Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't delete "Similar products popup" + other adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 3rd, 2014, 9:43 pm

Sorry-- but I haven't been successful in running OTL- Run Fix Script. It hangs on "Searching registry for Ask toolbar." I let it go for 5 minutes-- then went to task manager and saw that OTL wasn't responding. Tried it several times, with same result.

so I didn't do the other scans because of the OTL problem. what do you recommend? By the way, I'm also getting ad popups on this forum. don't recall seeing them before.

SarasotaLady
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am
Advertisement
Register to Remove

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 3rd, 2014, 10:06 pm

Hello sarasotalady,

I haven't been successful in running OTL- Run Fix Script. It hangs on "Searching registry for Ask toolbar."
I am sorry - it was my mistake! :oops:

The right instruction is:

OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{67EC6999-123C-4AC8-87F8-E525AE035CFE}: "URL" = http://search.yahoo.com/search?p= {searchTerms}&fr=tightropetb&type=10741
    IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{B5874762-543C-4D24-9173-7D0A3A9CC8C9}: "URL" = http://www.bing.com/search?FORM=U220DF& ... 220&q= {searchTerms}&src=IE-SearchBox
    [2013/06/04 15:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Extensions
    [2014/06/01 14:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions
    [2014/05/31 12:25:28 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [2014/05/18 14:48:12 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
    [2014/06/01 14:08:57 | 000,009,022 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi
    [2014/05/01 13:38:16 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/05/12 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    CHR - default_search_provider: search_url = http://speedial.com/results.php?f=4&q= {searchTerms}&a=spd_dnldstr_14_22_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByE0D0AyDyD0D0ByByBzy0B0EtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAtByEyE0EtAzytGzytA0ByCtGyEyByDyDtG0D0C0DyBtGyCyByD0AyEyB0EyBtBtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzyzyzzyB0A0AtGzyyCzyyBtG0B0FyDyBtGyDtAzy0DtGyEtC0AzzyDyE0CzztDyEzytB2Q&cr=2143485961&ir=
    O2 - BHO: (Rock Turner) - {527b365c-1bd3-4a66-906f-8729805ce78c} - C:\Program Files (x86)\Rock Turner\RockTurnerBHO.dll (Rock Turner)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\Toolbar\WebBrowser: (no name) - {870BD786-09A0-440D-ADB7-8F2ABE9B7845} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    [2013/07/02 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\webex
    [2013/06/09 22:37:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    "XMLUrl"=-
    [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    "XMLUrl"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search]
    "DefaultActivity"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute]
    "Action"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview]
    "Action"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\preferences\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\temp\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\content\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\skin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\searchplugins\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search]
    "DefaultActivity"=-
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trolltech]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech]
    
    :Files
    C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico
    C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
    C:\Program Files (x86)\*.tmp
    C:\Windows\*.tmp
    @C:\ProgramData\TEMP:373E1720
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Then please proceed with Steps 2,3,4 from my previous post.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 3rd, 2014, 11:36 pm

Pgmigg--

Wasted quite a bit of time-- but apology accepted.

Here's the log for OTL Run fix script --


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67EC6999-123C-4AC8-87F8-E525AE035CFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67EC6999-123C-4AC8-87F8-E525AE035CFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B5874762-543C-4D24-9173-7D0A3A9CC8C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5874762-543C-4D24-9173-7D0A3A9CC8C9}\ not found.
C:\Users\Helen\AppData\Roaming\Mozilla\Extensions folder moved successfully.
Folder C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\ not found.
Folder C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\ not found.
File C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi not found.
File C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi not found.
File C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{527b365c-1bd3-4a66-906f-8729805ce78c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{527b365c-1bd3-4a66-906f-8729805ce78c}\ not found.
File C:\Program Files (x86)\Rock Turner\RockTurnerBHO.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{870BD786-09A0-440D-ADB7-8F2ABE9B7845} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{870BD786-09A0-440D-ADB7-8F2ABE9B7845}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUs Tray not found.
File C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUs Watch not found.
File C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe not found.
Folder C:\Users\Helen\AppData\Roaming\webex\ not found.
Folder C:\Users\Helen\AppData\Roaming\Leadertech\ not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\\XMLUrl deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\\XMLUrl not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\\DefaultActivity deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\preferences\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\temp\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\content\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\skin\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\D:\FIND_MOZ_EXT\toolbar@ask.com\searchplugins\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 not found.
Registry value HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\\DefaultActivity not found.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru\ not found.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech\ not found.
========== FILES ==========
C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico moved successfully.
C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml moved successfully.
File\Folder C:\Program Files (x86)\*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

Will post other scans in new reply.

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7468241 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24926309 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2873 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 830996 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 200286070 bytes

Total Files Cleaned = 223.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06032014_232949

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 4th, 2014, 12:45 am

Reply #2

Scanned Chrome and Mozilla-- didn't find any evidence of similar products or superfish.

Ran malwarebytes and received Clean message exactly as you stated. -- Tried to copy snapshot of results but couldn't get it to paste.

