Rogue.Fake.MSE & Don't.Steal.Our.Software

[Jacee]

Thumbs up Fred! ... see ya' then

 

[Fred44]

Jacee,

I ran HiJack and checked the items you suggested. I created a restore point before I did it. When I rebooted, my MediaSmart Smart Menu wouldn't work. I also couldn't turn Windows Defender on (but I think this is because MSE turns it off). Also I went to C:\Program Files to delete the Lavasoft\Ad-Aware folder, but it wasn't there. Anyhow, I ran a system restore and everything is back to normal. (Except I stll can't turn Defender on, but I think that's for reasons above...don't need it anyway with MSE). Now...which of these items can be safely checked and what impact will it have on my computer's performance? Looks like WormRadar can go (no file), maybe the 04 - HKLM \..\Run: [KBD] C:\Program Files\Hwelett-Packard\KBD\KbdStub.EXE, and I'm sure the 023 Lavasoft can be deleted because I uninstalled Ad-Aware a long time ago.

My position at this point is, everything seems to be running OK, but if removing these files will significantly improve my performance , I'll go ahead. Just let me know what's safe for sure. Thanks.

Fred

 

[Jacee]

Definitely check and 'fix' the lines with no files. Reboot.

Now if you don't use Hwelett-Packard\KBD\KbdStub.EXE, you can check that O4 too, and run it manually when you need or want to.
kbdstub.exe is a Key Watcher\r from HP\r belonging to Keyboard Handler\r . This watches for Multimedia Keys on HP keyboards.

HJT does not delete anything! What it does do, is stop the (legit) program from running at startup and in the background. O23's are different ... since they are a 'Service' they need to be set to automatic, manual or disabled in services.

Windows Defender should remain disabled ... You have it with MSE.

Were you able to restart HP MediaSmart?

 

[Fred44]

Definitely check and 'fix' the lines with no files. Reboot.

Now if you don't use Hwelett-Packard\KBD\KbdStub.EXE, you can check that O4 too, and run it manually when you need or want to.
kbdstub.exe is a Key Watcher\r from HP\r belonging to Keyboard Handler\r . This watches for Multimedia Keys on HP keyboards.

HJT does not delete anything! What it does do, is stop the (legit) program from running at startup and in the background. O23's are different ... since they are a 'Service' they need to be set to automatic, manual or disabled in services.

Windows Defender should remain disabled ... You have it with MSE.

Were you able to restart HP MediaSmart?

HP MediaSmart restarted when I did a system restore.

 

[Fred44]

OK, here's the log sfter I clicked "fix checked" and rebooted. Should WormRadar and LavaSoft still be on the list. They are still there. Also did you notice the first 02 BHO item...it say's "no name, no file". Should that one be fixed too.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:11 PM, on 6/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Users\Fred\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7144 bytes

 

[Jacee]

Okay, don't do a system restore this time

Rescan with HJT, put a check next to each of this lines:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

Now close all open windows (including this website) except HJT, click "fix checked" button. Exit out of HJT by clicking the top right "X".

Reboot/ Restart your computer :D

 

[Fred44]

Looks like it removed them this timeI don't see those items on the list any more. Wonder why the Lavasoft folder isn't in Program Files. Thought I saw it there recently.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:35:51 PM, on 6/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Fred\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - Help and Support
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6634 bytes

 

[Jacee]

See if the Lavasoft folder is in 'Program Data' or your Documents

 

[Fred44]

See if the Lavasoft folder is in 'Program Data' or your Documents

Do you mean my Documents folder? Where is Program Data and how do I get there? I put the term in the search bar and came up with nothing.

 

[Fred44]

I went to Folder Options>View>Show Hidden Files and Folders.
Then went to My Documents and there was a new folder there called Shadow Edit Files. When I clicked on that folder it was empty. Is this where you mean?

 

[Fred44]

Jacee,
I misread your post about Lavasoft. I thought you meant that the "Program Data" folder would be in My documents folder. No there is not a trace of Lavasoft in Documents. I've searched every way I can think of and can't find "Program Data". I Googled it and read that it was a "hidden" folder and to be very careful about deleting anything there or altering it in any way as it could mess up your system. I guess it is hidden, because I cannot find it on my computer. How do I access it?

Fred

 

[niemiro]

Hello,

Open any Windows Explorer window (maybe at Documents) and press the Alt Key. Click:

Tools > Folder Options > View > Radio (put a circle in the box next to) "Show Hidden Files and Folders" > Un-check (remove the tick in the box next to) "Hide Protected Operating System Files (Recommended)" > Click Yes > Click OK.

