTick, just hi-light) the File you want to check

6) Select OnLine Search in the Select an Action box on the left

7) You will be automatically taken to SysInfo.org

The search for the file has already been done and the answer, if any, will be there

 

There you will find the following for SynTPEnh

Note: U means 'user decides'

 

SynTPEnh U SynTPEnh.exe

Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads, which are common on many laptops. Required to display the System Tray icon and support enhanced features such as Tap Zones, Virtual Scrolling and EdgeMotion. If you don't use these features this can safely be disabled. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll

 

So it is mostly necessary for any Notebook or Netbook users, to add those handy features to the TouchPad :-)

 

All the best, woz of oz

Link to comment
Share on other sites

Thanks! I enjoy my touchpad! Better understanding of that admin tool also!

 

To check on Synaptics SynTPEnh or anything in Windows StartUp:

 

1) Launch Advanced System Care

2) Select Utilities

3) Select Admin Tools

4) Select StartUp Manager

5) Select (but not Tick or UnTick, just hi-light) the File you want to check

6) Select OnLine Search in the Select an Action box on the left

7) You will be automatically taken to SysInfo.org

The search for the file has already been done and the answer, if any, will be there

 

 

 

So it is mostly necessary for any Notebook or Netbook users, to add those handy features to the TouchPad :-)

 

All the best, woz of oz

 

 

 

 

I appreciate you! I never explored that tool as you have.... thanx!!!

There you will find the following for SynTPEnh

Note: U means 'user decides'

Link to comment
Share on other sites

Hi Melvin

While you were in StartUpManager - did you also check to see if any StartUp items might contain "your cookie"?

 

:idea: Good call Wozofoz!!

 

Cheers

solbjerg

 

 

I appreciate you! I never explored that tool as you have.... thanx!!!

There you will find the following for SynTPEnh

Note: U means 'user decides'

Link to comment
Share on other sites

Found 3 files associated with embedded spyware.

 

I have isolated the internal source to three files. Am curious to know more about them before taking action. Wondering if you guys have insight or experience with these 3:

 

1) HKEY_CLASSES_ROOT\CLSID\{A679OAA5-C6C7-4BCF-A46D-0FDAC4EA90EB}

 

2) HotKeysCmds

 

3)TOSCDSPD

 

Any further advice much appreciated!!!

Link to comment
Share on other sites

Thanx Vman!

 

I absolutely isolated the problem to:

 

HKEY_CLASSES_ROOT\CLSID\{A679OAA5-C6C7-4BCF-A46D-0FDAC4EA90EB

 

Seems to be a remnant of startup software long deleted/erased. The other two I listed were innocent. Posted this file on poss. false pos. 360 thread as a missed threat. Thanx for taking a look. -Mel

 

P.S. Reason for edit: I forgot to say that once the registry entry was removed... the apmebf cookie disappeared.

Link to comment
Share on other sites

  • 9 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...