Will do final run of OTL in next message.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 4th, 2014, 12:54 am

Results of final OTL scan OTL Extras logfile created on: 6/4/2014 12:47:08 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 72.54% Memory free
15.80 Gb Paging File | 13.51 Gb Available in Paging File | 85.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 167.58 Gb Total Space | 126.45 Gb Free Space | 75.45% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 469.47 Gb Free Space | 50.40% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C55B04-5B10-471F-BEB4-95315F150395}" = lport=137 | protocol=17 | dir=in | app=system |
"{1AE94EC8-2E8D-4B26-B162-2A02F30C66A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D2164BA-C34B-414F-8E2B-6EC26867D495}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BFD7FDE-4DD1-4193-9FC9-252FBF894697}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{407930D2-033E-48D9-98E5-7808D26433F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{5304A2F8-412B-4688-9839-697BFB328312}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{5D3053F1-D3DB-45B4-8402-405C70BE44E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{689A9C32-9E1F-4E99-B127-67305CF79E77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{721E90AF-BFCB-4F21-BECC-309C45C07062}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{7AB8AFC1-4A3A-4FED-9A72-F56117D57B4E}" = rport=137 | protocol=17 | dir=out | app=system |
"{8572FEB5-7C98-4669-82A5-21695D00D4EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D32AAEA-96FA-4A47-A8D1-0EBCBC2EBFCC}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6404726-96DD-4E59-981F-8C6A4574FEAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA0320BF-A1BD-4F6B-A7F5-81C1952EF3F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD59D52C-07C4-481D-AA9C-CE9B11300F1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E0653877-7CCC-46C7-8534-B8B4D1008036}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AB5F4A-1D5A-4890-997C-1F3ABEC71923}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{076212AD-B0B7-4DB5-930C-FE415D3DA9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{0ADE9C1A-221F-47E0-AB02-C619AD6AC206}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BE7AB90-DB96-4BB9-A405-6A41AC8B951D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15C9F034-7743-4E26-86E6-9DE9C5AF6467}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{1C2EC68B-8EAA-4250-9938-1918AA0B379C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1EB5465E-473A-42A7-8C60-9776BF7EAE0F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D51C1C1-6C38-411A-846F-5EAD95BE9E42}" = dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{2F221EA9-8B00-4B39-B0FA-5522692B025B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44C2E0C8-8671-4C2B-8200-1BE559CFFD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{7975D9B1-CDB6-45CE-B642-A4F7FA34161E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{7B913A54-79BF-4567-82AF-46F0133C6293}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C0753D5-852C-4EBC-B08D-40B1D6993647}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{7D2A02EF-0E50-401B-A581-024544A4814C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{9C0C6F41-DCA0-4728-A69E-B3F145628319}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A7E2919B-88F4-4E41-888E-514733DFD977}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC96A9FE-3032-4E9C-8F1E-CACCF72A0465}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{C1D5A470-EC93-4261-86AD-12BF82761D96}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{D48F66A2-D5F6-4223-9CB0-AFE584E4AC3F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E26AF186-F292-4214-92CD-E9A314CF8E51}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E71B6376-237B-4147-9E22-9D9F116F6370}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.46.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"PROSetDX" = Intel(R) Network Connections 16.8.46.0
"sp6" = Logitech SetPoint 6.52

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06D085C8-1F00-11B2-96A7-8f0CE39193ED}" = Intel® SSD Toolbox
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager
"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery
"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = avast! Free Antivirus
"BrowserSafeguard" = BrowserSafeguard with Rockettab
"EaseUS Todo Backup Free 5.3_is1" = EaseUS Todo Backup Free 5.3
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pre-Cloud" = Pre-Cloud Browser Security Service
"RealAlt_is1" = Real Alternative 2.0.2
"TeamViewer 9" = TeamViewer 9
"TurboTax 2013" = TurboTax 2013
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2014 11:43:01 AM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/3/2014 1:10:46 PM | Computer Name = Helen-PC | Source = Application Hang | ID = 1002
Description = The program OTL(2).exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 5bc Start Time:
01cf7f4d6858ceb5 Termination Time: 0 Application Path: D:\Users\Helen\Downloads\OTL(2).exe

Report
Id: fb902d96-eb41-11e3-9af9-00224da55db7

Error - 6/3/2014 4:53:03 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/3/2014 7:51:42 PM | Computer Name = Helen-PC | Source = Application Hang | ID = 1002
Description = The program OTL(2).exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 4b0 Start Time:
01cf7f700726c44c Termination Time: 0 Application Path: D:\Users\Helen\Downloads\OTL(2).exe

Report
Id: fe2176ca-eb79-11e3-a614-00224da55db7

Error - 6/3/2014 8:08:23 PM | Computer Name = Helen-PC | Source = Application Hang | ID = 1002
Description = The program OTL(2).exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ac8 Start Time:
01cf7f8820c7ef46 Termination Time: 0 Application Path: D:\Users\Helen\Downloads\OTL(2).exe

Report
Id: 5269b260-eb7c-11e3-a614-00224da55db7

Error - 6/3/2014 9:05:34 PM | Computer Name = Helen-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2014-06-04T01:00:09.837776800Z'
has failed with following error code '2155348020' (%%2155348020). Please review
the event details for a solution, and then rerun the backup operation once the
issue is resolved.