Now open Computer and open the C:\ drive. You should now be able to see a C:\Program Data folder. As long as you only delete the Lavasoft folder, not problems will be caused.

Undo the settings changes you made to Folder Options (NOT via System Restore, although I think you have already learned this lesson, so apologies for dredging this up again!)

Richard

 

[Fred44]

Hello,

Open any Windows Explorer window (maybe at Documents) and press the Alt Key. Click:

Tools > Folder Options > View > Radio (put a circle in the box next to) "Show Hidden Files and Folders" > Un-check (remove the tick in the box next to) "Hide Protected Operating System Files (Recommended)" > Click Yes > Click OK.

Now open Computer and open the C:\ drive. You should now be able to see a C:\Program Data folder. As long as you only delete the Lavasoft folder, not problems will be caused.

Undo the settings changes you made to Folder Options (NOT via System Restore, although I think you have already learned this lesson, so apologies for dredging this up again!)

Richard

Simple enough...Lavasoft was there and is now deleted and folder options restored to former configuration. Thanks.

Fred

 

[Jacee]

So sorry for the late reply.

Yay! to niemiro who got you where you needed to go Fred.

Now all you have to do is make a new (fresh) restore point so that you won't be experiencing the problems you have encountered again:
http://forums.techarena.in/tips-tweaks/1058725.htm

 

[niemiro]

You are most welcome Jacee, and I am glad to have helped you with your problem Fred.

Richard

P.S. Congratulations Jacee on your "Large Rep Power"

 

[Fred44]

Hello,

Open any Windows Explorer window (maybe at Documents) and press the Alt Key. Click:

Tools > Folder Options > View > Radio (put a circle in the box next to) "Show Hidden Files and Folders" > Un-check (remove the tick in the box next to) "Hide Protected Operating System Files (Recommended)" > Click Yes > Click OK.

Now open Computer and open the C:\ drive. You should now be able to see a C:\Program Data folder. As long as you only delete the Lavasoft folder, not problems will be caused.

Undo the settings changes you made to Folder Options (NOT via System Restore, although I think you have already learned this lesson, so apologies for dredging this up again!)

Richard

Niemiro,

While looking in the Program Data Folder I also saw a McAfee and a Norton folder, also programs that I don't use. Is it safe to delete those as well? I'm wondering, because I just did a disc cleaning with Advanced Disc Cleaner and at the end it said it had deleted X number of files but there were 9 that could not be removed because they were being used by other programs. One of those was a McAfee file. So should I just let well enough alone, as my system is running very smoothly now?

Fred

 

[niemiro]

Hello Fred,

When you do decide you no longer want a program, you should run the official uninstaller. This should remove all traces, far more than just in Program Files/Program Data. Therefore, open Control Panel from the Start Orb, and click on Uninstall a Program under Programs, or Add/Remove a Program. Select the program you want to remove, and click remove. Follow the wizard, and everything should be gone.

There is one exception - antivirus programs. An antivirus program should be removed in this way, and then you should download the removal tool from the website. Run it (some would argue in Safe Mode ideally) and the rest should be gone.

EDIT: Have a look at the Norton website linked below BEFORE uninstall, and make sure you have your product keys backed up beforehand for both products, just in case you want to reinstall these application.

Sorry I cannot link you at this time, EDIT: Linked below

Richard

 

[niemiro]

Hello again Fred,


Here are the links to the removal tools you need:

• McAfee
• Norton

Richard

 

[Fred44]

Hello Fred,

When you do decide you no longer want a program, you should run the official uninstaller. This should remove all traces, far more than just in Program Files/Program Data. Therefore, open Control Panel from the Start Orb, and click on Uninstall a Program under Programs, or Add/Remove a Program. Select the program you want to remove, and click remove. Follow the wizard, and everything should be gone.

There is one exception - antivirus programs. An antivirus program should be removed in this way, and then you should download the removal tool from the website. Run it (some would argue in Safe Mode ideally) and the rest should be gone.

EDIT: Have a look at the Norton website linked below BEFORE uninstall, and make sure you have your product keys backed up beforehand for both products, just in case you want to reinstall these application.

Sorry I cannot link you at this time, EDIT: Linked below

Richard

I've run both the McAfee and Norton uninstaller, but there are still Norton and McAfee folders in Program Data, but as I said, everything's runniing smoothly. Is there any need to take further Action? I won't be reinstalling either McAfee or Norton as I'm very pleased with MSE.

 

[Jacee]

Go into safe mode and delete those folders, then reboot.