Error - 6/3/2014 9:05:54 PM | Computer Name = Helen-PC | Source = Windows Backup | ID = 4104
Description =

Error - 6/3/2014 9:36:36 PM | Computer Name = Helen-PC | Source = Application Hang | ID = 1002
Description = The program OTL(3).exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: db4 Start Time:
01cf7f90ed3f7247 Termination Time: 16 Application Path: D:\Users\Helen\Downloads\OTL(3).exe

Report
Id: a76e326f-eb88-11e3-a614-00224da55db7

Error - 6/3/2014 10:27:39 PM | Computer Name = Helen-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/3/2014 11:32:31 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/3/2014 10:28:23 AM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 6/3/2014 10:29:04 AM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 6/3/2014 11:42:39 AM | Computer Name = Helen-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:14:48 AM on ?6/?3/?2014 was unexpected.

Error - 6/3/2014 11:43:40 AM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 6/3/2014 4:52:57 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 6/3/2014 4:52:57 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 6/3/2014 4:53:38 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 6/3/2014 11:32:09 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 6/3/2014 11:32:09 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 6/3/2014 11:32:50 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2


< End of report >
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 4th, 2014, 1:08 am

Hello sarasotalady,

Scanned Chrome and Mozilla-- didn't find any evidence of similar products or superfish.
Does it mean that you found something in Internet Explorer?

I asked you to post the OTL.txt log file after fresh OTL scan instead of OTL Extras logfile you posted. Please find and post the proper one!

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 4th, 2014, 9:52 pm

I did a fresh scan of OTL and this is the .txt file that the scan produces and was saved to my desktop. I don't know if this is correct or not-- but this is the only .txt file that shows up.

Regarding internet explorer, I never use IE-- I tried to get to add-ons as you directed but couldn't get to add-ons.


OTL logfile created on: 6/4/2014 8:55:47 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 78.42% Memory free
15.80 Gb Paging File | 14.01 Gb Available in Paging File | 88.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 167.58 Gb Total Space | 125.74 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 469.47 Gb Free Space | 50.40% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/01 21:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Helen\Desktop\OTL.exe
PRC - [2014/05/26 10:38:50 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/04/25 15:24:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/17 09:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/24 01:51:56 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/01/10 23:22:45 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/01/10 23:22:44 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/01/10 23:22:42 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/10 23:22:40 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/11 12:04:49 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/24 01:51:56 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/25 15:24:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/08 14:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV - [2014/05/31 12:26:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 23:20:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2014/02/17 09:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/24 01:51:54 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/01/10 23:22:45 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/10 23:22:44 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/10 23:22:42 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/01/10 23:22:40 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/22 18:24:44 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys -- ({8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64)
DRV:64bit: - [2014/05/22 18:18:00 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys -- ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64)
DRV:64bit: - [2014/05/15 11:45:35 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/15 11:45:35 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/15 11:45:35 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/25 15:24:54 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/25 15:24:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/25 15:24:54 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/25 15:24:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/25 15:24:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/01/03 04:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/19 23:02:16 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/10/19 23:02:12 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/10/19 23:02:06 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/10/19 23:02:04 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/04 12:56:44 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012/06/04 12:56:42 | 000,633,296 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012/06/04 12:56:42 | 000,389,968 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 22:31:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/01/10 22:32:28 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/01/04 15:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 15:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 15:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/11 03:20:44 | 000,316,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/10/24 21:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/24 21:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U218DHP&pc=U218
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB FF 50 41 B8 97 CE 01 [binary data]
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{EDBF88D7-EC4F-4B92-A47C-824F497CE500}: "URL" = http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\FD0FAD4F9D47481695C4FE0023740093: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Helen\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/06/09 22:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/25 15:24:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/12 23:20:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/12 23:20:01 | 000,000,000 | ---D | M]

[2014/06/03 23:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Extensions
[2014/04/25 15:24:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/09 22:37:33 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

========== Chrome ==========

CHR - default_search_provider: Speedial (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Logitech SetPoint = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_1\
CHR - Extension: avast! Online Security = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Google Wallet = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2014/05/30 23:45:09 | 000,000,720 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0EDFBD-D8A3-4117-9408-C35E58D179D1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/05 10:07:44 | 000,002,196 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b26ec2af-cd4c-11e2-a21a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b26ec2af-cd4c-11e2-a21a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\EIProcessCaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/03 11:47:22 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/03 11:47:20 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/03 11:47:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/03 11:47:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/03 11:47:19 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/06/03 11:47:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/06/03 11:47:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/03 11:47:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/03 02:17:27 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/06/03 02:17:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/06/02 11:19:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/02 11:11:42 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/06/02 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\Temp
[2014/06/02 11:00:23 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/01 21:21:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Helen\Desktop\OTL.exe
[2014/06/01 01:03:18 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys
[2014/05/31 13:14:27 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\Adobe
[2014/05/31 12:31:07 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2014/05/31 12:31:07 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2014/05/31 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\CrashDumps
[2014/05/31 12:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/05/31 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\PC_Drivers_Headquarters
[2014/05/31 12:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/05/31 12:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/05/31 12:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/05/30 22:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/05/30 22:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/05/30 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/05/30 22:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/05/30 22:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/05/30 22:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/05/30 22:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/05/30 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/05/30 22:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/05/30 22:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/05/30 02:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/05/30 02:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/05/30 01:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/29 14:26:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/28 23:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2014/05/28 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\Anvisoft
[2014/05/28 23:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2014/05/26 23:52:08 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
[2014/05/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 22:39:06 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 22:39:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 22:39:02 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 22:39:01 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 22:39:01 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 22:39:01 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 22:39:01 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 22:39:01 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 22:39:01 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 22:39:00 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 22:39:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 22:39:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 22:39:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 22:39:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 22:39:00 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 22:39:00 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 22:39:00 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 22:39:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 22:39:00 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 22:39:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 22:39:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 22:39:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 22:39:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 22:39:00 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 22:39:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/12 23:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 12:59:13 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

========== Files - Modified Within 30 Days ==========

[2014/06/04 20:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 20:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/04 16:24:07 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 16:24:07 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 16:21:11 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/04 16:21:11 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/04 16:21:11 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/04 16:16:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/04 16:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/04 00:10:58 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/03 02:13:51 | 000,001,441 | ---- | M] () -- C:\Users\Helen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/02 11:00:23 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/06/01 21:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Helen\Desktop\OTL.exe
[2014/06/01 21:17:33 | 001,327,971 | ---- | M] () -- D:\Users\Helen\Desktop\adwcleaner_3.211.exe
[2014/05/31 12:31:01 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2014/05/31 12:31:01 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2014/05/31 12:26:14 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/31 12:26:14 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/31 12:25:27 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/05/31 12:23:16 | 000,000,701 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/30 23:48:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/30 23:45:09 | 000,000,720 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/30 22:27:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/30 00:06:32 | 000,309,180 | ---- | M] () -- D:\Users\Helen\Documents\training_seniors_mounsey.pdf
[2014/05/22 18:24:44 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys
[2014/05/22 18:18:00 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
[2014/05/22 00:04:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/15 11:45:35 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/15 11:45:35 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/15 11:45:35 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/15 01:36:10 | 000,000,258 | RHS- | M] () -- C:\Users\Helen\ntuser.pol
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014/06/03 02:13:51 | 000,001,447 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/03 02:13:51 | 000,001,441 | ---- | C] () -- C:\Users\Helen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/03 02:13:51 | 000,001,413 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/06/02 11:11:43 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/05/31 13:11:21 | 001,327,971 | ---- | C] () -- D:\Users\Helen\Desktop\adwcleaner_3.211.exe
[2014/05/31 12:25:27 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/05/30 22:27:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/30 22:26:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/05/30 02:01:11 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/30 00:06:32 | 000,309,180 | ---- | C] () -- D:\Users\Helen\Documents\training_seniors_mounsey.pdf
[2014/04/10 12:26:25 | 000,000,000 | ---- | C] () -- C:\Users\Helen\defogger_reenable
[2014/03/23 20:14:31 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/18 00:22:19 | 000,000,109 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\WB.CFG
[2014/03/17 17:04:06 | 000,249,863 | ---- | C] () -- C:\ProgramData\1395090207.bdinstall.bin
[2014/02/27 02:39:53 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/25 17:55:25 | 000,007,666 | ---- | C] () -- C:\Users\Helen\AppData\Local\Resmon.ResmonCfg
[2013/09/21 22:07:00 | 000,000,258 | RHS- | C] () -- C:\Users\Helen\ntuser.pol
[2013/08/09 15:15:59 | 000,522,082 | ---- | C] () -- C:\ProgramData\1376075608.bdinstall.bin
[2013/08/09 13:46:03 | 000,241,070 | ---- | C] () -- C:\ProgramData\1376070227.bdinstall.bin
[2013/06/10 13:38:13 | 000,484,278 | ---- | C] () -- C:\ProgramData\1370885629.bdinstall.bin
[2013/06/07 12:49:40 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2013/06/07 12:49:34 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll
[2013/06/07 12:08:00 | 000,006,902 | ---- | C] () -- C:\Windows\hplj1320.ini
[2013/06/04 15:35:47 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/06/04 13:08:30 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/06/04 13:08:30 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :Commands >

< >

< :OTL >

< IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC >

< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC >

< IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{67EC6999-123C-4AC8-87F8-E525AE035CFE}: "URL" = http://search.yahoo.com/search?p= {searchTerms}&fr=tightropetb&type=10741 >

< IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{B5874762-543C-4D24-9173-7D0A3A9CC8C9}: "URL" = http://www.bing.com/search?FORM=U220DF& ... 220&q= {searchTerms}&src=IE-SearchBox >

< [2013/06/04 15:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Extensions >
Invalid Switch: 04 15:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Extensions

< [2014/06/01 14:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions >
Invalid Switch: 01 14:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions

< [2014/05/31 12:25:28 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} >

< [2014/05/18 14:48:12 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi >
Invalid Switch: 18 14:48:12 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi

< [2014/06/01 14:08:57 | 000,009,022 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi >
Invalid Switch: 01 14:08:57 | 000,009,022 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi

< [2014/05/01 13:38:16 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi >
Invalid Switch: 01 13:38:16 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

< [2014/05/12 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions >
Invalid Switch: 12 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

< CHR - default_search_provider: search_url = http://speedial.com/results.php?f=4&q= {searchTerms}&a=spd_dnldstr_14_22_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByE0D0AyDyD0D0ByByBzy0B0EtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAtByEyE0EtAzytGzytA0ByCtGyEyByDyDtG0D0C0DyBtGyCyByD0AyEyB0EyBtBtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzyzyzzyB0A0AtGzyyCzyyBtG0B0FyDyBtGyDtAzy0DtGyEtC0AzzyDyE0CzztDyEzytB2Q&cr=2143485961&ir= >
Invalid Switch: results.php?f=4&q= {searchTerms}&a=spd_dnldstr_14_22_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByE0D0AyDyD0D0ByByBzy0B0EtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAtByEyE0EtAzytGzytA0ByCtGyEyByDyDtG0D0C0DyBtGyCyByD0AyEyB0EyBtBtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzyzyzzyB0A0AtGzyyCzyyBtG0B0FyDyBtGyDtAzy0DtGyEtC0AzzyDyE0CzztDyEzytB2Q&cr=2143485961&ir=

< O2 - BHO: (Rock Turner) - {527b365c-1bd3-4a66-906f-8729805ce78c} - C:\Program Files (x86)\Rock Turner\RockTurnerBHO.dll (Rock Turner) >

< O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found. >

< O3 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\Toolbar\WebBrowser: (no name) - {870BD786-09A0-440D-ADB7-8F2ABE9B7845} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd) >

< O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) >

< [2013/07/02 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\webex >
Invalid Switch: 02 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\webex

< [2013/06/09 22:37:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech >
Invalid Switch: 09 22:37:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech

< >

< :Reg >

< Searching for "AskToolbar" >

< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] >

< "XMLUrl"=- >

< [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] >

< "XMLUrl"=- >

< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search] >

< "DefaultActivity"=- >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] >

< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute] >

< "Action"=- >

< [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview] >

< "Action"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\preferences\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\temp\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\content\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\skin\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] >

< "D:\FIND_MOZ_EXT\toolbar@ask.com\searchplugins\"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] >

< "A28B4D68DEBAA244EB686953B7074FEF"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775] >

< "A28B4D68DEBAA244EB686953B7074FEF"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907] >

< "A28B4D68DEBAA244EB686953B7074FEF"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011] >

< "A28B4D68DEBAA244EB686953B7074FEF"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720] >

< "A28B4D68DEBAA244EB686953B7074FEF"=- >

< [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search] >

< "DefaultActivity"=- >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] >

< [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute] >

< "Action"=- >

< [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview] >

< "Action"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] >

< "DllName"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] >

< "DllName"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] >

< "DllName"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] >

< "DllName"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] >

< "DllName"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] >

< "DllName"=- >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com] >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com] >

< [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com] >

< [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com] >

< [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com] >

< [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com] >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru] >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru] >

< [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru] >

< [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru] >

< [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru] >

< [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru] >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}] >

< "DllName"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}] >

< "DllName"=- >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com] >

< [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com] >

< [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com] >

< [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com] >

< [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com] >

< [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com] >

< [-HKEY_CURRENT_USER\Software\Trolltech] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trolltech] >

< [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech] >

< >

< :Files >

< C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico >

< C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml >

< C:\Program Files (x86)\*.tmp >

< C:\Windows\*.tmp >

< @C:\ProgramData\TEMP:373E1720 >

< >

< :Commands >

< [emptytemp] >

< End of report >
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 5th, 2014, 11:03 am

Hello sarasotalady,

Step 1.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ESETScan.txt log file
  3. Contents of a OTL.txt log file after OTL fresh scan
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 5th, 2014, 4:05 pm

Am having problems running ESET Online Scanner. It's been running for 1 hour 49 minutes ; stopped at 67% for 30 minutes. I've put in all the settings you wanted and disabled avast antivirus. I Installing the utility for Firefox before the scan took 1 hour, and the scan itself is taking almost 2 hours and doesn't seem to be going anywhere. Any ideas on how i can accelerate the scan?ld ? if not, I'll have to run it and then go to bed. I wanted to be done with this today, but guess the saga will have to continue tomorrow. Getting discouraged.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 5th, 2014, 4:21 pm

Hello sarasotalady,

It's been running for 1 hour 49 minutes ; stopped at 67% for 30 minutes.
It is normal and may be much much longer. It depends on size of your hard drive, number of files, registry size, etc.
I Installing the utility for Firefox before the scan took 1 hour, and the scan itself is taking almost 2 hours and doesn't seem to be going anywhere.
Actually, the ESET has two phases - firstly it downloaded database and other specific stuff to be independent from your system and then it run the scan itself. I personally run ESET scan on my own computer during more than 6 hours and guess that there is no limits.
Any ideas on how i can accelerate the scan?
It is not possible - please be patient!
I wanted to be done with this today, but guess the saga will have to continue tomorrow. Getting discouraged.
Nobody can estimate time is needed for infection treatment... Sorry!

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 5th, 2014, 5:48 pm

OK, thanks. Now I understand. Will have to run it later tonight since i can't use my computer while scan is working. will have results tomorrow.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 6th, 2014, 9:37 am

C:\AdwCleaner\Quarantine\C\Users\Helen\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
C:\Users\Helen\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\Installer\85d02.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\zoek_backup\C_Users_Helen_TodoBackup.exe.vir a variant of Win32/TFTPD32.A potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-06 120555\Backup Files 2013-07-06 120555\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-09 000546\Backup Files 2013-07-09 000546\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-11 210003\Backup Files 2013-07-11 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-14 210000\Backup Files 2013-07-14 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-17 210000\Backup Files 2013-07-17 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-20 210003\Backup Files 2013-07-20 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-22 210003\Backup Files 2013-07-22 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-24 210003\Backup Files 2013-07-24 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-27 210000\Backup Files 2013-07-27 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-30 210000\Backup Files 2013-07-30 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-03 134318\Backup Files 2013-08-03 134318\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-04 210000\Backup Files 2013-08-04 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-07 210003\Backup Files 2013-08-07 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-10 210003\Backup Files 2013-08-10 210003\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-15 210003\Backup Files 2013-08-15 210003\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-21 210001\Backup Files 2013-08-21 210001\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-24 210001\Backup Files 2013-08-24 210001\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-26 210001\Backup Files 2013-08-26 210001\Backup files 3.zip multiple threats
D:\HELEN-PC\Backup Set 2013-08-26 210001\Backup Files 2013-08-26 210001\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-28 210000\Backup Files 2013-08-28 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-30 210003\Backup Files 2013-08-30 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-01 210003\Backup Files 2013-09-01 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-03 210003\Backup Files 2013-09-03 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-05 210003\Backup Files 2013-09-05 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-05 210003\Backup Files 2013-09-06 210003\Backup files 2.zip JS/Kryptik.ALB trojan
D:\HELEN-PC\Backup Set 2013-09-07 210003\Backup Files 2013-09-07 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-09 210000\Backup Files 2013-09-09 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-11 210003\Backup Files 2013-09-11 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-14 224459\Backup Files 2013-09-14 224459\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-17 000033\Backup Files 2013-09-17 000033\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-18 210003\Backup Files 2013-09-18 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-20 210000\Backup Files 2013-09-20 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-22 210003\Backup Files 2013-09-22 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-25 223230\Backup Files 2013-09-25 223230\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-27 210003\Backup Files 2013-09-27 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-29 210000\Backup Files 2013-09-29 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-02 210003\Backup Files 2013-10-02 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-05 210003\Backup Files 2013-10-05 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-08 210003\Backup Files 2013-10-08 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-11 210000\Backup Files 2013-10-11 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-14 210000\Backup Files 2013-10-14 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-17 210000\Backup Files 2013-10-17 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-19 210000\Backup Files 2013-10-19 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-21 210000\Backup Files 2013-10-21 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-26 020706\Backup Files 2013-10-26 020706\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-28 210003\Backup Files 2013-10-28 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-31 210000\Backup Files 2013-10-31 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-05 210003\Backup Files 2013-11-05 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-08 210003\Backup Files 2013-11-08 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-10 210000\Backup Files 2013-11-10 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-13 210003\Backup Files 2013-11-13 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-16 210002\Backup Files 2013-11-16 210002\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-20 210003\Backup Files 2013-11-20 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-23 210003\Backup Files 2013-11-23 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-26 210003\Backup Files 2013-11-26 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-29 210001\Backup Files 2013-11-29 210001\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-12-02 210003\Backup Files 2013-12-02 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-12-05 210000\Backup Files 2013-12-05 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2014-01-25 210000\Backup Files 2014-01-25 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-01-29 210000\Backup Files 2014-01-29 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-01 210000\Backup Files 2014-02-01 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-03 210000\Backup Files 2014-02-03 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-06 210003\Backup Files 2014-02-06 210003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-09 210003\Backup Files 2014-02-09 210003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-09 210003\Backup Files 2014-02-10 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-11 095447\Backup Files 2014-02-11 095447\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-13 233521\Backup Files 2014-02-13 233521\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-15 210000\Backup Files 2014-02-15 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-18 210000\Backup Files 2014-02-18 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-21 210003\Backup Files 2014-02-21 210003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-24 210000\Backup Files 2014-02-24 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-03-18 210003\Backup Files 2014-03-18 210003\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-18 210003\Backup Files 2014-03-19 210000\Backup files 1.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-22 210003\Backup Files 2014-03-22 210003\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-26 210000\Backup Files 2014-03-26 210000\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-31 213540\Backup Files 2014-03-31 213540\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-04-03 210003\Backup Files 2014-04-03 210003\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-04-06 221152\Backup Files 2014-04-06 221152\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-04-06 221152\Backup Files 2014-04-06 221152\Backup files 5.zip a variant of MSIL/Adware.StrongVault.A application
D:\MGtools\Process.exe Win32/PrcView potentially unsafe application
D:\old backups\Helen\Application Data\AVG\Rescue\PC Tuneup 2011\120511025201343.rsc multiple threats
D:\old backups\Helen\My Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\old backups\Helen\My Documents\Downloads\DuplicateCleaner_setup.exe Win32/OpenCandy potentially unsafe application
D:\Old_C\Documents and Settings\Owner\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy potentially unsafe application
D:\Old_C\old_C\Tools\RogueScanFix.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\smitRem.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\VirtumundoBeGone.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\SmitfraudFix\Process.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\SmitfraudFix\restart.exe Win32/Shutdown.NAA potentially unsafe application
D:\Old_C\Program Files\Ammyy\Ammyy_Admin_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application
D:\Users\Helen\Desktop\TodoBackup.exe a variant of Win32/TFTPD32.A potentially unsafe application
D:\Users\Helen\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Users\Helen\Downloads\TodoBackup.exe a variant of Win32/TFTPD32.A potentially unsafe application
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 6th, 2014, 9:43 am

Have sent you resuolts of ESETScan in previous reply. Here is the OTL.txt C:\AdwCleaner\Quarantine\C\Users\Helen\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
C:\Users\Helen\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\Installer\85d02.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\zoek_backup\C_Users_Helen_TodoBackup.exe.vir a variant of Win32/TFTPD32.A potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-06 120555\Backup Files 2013-07-06 120555\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-09 000546\Backup Files 2013-07-09 000546\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-11 210003\Backup Files 2013-07-11 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-14 210000\Backup Files 2013-07-14 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-17 210000\Backup Files 2013-07-17 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-20 210003\Backup Files 2013-07-20 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-22 210003\Backup Files 2013-07-22 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-24 210003\Backup Files 2013-07-24 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-27 210000\Backup Files 2013-07-27 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-07-30 210000\Backup Files 2013-07-30 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-03 134318\Backup Files 2013-08-03 134318\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-04 210000\Backup Files 2013-08-04 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-07 210003\Backup Files 2013-08-07 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-10 210003\Backup Files 2013-08-10 210003\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-15 210003\Backup Files 2013-08-15 210003\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-21 210001\Backup Files 2013-08-21 210001\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-24 210001\Backup Files 2013-08-24 210001\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-26 210001\Backup Files 2013-08-26 210001\Backup files 3.zip multiple threats
D:\HELEN-PC\Backup Set 2013-08-26 210001\Backup Files 2013-08-26 210001\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-28 210000\Backup Files 2013-08-28 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-08-30 210003\Backup Files 2013-08-30 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-01 210003\Backup Files 2013-09-01 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-03 210003\Backup Files 2013-09-03 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-05 210003\Backup Files 2013-09-05 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-05 210003\Backup Files 2013-09-06 210003\Backup files 2.zip JS/Kryptik.ALB trojan
D:\HELEN-PC\Backup Set 2013-09-07 210003\Backup Files 2013-09-07 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-09 210000\Backup Files 2013-09-09 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-11 210003\Backup Files 2013-09-11 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-14 224459\Backup Files 2013-09-14 224459\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-17 000033\Backup Files 2013-09-17 000033\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-18 210003\Backup Files 2013-09-18 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-20 210000\Backup Files 2013-09-20 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-22 210003\Backup Files 2013-09-22 210003\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-25 223230\Backup Files 2013-09-25 223230\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-27 210003\Backup Files 2013-09-27 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-09-29 210000\Backup Files 2013-09-29 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-02 210003\Backup Files 2013-10-02 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-05 210003\Backup Files 2013-10-05 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-08 210003\Backup Files 2013-10-08 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-11 210000\Backup Files 2013-10-11 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-14 210000\Backup Files 2013-10-14 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-17 210000\Backup Files 2013-10-17 210000\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-19 210000\Backup Files 2013-10-19 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-21 210000\Backup Files 2013-10-21 210000\Backup files 3.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-26 020706\Backup Files 2013-10-26 020706\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-28 210003\Backup Files 2013-10-28 210003\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-10-31 210000\Backup Files 2013-10-31 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-05 210003\Backup Files 2013-11-05 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-08 210003\Backup Files 2013-11-08 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-10 210000\Backup Files 2013-11-10 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-13 210003\Backup Files 2013-11-13 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-16 210002\Backup Files 2013-11-16 210002\Backup files 4.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-20 210003\Backup Files 2013-11-20 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-23 210003\Backup Files 2013-11-23 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-26 210003\Backup Files 2013-11-26 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-11-29 210001\Backup Files 2013-11-29 210001\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-12-02 210003\Backup Files 2013-12-02 210003\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2013-12-05 210000\Backup Files 2013-12-05 210000\Backup files 5.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\HELEN-PC\Backup Set 2014-01-25 210000\Backup Files 2014-01-25 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-01-29 210000\Backup Files 2014-01-29 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-01 210000\Backup Files 2014-02-01 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-03 210000\Backup Files 2014-02-03 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-06 210003\Backup Files 2014-02-06 210003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-09 210003\Backup Files 2014-02-09 210003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-09 210003\Backup Files 2014-02-10 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-11 095447\Backup Files 2014-02-11 095447\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-13 233521\Backup Files 2014-02-13 233521\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-15 210000\Backup Files 2014-02-15 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-18 210000\Backup Files 2014-02-18 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-21 210003\Backup Files 2014-02-21 210003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-02-24 210000\Backup Files 2014-02-24 210000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\HELEN-PC\Backup Set 2014-03-18 210003\Backup Files 2014-03-18 210003\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-18 210003\Backup Files 2014-03-19 210000\Backup files 1.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-22 210003\Backup Files 2014-03-22 210003\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-26 210000\Backup Files 2014-03-26 210000\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-03-31 213540\Backup Files 2014-03-31 213540\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-04-03 210003\Backup Files 2014-04-03 210003\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-04-06 221152\Backup Files 2014-04-06 221152\Backup files 2.zip a variant of Win32/DealPly.O potentially unwanted application
D:\HELEN-PC\Backup Set 2014-04-06 221152\Backup Files 2014-04-06 221152\Backup files 5.zip a variant of MSIL/Adware.StrongVault.A application
D:\MGtools\Process.exe Win32/PrcView potentially unsafe application
D:\old backups\Helen\Application Data\AVG\Rescue\PC Tuneup 2011\120511025201343.rsc multiple threats
D:\old backups\Helen\My Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\old backups\Helen\My Documents\Downloads\DuplicateCleaner_setup.exe Win32/OpenCandy potentially unsafe application
D:\Old_C\Documents and Settings\Owner\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy potentially unsafe application
D:\Old_C\old_C\Tools\RogueScanFix.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\smitRem.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\VirtumundoBeGone.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\SmitfraudFix\Process.exe Win32/PrcView potentially unsafe application
D:\Old_C\old_C\Tools\SmitfraudFix\restart.exe Win32/Shutdown.NAA potentially unsafe application
D:\Old_C\Program Files\Ammyy\Ammyy_Admin_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application
D:\Users\Helen\Desktop\TodoBackup.exe a variant of Win32/TFTPD32.A potentially unsafe application
D:\Users\Helen\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Users\Helen\Downloads\TodoBackup.exe a variant of Win32/TFTPD32.A potentially unsafe



Please include in your next reply:

Do you have any problems executing the instructions? Only that I didn't realize in the beginning how long the ESETScan would take-- in my case 4+ hours . Suggest you note that possibility in your instructions .
Contents of the ESETScan.txt log file Done-- previous reply
Contents of a OTL.txt log file after OTL fresh scan -- Done -- in this message
Do you see any changes in computer behavior? Haven't been able to check. Will be away all day. Can check later this evening.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 6th, 2014, 4:06 pm

Hello sarasotalady,

Will have to run it later tonight since i can't use my computer while scan is working.
I would like to note, that any scans as well as any fixes should be done alone. User cannot use the computer for any reason until scan/fix will be finished. Otherwise the results may be even catastrophic in some cases or information received will be incorrect or compromised.
Have sent you resuolts of ESETScan in previous reply. Here is the OTL.txt
Contents of the ESETScan.txt log file Done-- previous reply
Contents of a OTL.txt log file after OTL fresh scan -- Done -- in this message
Unfortunately, you were wrong again and instead of OTL.txt you posted ESET results twice.

The ZOEK Auto Clean found some infection inside of TodoBackup.exe which is a part of EaseUS Todo Backup Free 5.3 program and deleted it. It means that EasyUS Todo Backup should be completely uninstalled and then reinstall from the fresh downloaded copy if you like this program and going to keep using it.

Right now most of the files that are marked by ESET scanner are elements of your incremental backup system and probably contain a real infections. My opinion is that potentially infected files, especially inside of backup must be removed, but the final decision is yours. I could recommend to delete the whole backup and start the new fresh one after I will state that your computer is clean - it will be a good starting point.

Please let me know your decision.

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll
D:\Users\Helen\Downloads\TodoBackup.exe
C:\Users\Helen\Downloads\CuteWriter.exe
C:\Windows\Installer\85d02.msi
C:\Windows\System32\Adobe\Shockwave 11\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe
D:\MGtools\Process.exe



Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answer for my question about backup.
  3. The resulting web links after online file scan by Virus Total or Jotti.
  4. The most recent OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 6th, 2014, 8:25 pm

Dear pgmigg,

I was very careful to take the OTL.txt scan results, selected all, and saved them to my desktop. I labeled the results with today's date so I wouldn't copy an earlier file. I pasted the file with today's date into my response. I don't know why a duplicate ESET file showed up. I can try to post the OTL text again-- let me know. .

I assure you I did not touch my computer while the scans or fixes are running-- don't know why you think otherwise. . I ran the ESET scan overnight while I was sleeping.

I use the EasyUstodo program for backing up my files to an external hard drive. I'm OK with deleting the program from my PC. I have the program on a travel drive. -how can I scan the travel drive to be sure I'm not reinfecting my PC when I re-install EasyUSTodo.

I'm willing to delete all backups that exist on my PC hard drive. Just tell me what to do. Once you say my PC is clean, I'll do a backup to my external hard drive.

Will run the next scans later this evening. Will any of them take a long time?
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware