Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't delete "Similar products popup" + other adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » May 31st, 2014, 2:32 am

Over the past few weeks, I notice that I'm getting a popup labeled "similar products" along with other advertising on websites. . I've run various malware removal programs, including Malware bytes, junkware removal, hitman pro, tdsskiller and roguekiller, but nothing works. They are somewhat annoying, but I'm more concerned that they are malware infecting my computer. Are these popups malware ? I've run the diagnostics just in case:

This forum was a great help to me in the past, and I trust your advice. Many thanks for your help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Helen at 2:16:41 on 2014-05-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8092.5919 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <-loopback>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{CA0EDFBD-D8A3-4117-9408-C35E58D179D1} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Helen\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-11 208416]
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2014-4-12 58952]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2014-4-12 48200]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-4 16152]
R1 {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64;{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64;C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys [2014-5-26 61120]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-4-11 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-4-11 423240]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2014-4-12 18504]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2014-4-12 189000]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-6-4 389968]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-11 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-4-11 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-25 50344]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2014-4-12 69192]
R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2014-4-12 23624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-4 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-6-4 128280]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-6-4 189608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-6-4 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-4 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-4 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-4 171416]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-17 4915040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-6-4 363800]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-4 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-4 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-4 786200]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-24 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-24 213504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-10 119512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-4 1255736]
.
=============== Created Last 30 ================
.
2014-05-31 02:48:14 -------- d-----w- C:\ProgramData\RogueKiller
2014-05-31 02:27:17 -------- d-----w- C:\Program Files\iPod
2014-05-31 02:27:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-31 02:27:16 -------- d-----w- C:\Program Files\iTunes
2014-05-31 02:27:16 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-31 02:26:41 -------- d-----w- C:\Program Files\Bonjour
2014-05-31 02:26:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-05-31 01:03:08 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{498A0B34-F6B0-4055-91D0-ECFB95FDE923}\mpengine.dll
2014-05-30 06:01:09 -------- d-----w- C:\Program Files\CCleaner
2014-05-30 05:34:21 -------- d-----w- C:\Program Files (x86)\ESET
2014-05-29 18:26:19 -------- d-----w- C:\Windows\ERUNT
2014-05-29 03:32:38 -------- d-----w- C:\Users\Helen\AppData\Local\Anvisoft
2014-05-29 03:32:38 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-05-27 03:52:08 61120 ----a-w- C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-05-13 03:20:04 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-06 16:59:13 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-03 02:31:58 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 02:31:58 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
.
==================== Find3M ====================
.
2014-05-31 02:28:59 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-15 15:45:35 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 15:45:35 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-14 03:43:18 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:43:18 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-25 19:24:54 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-25 19:24:54 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-25 19:24:54 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-25 19:24:54 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-25 19:24:54 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-25 19:24:54 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 16:49:20 344064 --sha-w- C:\EUMONBMP.SYS
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-03 13:51:16 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-03 13:51:04 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 13:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-17 21:04:06 249863 ----a-w- C:\ProgramData\1395090207.bdinstall.bin
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2013 1:05:35 PM
System Uptime: 5/31/2014 2:10:35 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DZ77BH-55K
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | SOCKET 0 | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 168 GiB total, 119.142 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 470.225 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP479: 5/24/2014 10:49:41 PM - Windows Backup
RP480: 5/25/2014 9:00:12 PM - Windows Backup
RP481: 5/26/2014 9:00:19 PM - Windows Backup
RP482: 5/26/2014 10:19:08 PM - Installed Google Earth.
RP483: 5/27/2014 9:00:14 PM - Windows Backup
RP484: 5/28/2014 10:30:03 PM - Removed Bonjour
RP485: 5/28/2014 10:30:38 PM - Removed Apple Mobile Device Support
RP486: 5/28/2014 10:36:30 PM - Windows Backup
RP487: 5/28/2014 11:39:39 PM - Removed Google Earth.
RP488: 5/29/2014 2:05:00 PM - Removed iTunes
RP489: 5/29/2014 9:01:04 PM - Windows Backup
RP490: 5/30/2014 12:46:59 AM - Removed Apple Application Support
RP491: 5/30/2014 12:47:26 AM - Removed Apple Software Update
RP492: 5/30/2014 12:48:14 AM - Removed iTunes
RP493: 5/30/2014 1:26:46 AM - Removed Microsoft Silverlight
RP494: 5/30/2014 9:00:18 PM - Windows Backup
RP495: 5/30/2014 9:02:37 PM - Windows Update
RP496: 5/30/2014 10:27:01 PM - Installed iTunes
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CCleaner
Cisco WebEx Meetings
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EaseUS Todo Backup Free 5.3
eReg
ESET Online Scanner v3
Google Chrome
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.8.46.0
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Update Manager
Intel® SSD Toolbox
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Logitech SetPoint 6.52
Malwarebytes Anti-Malware version 2.0.1.1004
marvell 91xx driver
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OverDrive Media Console
Paragon Backup & Recovery™ 2012 Free
Photo Common
Photo Gallery
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Sansa Updater
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Spybot - Search & Destroy
swMSM
TeamViewer 9
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
5/31/2014 2:11:54 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
5/31/2014 2:11:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
5/31/2014 2:11:13 AM, Error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2014 1:46:43 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/31/2014 1:46:43 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================








.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am
Advertisement
Register to Remove

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » May 31st, 2014, 10:15 pm

Hello sarasotalady,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 1st, 2014, 12:27 am

Hello sarasotalady,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    eReg
    Spybot - Search & Destroy
    Java 7 Update 51
    Java Auto Updater
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 1st, 2014, 1:07 am

Appreciate your help. Will work on this tomorrow.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 1st, 2014, 1:30 pm

Hi pgmigg,
System restore points have been made successfully. The value you provided, appwiz.cpl , just took me to my control Panel. I went to the section for "uninstall or change program" -- couldn't find eReg, Java7Update51 (only Update 10), or JavaAuto Updater. For spybot, is this a permanent deletion? If so, please explain why?

Is there another place I can go to delete the 3 items I can't see?

Again, many thanks for your time.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 1st, 2014, 3:50 pm

Hello sarasotalady,

I went to the section for "uninstall or change program" -- couldn't find eReg, Java7Update51 (only Update 10), or JavaAuto Updater.
It is OK that you could not find listed programs. Please uninstall all Java Updates you can see. Your Java is out of date but we will deal with it at the end of our treatment.

For spybot, is this a permanent deletion? If so, please explain why?
Actually, your computer must have a different protection programs, but only one of each species - one antivirus, one firewall, one antimalware searcher, etc. Your current list of active defense software is:
  1. AV: avast! Antivirus *Enabled/Updated*
  2. SP: Windows Defender *Enabled/Updated*
  3. SP: Spybot - Search and Destroy *Enabled/Updated*
  4. SP: avast! Antivirus *Enabled/Updated*
It means that you have one antivirus and three spyware protection programs - the many does not mean good!
The Avast it is an excellent choice - I use the same personally. The Avast itself is a combination of tools and works well in both incarnations as an AV and as a SP.
The Windows Defender is a good tool from Windows itself.
The Spybot Search & Destroy is extra one, it is much worse than two other, and not needed. Also it will be much easier for me to treat your computer with minimum set of defense program installed. Anyway, you can reinstall the Spybot Search & Destroy after if you would like to keep it.

Is there another place I can go to delete the 3 items I can't see?
No. Please proceed to steps with scans after you remove what can be removed...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 1st, 2014, 9:39 pm

Ppgmigg,

Have deleted Spybot and Java update 10-- the only Java I see.
Downloaded and ran Adwcleaner . Here's the log # AdwCleaner v3.211 - Report created 01/06/2014 at 21:18:50
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Helen - HELEN-PC
# Running from : D:\Users\Helen\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\prefs.js ]

Line Deleted : user_pref("extensions.{E68155BA-066F-4CC9-B128-4A2627664264}.IGiveButton_v8_domain_cache", "[\"100percentpure.com\",\"101phones.com\",\"123inkjets.com\",\"123print.com\",\"1800baskets.com\",\"1800flow[...]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [10538 octets] - [07/12/2013 14:45:22]
AdwCleaner[R10].txt - [2146 octets] - [09/01/2014 01:50:22]
AdwCleaner[R11].txt - [2746 octets] - [22/02/2014 21:42:54]
AdwCleaner[R12].txt - [3438 octets] - [06/04/2014 22:53:04]
AdwCleaner[R13].txt - [3708 octets] - [20/04/2014 19:10:20]
AdwCleaner[R14].txt - [3006 octets] - [30/04/2014 13:33:06]
AdwCleaner[R15].txt - [2537 octets] - [30/04/2014 13:37:44]
AdwCleaner[R16].txt - [4178 octets] - [29/05/2014 14:19:31]
AdwCleaner[R17].txt - [3003 octets] - [30/05/2014 00:26:03]
AdwCleaner[R18].txt - [2905 octets] - [30/05/2014 01:53:19]
AdwCleaner[R19].txt - [7828 octets] - [31/05/2014 13:11:48]
AdwCleaner[R1].txt - [11143 octets] - [07/12/2013 14:49:40]
AdwCleaner[R20].txt - [4156 octets] - [01/06/2014 21:18:10]
AdwCleaner[R2].txt - [958 octets] - [07/12/2013 14:53:10]
AdwCleaner[R3].txt - [1297 octets] - [10/12/2013 01:06:10]
AdwCleaner[R4].txt - [1357 octets] - [10/12/2013 01:09:25]
AdwCleaner[R5].txt - [1256 octets] - [10/12/2013 01:28:23]
AdwCleaner[R6].txt - [1600 octets] - [24/12/2013 01:39:43]
AdwCleaner[R7].txt - [1500 octets] - [24/12/2013 01:47:15]
AdwCleaner[R8].txt - [1964 octets] - [01/01/2014 00:20:32]
AdwCleaner[R9].txt - [2144 octets] - [09/01/2014 01:50:12]
AdwCleaner[S0].txt - [11173 octets] - [07/12/2013 14:50:05]
AdwCleaner[S10].txt - [3802 octets] - [20/04/2014 19:12:02]
AdwCleaner[S11].txt - [3082 octets] - [30/04/2014 13:34:00]
AdwCleaner[S12].txt - [2599 octets] - [30/04/2014 13:38:15]
AdwCleaner[S13].txt - [4264 octets] - [29/05/2014 14:20:17]
AdwCleaner[S14].txt - [3067 octets] - [30/05/2014 00:26:29]
AdwCleaner[S15].txt - [2967 octets] - [30/05/2014 01:53:36]
AdwCleaner[S16].txt - [7739 octets] - [31/05/2014 13:12:15]
AdwCleaner[S17].txt - [3550 octets] - [01/06/2014 21:18:50]
AdwCleaner[S1].txt - [1018 octets] - [07/12/2013 14:54:59]
AdwCleaner[S2].txt - [1420 octets] - [10/12/2013 01:15:30]
AdwCleaner[S3].txt - [1318 octets] - [10/12/2013 01:32:58]
AdwCleaner[S4].txt - [1663 octets] - [24/12/2013 01:41:11]
AdwCleaner[S5].txt - [1561 octets] - [24/12/2013 01:48:13]
AdwCleaner[S6].txt - [2027 octets] - [01/01/2014 00:21:19]
AdwCleaner[S7].txt - [2208 octets] - [09/01/2014 01:52:03]
AdwCleaner[S8].txt - [2715 octets] - [22/02/2014 21:43:39]
AdwCleaner[S9].txt - [3493 octets] - [06/04/2014 22:53:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S17].txt - [4151 octets] ##########

Downloaded OTL but it froze on "scanning firefox settings " Task Manager says OTL wasn't responding. Tried several times but it didn't complete scan, so have no logs.

Checked a few websites where "Similar Products " showed up-- no more "Similar products," but now have adware from "Rock Turner" and "Speedial" -- they also show up as add-ons to firefox. I've disabled them and will restart computer after sending this message.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 1st, 2014, 9:49 pm

Update: Similar Products still shows up-- this time on Amazon.
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 1st, 2014, 11:37 pm

Ppgmigg,

Update-- I just let OTL run and forgot about it-- when I returned, it had completed its scan and left the 2 logs. Here they are:

1. Extras.txt
OTL Extras logfile created on: 6/1/2014 11:26:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 73.35% Memory free
15.80 Gb Paging File | 13.55 Gb Available in Paging File | 85.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 167.58 Gb Total Space | 119.55 Gb Free Space | 71.34% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 473.08 Gb Free Space | 50.79% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C55B04-5B10-471F-BEB4-95315F150395}" = lport=137 | protocol=17 | dir=in | app=system |
"{1AE94EC8-2E8D-4B26-B162-2A02F30C66A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D2164BA-C34B-414F-8E2B-6EC26867D495}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BFD7FDE-4DD1-4193-9FC9-252FBF894697}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{407930D2-033E-48D9-98E5-7808D26433F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{5304A2F8-412B-4688-9839-697BFB328312}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{5D3053F1-D3DB-45B4-8402-405C70BE44E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{689A9C32-9E1F-4E99-B127-67305CF79E77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{721E90AF-BFCB-4F21-BECC-309C45C07062}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{7AB8AFC1-4A3A-4FED-9A72-F56117D57B4E}" = rport=137 | protocol=17 | dir=out | app=system |
"{8572FEB5-7C98-4669-82A5-21695D00D4EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D32AAEA-96FA-4A47-A8D1-0EBCBC2EBFCC}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6404726-96DD-4E59-981F-8C6A4574FEAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA0320BF-A1BD-4F6B-A7F5-81C1952EF3F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD59D52C-07C4-481D-AA9C-CE9B11300F1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E0653877-7CCC-46C7-8534-B8B4D1008036}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AB5F4A-1D5A-4890-997C-1F3ABEC71923}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{076212AD-B0B7-4DB5-930C-FE415D3DA9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{0ADE9C1A-221F-47E0-AB02-C619AD6AC206}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BE7AB90-DB96-4BB9-A405-6A41AC8B951D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15C9F034-7743-4E26-86E6-9DE9C5AF6467}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{1C2EC68B-8EAA-4250-9938-1918AA0B379C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1EB5465E-473A-42A7-8C60-9776BF7EAE0F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D51C1C1-6C38-411A-846F-5EAD95BE9E42}" = dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{2F221EA9-8B00-4B39-B0FA-5522692B025B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44C2E0C8-8671-4C2B-8200-1BE559CFFD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{7975D9B1-CDB6-45CE-B642-A4F7FA34161E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{7B913A54-79BF-4567-82AF-46F0133C6293}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C0753D5-852C-4EBC-B08D-40B1D6993647}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{7D2A02EF-0E50-401B-A581-024544A4814C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{9C0C6F41-DCA0-4728-A69E-B3F145628319}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A7E2919B-88F4-4E41-888E-514733DFD977}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC96A9FE-3032-4E9C-8F1E-CACCF72A0465}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{C1D5A470-EC93-4261-86AD-12BF82761D96}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{D48F66A2-D5F6-4223-9CB0-AFE584E4AC3F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E26AF186-F292-4214-92CD-E9A314CF8E51}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E71B6376-237B-4147-9E22-9D9F116F6370}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.46.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"PROSetDX" = Intel(R) Network Connections 16.8.46.0
"Rock Turner" = Rock Turner
"sp6" = Logitech SetPoint 6.52

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06D085C8-1F00-11B2-96A7-8f0CE39193ED}" = Intel® SSD Toolbox
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager
"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery
"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = avast! Free Antivirus
"BrowserSafeguard" = BrowserSafeguard with Rockettab
"EaseUS Todo Backup Free 5.3_is1" = EaseUS Todo Backup Free 5.3
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pre-Cloud" = Pre-Cloud Browser Security Service
"RealAlt_is1" = Real Alternative 2.0.2
"TeamViewer 9" = TeamViewer 9
"TurboTax 2013" = TurboTax 2013
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2014 1:04:16 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2014 8:50:18 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2014 9:02:05 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2014 9:07:42 PM | Computer Name = Helen-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\Users\Helen\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/1/2014 9:09:50 PM | Computer Name = Helen-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\Users\Helen\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/1/2014 9:20:10 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2014 9:24:04 PM | Computer Name = Helen-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ff4 Start Time:
01cf7e00f36ce3be Termination Time: 0 Application Path: D:\Users\Helen\Desktop\OTL.exe

Report
Id: 88e4aebf-e9f4-11e3-b404-00224da55db7

Error - 6/1/2014 9:27:21 PM | Computer Name = Helen-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 100 Start Time:
01cf7e01664a6b70 Termination Time: 0 Application Path: D:\Users\Helen\Desktop\OTL.exe

Report
Id: e9cb949b-e9f4-11e3-b404-00224da55db7

Error - 6/1/2014 9:41:08 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2014 10:18:27 PM | Computer Name = Helen-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/1/2014 9:09:15 PM | Computer Name = Helen-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/1/2014 9:20:09 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 6/1/2014 9:20:09 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 6/1/2014 9:20:49 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 6/1/2014 9:41:07 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 6/1/2014 9:41:07 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 6/1/2014 9:41:47 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 6/1/2014 10:18:25 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 6/1/2014 10:18:25 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 6/1/2014 10:19:06 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2


< End of report >
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 2nd, 2014, 12:06 am

Hello sarasotalady,

Downloaded OTL but it froze on "scanning firefox settings " Task Manager says OTL wasn't responding. Tried several times but it didn't complete scan, so have no logs.
Please don't worry - sometimes it is happaned. There are a lot of other tools. :D
Checked a few websites where "Similar Products " showed up-- no more "Similar products," but now have adware from "Rock Turner" and "Speedial" -- they also show up as add-ons to firefox. I've disabled them and will restart computer after sending this message. Similar Products still shows up-- this time on Amazon.
We are not finished our treatment yet - please be pacient...

Step 1.
ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 2.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *ContentSAFER*
    *Bandoo*
    *Babylon*
    *Conduit*
    *Coupons*
    *DP1815*
    *Fun4IM*
    *Funmoods*
    *facemoods*
    *iLivid*
    *IObit*
    *Iminent*
    *IMVU*
    *Mysearchdial*
    *PutLockerDownloader*
    *searchab*
    *Searchqu*
    *Searchnu*
    *Searchou*
    *SearchProtect*
    *SimilarProducts*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *vshare*
    *WiseConvert*
    *whitesmoke*
    *FriendsChecker*
    *UnfriendApp*
    *ExFriendAlert*
    *RecordChecker*
    *InfoSeeker*
    *SecureWeb*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *ContentSAFER*
    *Babylon*
    *Bandoo*
    *Conduit*
    *Coupons*
    *DP1815*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *facemoods*
    *iLivid*
    *IObit*
    *Iminent*
    *IMVU*
    *Mysearchdial*
    *PutLockerDownloader*
    *searchab*
    *Searchqu*
    *Searchnu*
    *Searchou*
    *SearchProtect*
    *SimilarProducts*
    *Slick*
    *smartbar*
    *Sweet*
    *Tarma*
    *Trusteer*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *WiseConvert*
    *whitesmoke*
    *FriendsChecker*
    *UnfriendApp*
    *ExFriendAlert*
    *RecordChecker*
    *InfoSeeker*
    *SecureWeb*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    ContentSAFER
    Babylon
    Bandoo
    Conduit
    Coupons
    DP1815
    Fun4IM
    Funmoods
    facemoods
    iLivid
    IObit
    Iminent
    IMVU
    Mysearchdial
    PutLockerDownloader
    searchab
    Searchqu
    Searchnu
    Searchou
    SearchProtect
    SimilarProducts
    Slick
    smartbar
    SuperFish
    Sweetpack
    Tarma
    Trusteer
    trolltech
    Vafmusic2
    vshare
    WiseConvert
    whitesmoke
    FriendsChecker
    UnfriendApp
    ExFriendAlert
    RecordChecker
    InfoSeeker
    SecureWeb
    Yontoo
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the zoek-results.log file
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 2nd, 2014, 12:13 am

Please don't forget to place here also the second OTL.txt log file from OTL scan...
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 2nd, 2014, 12:32 am

pgmigg,

Here's the OTL.txt log file-- thought I had sent it already. Will make other changes tomorrow. Thanks so much for your help.

OTL logfile created on: 6/1/2014 11:26:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 73.35% Memory free
15.80 Gb Paging File | 13.55 Gb Available in Paging File | 85.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 167.58 Gb Total Space | 119.55 Gb Free Space | 71.34% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 473.08 Gb Free Space | 50.79% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/01 21:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Helen\Desktop\OTL.exe
PRC - [2014/06/01 01:03:15 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\Rock Turner\updateRockTurner.exe
PRC - [2014/06/01 01:02:13 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe
PRC - [2014/05/30 20:12:34 | 000,096,544 | ---- | M] () -- C:\Program Files (x86)\Rock Turner\bin\RockTurner.BrowserAdapter.exe
PRC - [2014/05/26 10:38:50 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/12 23:20:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/25 15:24:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/17 09:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/24 01:51:56 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/10/30 11:20:34 | 001,315,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
PRC - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2012/10/19 23:02:24 | 000,070,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
PRC - [2012/01/10 23:22:45 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/01/10 23:22:44 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/01/10 23:22:42 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/10 23:22:40 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/30 20:12:34 | 000,096,544 | ---- | M] () -- C:\Program Files (x86)\Rock Turner\bin\RockTurner.BrowserAdapter.exe
MOD - [2014/05/12 23:20:03 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/11 12:04:49 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/13 04:42:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 04:42:50 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 04:42:49 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/13 04:42:38 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:42:36 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:42:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:42:32 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/10 14:33:12 | 000,270,024 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
MOD - [2013/12/24 01:51:56 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2012/10/19 23:01:30 | 000,051,272 | ---- | M] () -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/25 15:24:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/08 14:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV - [2014/06/01 01:03:15 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Rock Turner\updateRockTurner.exe -- (Update Rock Turner)
SRV - [2014/06/01 01:02:13 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe -- (Util Rock Turner)
SRV - [2014/05/31 12:26:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 23:20:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2014/02/17 09:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/24 01:51:54 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/30 18:10:44 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/10/19 23:02:36 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/01/10 23:22:45 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/10 23:22:44 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/10 23:22:42 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/01/10 23:22:40 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/22 18:24:44 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys -- ({8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64)
DRV:64bit: - [2014/05/22 18:18:00 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys -- ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64)
DRV:64bit: - [2014/05/15 11:45:35 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/15 11:45:35 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/15 11:45:35 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/25 15:24:54 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/25 15:24:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/25 15:24:54 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/25 15:24:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/25 15:24:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/01/03 04:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/19 23:02:16 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/10/19 23:02:12 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/10/19 23:02:06 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/10/19 23:02:04 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/04 12:56:44 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012/06/04 12:56:42 | 000,633,296 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012/06/04 12:56:42 | 000,389,968 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 22:31:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/01/10 22:32:28 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/01/04 15:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 15:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 15:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/11 03:20:44 | 000,316,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/10/24 21:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/24 21:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB FF 50 41 B8 97 CE 01 [binary data]
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{67EC6999-123C-4AC8-87F8-E525AE035CFE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{B5874762-543C-4D24-9173-7D0A3A9CC8C9}: "URL" = http://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://news.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7BE68155BA-066F-4CC9-B128-4A2627664264%7D:5.0.0.4
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Helen\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/06/09 22:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/25 15:24:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/12 23:20:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/12 23:20:01 | 000,000,000 | ---D | M]

[2013/06/04 15:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Extensions
[2014/06/01 14:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions
[2014/04/12 02:20:57 | 000,000,000 | ---D | M] (iGive Button) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{E68155BA-066F-4CC9-B128-4A2627664264}
[2014/05/31 12:25:28 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
[2014/05/18 14:48:12 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
[2014/06/01 14:08:57 | 000,009,022 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi
[2014/05/01 13:38:16 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/12 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/12 23:20:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/25 15:24:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/09 22:37:33 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

========== Chrome ==========

CHR - default_search_provider: Speedial (Enabled)
CHR - default_search_provider: search_url = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_22_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByE0D0AyDyD0D0ByByBzy0B0EtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAtByEyE0EtAzytGzytA0ByCtGyEyByDyDtG0D0C0DyBtGyCyByD0AyEyB0EyBtBtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzyzyzzyB0A0AtGzyyCzyyBtG0B0FyDyBtGyDtAzy0DtGyEtC0AzzyDyE0CzztDyEzytB2Q&cr=2143485961&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Newhub = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp\9.4.15_0\
CHR - Extension: Newhub = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp\9.4.15_1\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Logitech SetPoint = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_1\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.233_0\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.276_0\
CHR - Extension: avast! Online Security = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/05/30 23:45:09 | 000,000,720 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Rock Turner) - {527b365c-1bd3-4a66-906f-8729805ce78c} - C:\Program Files (x86)\Rock Turner\RockTurnerBHO.dll (Rock Turner)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\Toolbar\WebBrowser: (no name) - {870BD786-09A0-440D-ADB7-8F2ABE9B7845} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0EDFBD-D8A3-4117-9408-C35E58D179D1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/05 10:07:44 | 000,002,196 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b26ec2af-cd4c-11e2-a21a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b26ec2af-cd4c-11e2-a21a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\EIProcessCaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/01 21:21:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Helen\Desktop\OTL.exe
[2014/06/01 01:03:18 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys
[2014/05/31 13:14:27 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\Adobe
[2014/05/31 12:31:07 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2014/05/31 12:31:07 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2014/05/31 12:29:53 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\CrashDumps
[2014/05/31 12:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/05/31 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\PC_Drivers_Headquarters
[2014/05/31 12:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/05/31 12:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/05/31 12:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/05/31 12:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rock Turner
[2014/05/30 23:33:02 | 000,000,000 | ---D | C] -- D:\Users\Helen\Desktop\RK_Quarantine
[2014/05/30 22:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/05/30 22:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/05/30 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/05/30 22:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/05/30 22:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/05/30 22:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/05/30 22:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/05/30 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/05/30 22:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/05/30 22:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/05/30 02:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/05/30 02:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/05/30 01:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/05/29 14:26:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/28 23:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2014/05/28 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\Anvisoft
[2014/05/28 23:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2014/05/26 23:52:08 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
[2014/05/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 22:39:06 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 22:39:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 22:39:02 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 22:39:01 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 22:39:01 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 22:39:01 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 22:39:01 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 22:39:01 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 22:39:01 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 22:39:00 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 22:39:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 22:39:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 22:39:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 22:39:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 22:39:00 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 22:39:00 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 22:39:00 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 22:39:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 22:39:00 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 22:39:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 22:39:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 22:39:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 22:39:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 22:39:00 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 22:39:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/12 23:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 12:59:13 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/04/12 13:11:40 | 103,922,784 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd ) -- C:\Users\Helen\TodoBackup.exe
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/01 22:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/01 22:56:58 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/01 22:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 22:25:31 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 22:25:31 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 22:22:42 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/01 22:22:42 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/01 22:22:42 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/01 22:17:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/01 22:17:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/01 22:17:52 | 2069,213,183 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 21:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Helen\Desktop\OTL.exe
[2014/06/01 21:17:33 | 001,327,971 | ---- | M] () -- D:\Users\Helen\Desktop\adwcleaner_3.211.exe
[2014/06/01 21:00:50 | 000,100,531 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/31 12:33:40 | 000,001,350 | ---- | M] () -- D:\Users\Helen\Desktop\Clean Registry for Free!.lnk
[2014/05/31 12:31:01 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2014/05/31 12:31:01 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2014/05/31 12:26:14 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/31 12:26:14 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/31 12:25:27 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/05/31 12:23:16 | 000,000,701 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/30 23:48:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/30 23:45:09 | 000,000,720 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/30 22:27:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/30 00:06:32 | 000,309,180 | ---- | M] () -- D:\Users\Helen\Documents\training_seniors_mounsey.pdf
[2014/05/22 18:24:44 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys
[2014/05/22 18:18:00 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
[2014/05/22 00:04:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/15 11:45:35 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/15 11:45:35 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/15 11:45:35 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/15 01:36:10 | 000,000,258 | RHS- | M] () -- C:\Users\Helen\ntuser.pol
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[6 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/31 13:11:21 | 001,327,971 | ---- | C] () -- D:\Users\Helen\Desktop\adwcleaner_3.211.exe
[2014/05/31 12:29:40 | 000,001,350 | ---- | C] () -- D:\Users\Helen\Desktop\Clean Registry for Free!.lnk
[2014/05/31 12:25:27 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/05/30 22:27:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/30 22:26:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/05/30 02:01:11 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/30 00:06:32 | 000,309,180 | ---- | C] () -- D:\Users\Helen\Documents\training_seniors_mounsey.pdf
[2014/04/10 12:26:25 | 000,000,000 | ---- | C] () -- C:\Users\Helen\defogger_reenable
[2014/03/23 20:14:31 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/03/21 13:22:05 | 000,686,631 | ---- | C] () -- C:\Users\Helen\AppData\Local\nwhb-v9.4.15.crx
[2014/03/18 00:22:19 | 000,000,109 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\WB.CFG
[2014/03/17 17:04:06 | 000,249,863 | ---- | C] () -- C:\ProgramData\1395090207.bdinstall.bin
[2014/02/27 02:39:53 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/25 17:55:25 | 000,007,666 | ---- | C] () -- C:\Users\Helen\AppData\Local\Resmon.ResmonCfg
[2013/09/21 22:07:00 | 000,000,258 | RHS- | C] () -- C:\Users\Helen\ntuser.pol
[2013/08/09 15:15:59 | 000,522,082 | ---- | C] () -- C:\ProgramData\1376075608.bdinstall.bin
[2013/08/09 13:46:03 | 000,241,070 | ---- | C] () -- C:\ProgramData\1376070227.bdinstall.bin
[2013/07/30 01:45:59 | 000,100,531 | ---- | C] () -- C:\Windows\wininit.ini
[2013/06/10 13:38:13 | 000,484,278 | ---- | C] () -- C:\ProgramData\1370885629.bdinstall.bin
[2013/06/07 12:49:40 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2013/06/07 12:49:34 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll
[2013/06/07 12:08:00 | 000,006,902 | ---- | C] () -- C:\Windows\hplj1320.ini
[2013/06/04 15:35:47 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/06/04 13:08:30 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/06/04 13:08:30 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/11 12:05:13 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\AVAST Software
[2013/06/09 22:37:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech
[2013/10/05 03:11:04 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\OverDrive
[2013/06/10 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\QuickScan
[2013/09/17 23:37:45 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\SanDisk
[2014/02/25 02:52:41 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\TuneUp Software
[2013/07/02 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\webex
[2013/06/05 17:06:10 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 2nd, 2014, 1:00 am

Thanks so much for your help.
You are very welcome, sarasotalady! :D
Here's the OTL.txt log file-- thought I had sent it already.
Please check yourself every time you place your replays to be sure that all logs were posted properly as the helper asked...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Can't delete "Similar products popup" + other adware

Unread postby sarasotalady » June 2nd, 2014, 12:09 pm

Dear Pgmigg,

Here's my Latest status report.

Do you have any problems executing the instructions? No--
Contents of the zoek-results.log file See below
Contents of the SystemLook.txt log file See belowe.
Do you see any changes in computer behavior? Nothing obvious yet-- will check more later.


After this removal has been completed, could you refer me to a protocol of scans that I can do on a regular basis to catch
malware before it takes hold.

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Helen on Mon 06/02/2014 at 11:00:29.54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Helen\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

6/2/2014 11:04:05 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67EC6999-123C-4AC8-87F8-E525AE035CFE} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Rock Turner deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Rock Turner deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699

user.js not found
---- Lines search.com removed from prefs.js ----
user_pref("extensions.{E68155BA-066F-4CC9-B128-4A2627664264}.IGiveButton_v8_balance", "\"{\\\"balance\\\":{\\\"ab\\\":\\\"256.08\\\",\\\"nm\\\":\\\"he
---- FireFox user.js and prefs.js backups ----

prefs_20140602_1109_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\PROGRA~2\GUM3BC5.tmp deleted
C:\PROGRA~2\GUM4594.tmp deleted
C:\PROGRA~2\GUMA7A1.tmp deleted
C:\PROGRA~2\GUMB585.tmp deleted
C:\PROGRA~2\GUMC0CC.tmp deleted
C:\PROGRA~2\GUMF949.tmp deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~3\Updater deleted
C:\Users\Helen\AppData\Local\nwhb-v9.4.15.crx deleted
C:\Users\Helen\AppData\Local\Wondershare deleted
C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\Windows\SysNative\sasnative64.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Fast Free Converter deleted
C:\Windows\serviceprofiles\networkservice\AppData\LocalLow\Fast Free Converter deleted
C:\Windows\serviceprofiles\Localservice\AppData\LocalLow\Fast Free Converter deleted
C:\Windows\wininit.ini deleted
C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\jetpack deleted
C:\Users\Helen\TodoBackup.exe deleted
C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{E68155BA-066F-4CC9-B128-4A2627664264} deleted
C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} deleted
"C:\PROGRA~2\Rock Turner\updateRockTurner.exe" deleted
"C:\PROGRA~2\Rock Turner\updateRockTurner.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\RockTurner.BrowserAdapter.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\RockTurner.PurBrowse64.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\utilRockTurner.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.dll" deleted
"C:\PROGRA~2\Rock Turner\bin\RockTurner.BrowserAdapter.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\RockTurner.PurBrowse64.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\utilRockTurner.exe" deleted
"C:\PROGRA~2\Rock Turner\bin\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.dll" deleted
"C:\Users\Helen\AppData\Roaming\webex" deleted
"C:\PROGRA~2\Rock Turner" not deleted
"C:\PROGRA~2\Rock Turner" not deleted
"C:\PROGRA~2\Rock Turner\bin" not deleted
"C:\PROGRA~2\Rock Turner\bin" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/25/2014 03:24 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
- Rock Turner - %ProfilePath%\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699
7D35CB60201CED2F01AE06F1816231E2 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.100.18
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
00096F6E7011319FA733B0D3C1EF68C3 - C:\Users\Helen\AppData\Roaming\Mozilla\plugins\npatgpc.dll - ActiveTouch General Plugin Container
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Deleted Firefox Extensions ======================

C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aoejbmmillcdifgagjpdlaamnalbielp - C:\Users\Helen\AppData\Local\nwhb-v9.4.15.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[02/20/2013 09:59 PM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/25/2014 03:24 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
aoejbmmillcdifgagjpdlaamnalbielp - C:\Users\Helen\AppData\Local\nwhb-v9.4.15.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]

Newhub - Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp
Logitech SetPoint - Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
avast Online Security - Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chrome Fix ======================

C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully
C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=U220DHP&pc=U220"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=U220DHP&pc=U220"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{B5874762-543C-4D24-9173-7D0A3A9CC8C9} Bing Url="http://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{527b365c-1bd3-4a66-906f-8729805ce78c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{527b365c-1bd3-4a66-906f-8729805ce78c} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aoejbmmillcdifgagjpdlaamnalbielp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallerLauncher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Helen\AppData\Local\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=560 folders=153 115735369 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Helen\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Helen\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied




[u]Here's the SystemLook report
[/u]

SystemLook 30.07.11 by jpshortstuff
Log created at 11:35 on 02/06/2014 by Helen
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico --a---- 1150 bytes [03:00 18/08/2013] [02:25 22/09/2013] 3A2621535E6A482B2783AA692B103D04
C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml --a---- 909 bytes [17:00 27/06/2013] [17:00 27/06/2013] DC16D6C99EC6E3FF8ED1517715E1D31F

Searching for "*ContentSAFER*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [20:50 12/02/2014] [20:50 12/02/2014] 5A2B082A760722E08042E3892D07690E
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0000.zip --a---- 12642371 bytes [02:31 07/04/2014] [02:31 07/04/2014] 82E905F79C6235D896DDA96C273ED298
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0001.zip --a---- 7241461 bytes [02:31 07/04/2014] [02:31 07/04/2014] B3C1C60B096075D5613B5E4249BEBBF4
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0002.zip --a---- 7241578 bytes [02:31 07/04/2014] [02:31 07/04/2014] 55BEBB4199F8AF364D581DFC4FF1BEE0
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0003.zip --a---- 7241614 bytes [02:32 07/04/2014] [02:32 07/04/2014] 37146C76175F975908D087B23D21F612
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0004.zip --a---- 7846 bytes [02:41 07/04/2014] [02:41 07/04/2014] 1604CFB852999A5D3BD0B9E4B20ED8A6
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0005.zip --a---- 7847 bytes [02:41 07/04/2014] [02:41 07/04/2014] 6BCD61E8059CB70AD3E2CD99F6A42EED
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0006.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] 245CE24C5F418432CEF798171CE49D6B
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0007.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] C5C90EBA1FB46D06635226FBF8711529
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0008.zip --a---- 7840 bytes [02:55 07/04/2014] [02:55 07/04/2014] 589D0DE66D1ED76B419ED43593D1E69D
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0009.zip --a---- 7840 bytes [03:34 07/04/2014] [03:34 07/04/2014] 77C6795D3AF9AA9360435FD628D99475
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0010.zip --a---- 11554374 bytes [05:30 27/05/2014] [05:30 27/05/2014] BEBC8CA13831ED7E6711DAC63869882B
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0011.zip --a---- 4547868 bytes [05:30 27/05/2014] [05:30 27/05/2014] D9C54BB7ECC7D8557D8721B55E1CDA07
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0012.zip --a---- 4548013 bytes [05:30 27/05/2014] [05:30 27/05/2014] 224A5962A44343684ABCBC34DB6F9395
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0013.zip --a---- 52033 bytes [23:32 27/05/2014] [23:32 27/05/2014] E7CA1742DA39FF67661C09E3EC563044
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0014.zip --a---- 8630 bytes [23:33 27/05/2014] [23:33 27/05/2014] D11FBC4B69FB59DB524A09DF608E4052
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0000.zip --a---- 12642371 bytes [02:31 07/04/2014] [02:31 07/04/2014] 82E905F79C6235D896DDA96C273ED298
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0001.zip --a---- 7241461 bytes [02:31 07/04/2014] [02:31 07/04/2014] B3C1C60B096075D5613B5E4249BEBBF4
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0002.zip --a---- 7241578 bytes [02:31 07/04/2014] [02:31 07/04/2014] 55BEBB4199F8AF364D581DFC4FF1BEE0
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0003.zip --a---- 7241614 bytes [02:32 07/04/2014] [02:32 07/04/2014] 37146C76175F975908D087B23D21F612
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0004.zip --a---- 7846 bytes [02:41 07/04/2014] [02:41 07/04/2014] 1604CFB852999A5D3BD0B9E4B20ED8A6
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0005.zip --a---- 7847 bytes [02:41 07/04/2014] [02:41 07/04/2014] 6BCD61E8059CB70AD3E2CD99F6A42EED
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0006.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] 245CE24C5F418432CEF798171CE49D6B
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0007.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] C5C90EBA1FB46D06635226FBF8711529
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0008.zip --a---- 7840 bytes [02:55 07/04/2014] [02:55 07/04/2014] 589D0DE66D1ED76B419ED43593D1E69D
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0009.zip --a---- 7840 bytes [03:34 07/04/2014] [03:34 07/04/2014] 77C6795D3AF9AA9360435FD628D99475
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0010.zip --a---- 11554374 bytes [05:30 27/05/2014] [05:30 27/05/2014] BEBC8CA13831ED7E6711DAC63869882B
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0011.zip --a---- 4547868 bytes [05:30 27/05/2014] [05:30 27/05/2014] D9C54BB7ECC7D8557D8721B55E1CDA07
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0012.zip --a---- 4548013 bytes [05:30 27/05/2014] [05:30 27/05/2014] 224A5962A44343684ABCBC34DB6F9395
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0013.zip --a---- 52033 bytes [23:32 27/05/2014] [23:32 27/05/2014] E7CA1742DA39FF67661C09E3EC563044
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0014.zip --a---- 8630 bytes [23:33 27/05/2014] [23:33 27/05/2014] D11FBC4B69FB59DB524A09DF608E4052

Searching for "*Coupons*"
No files found.

Searching for "*DP1815*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*facemoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*IMVU*"
No files found.

Searching for "*Mysearchdial*"
No files found.

Searching for "*PutLockerDownloader*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchou*"
No files found.

Searching for "*SearchProtect*"
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0000.zip --a---- 12642371 bytes [02:31 07/04/2014] [02:31 07/04/2014] 82E905F79C6235D896DDA96C273ED298
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0001.zip --a---- 7241461 bytes [02:31 07/04/2014] [02:31 07/04/2014] B3C1C60B096075D5613B5E4249BEBBF4
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0002.zip --a---- 7241578 bytes [02:31 07/04/2014] [02:31 07/04/2014] 55BEBB4199F8AF364D581DFC4FF1BEE0
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0003.zip --a---- 7241614 bytes [02:32 07/04/2014] [02:32 07/04/2014] 37146C76175F975908D087B23D21F612
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0004.zip --a---- 7846 bytes [02:41 07/04/2014] [02:41 07/04/2014] 1604CFB852999A5D3BD0B9E4B20ED8A6
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0005.zip --a---- 7847 bytes [02:41 07/04/2014] [02:41 07/04/2014] 6BCD61E8059CB70AD3E2CD99F6A42EED
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0006.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] 245CE24C5F418432CEF798171CE49D6B
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0007.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] C5C90EBA1FB46D06635226FBF8711529
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0008.zip --a---- 7840 bytes [02:55 07/04/2014] [02:55 07/04/2014] 589D0DE66D1ED76B419ED43593D1E69D
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0009.zip --a---- 7840 bytes [03:34 07/04/2014] [03:34 07/04/2014] 77C6795D3AF9AA9360435FD628D99475
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0010.zip --a---- 11554374 bytes [05:30 27/05/2014] [05:30 27/05/2014] BEBC8CA13831ED7E6711DAC63869882B
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0011.zip --a---- 4547868 bytes [05:30 27/05/2014] [05:30 27/05/2014] D9C54BB7ECC7D8557D8721B55E1CDA07
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0012.zip --a---- 4548013 bytes [05:30 27/05/2014] [05:30 27/05/2014] 224A5962A44343684ABCBC34DB6F9395
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0013.zip --a---- 52033 bytes [23:32 27/05/2014] [23:32 27/05/2014] E7CA1742DA39FF67661C09E3EC563044
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0014.zip --a---- 8630 bytes [23:33 27/05/2014] [23:33 27/05/2014] D11FBC4B69FB59DB524A09DF608E4052
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0000.zip --a---- 12642371 bytes [02:31 07/04/2014] [02:31 07/04/2014] 82E905F79C6235D896DDA96C273ED298
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0001.zip --a---- 7241461 bytes [02:31 07/04/2014] [02:31 07/04/2014] B3C1C60B096075D5613B5E4249BEBBF4
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0002.zip --a---- 7241578 bytes [02:31 07/04/2014] [02:31 07/04/2014] 55BEBB4199F8AF364D581DFC4FF1BEE0
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0003.zip --a---- 7241614 bytes [02:32 07/04/2014] [02:32 07/04/2014] 37146C76175F975908D087B23D21F612
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0004.zip --a---- 7846 bytes [02:41 07/04/2014] [02:41 07/04/2014] 1604CFB852999A5D3BD0B9E4B20ED8A6
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0005.zip --a---- 7847 bytes [02:41 07/04/2014] [02:41 07/04/2014] 6BCD61E8059CB70AD3E2CD99F6A42EED
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0006.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] 245CE24C5F418432CEF798171CE49D6B
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0007.zip --a---- 7840 bytes [02:50 07/04/2014] [02:50 07/04/2014] C5C90EBA1FB46D06635226FBF8711529
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0008.zip --a---- 7840 bytes [02:55 07/04/2014] [02:55 07/04/2014] 589D0DE66D1ED76B419ED43593D1E69D
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0009.zip --a---- 7840 bytes [03:34 07/04/2014] [03:34 07/04/2014] 77C6795D3AF9AA9360435FD628D99475
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0010.zip --a---- 11554374 bytes [05:30 27/05/2014] [05:30 27/05/2014] BEBC8CA13831ED7E6711DAC63869882B
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0011.zip --a---- 4547868 bytes [05:30 27/05/2014] [05:30 27/05/2014] D9C54BB7ECC7D8557D8721B55E1CDA07
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0012.zip --a---- 4548013 bytes [05:30 27/05/2014] [05:30 27/05/2014] 224A5962A44343684ABCBC34DB6F9395
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0013.zip --a---- 52033 bytes [23:32 27/05/2014] [23:32 27/05/2014] E7CA1742DA39FF67661C09E3EC563044
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Conduit.SearchProtect-0014.zip --a---- 8630 bytes [23:33 27/05/2014] [23:33 27/05/2014] D11FBC4B69FB59DB524A09DF608E4052

Searching for "*SimilarProducts*"
No files found.

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*Trusteer*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*WiseConvert*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*FriendsChecker*"
No files found.

Searching for "*UnfriendApp*"
No files found.

Searching for "*ExFriendAlert*"
No files found.

Searching for "*RecordChecker*"
No files found.

Searching for "*InfoSeeker*"
No files found.

Searching for "*SecureWeb*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
C:\AdwCleaner\Quarantine\C\Users\Helen\AppData\Local\AskToolbar d------ [18:50 07/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Helen\AppData\LocalLow\AskToolbar d------ [18:50 07/12/2013]

Searching for "*Ask.com*"
No folders found.

Searching for "*ContentSAFER*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Coupons*"
No folders found.

Searching for "*DP1815*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*facemoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*IMVU*"
No folders found.

Searching for "*Mysearchdial*"
No folders found.

Searching for "*PutLockerDownloader*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchou*"
No folders found.

Searching for "*SearchProtect*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect d------ [01:43 23/02/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect d------ [01:43 23/02/2014]
C:\AdwCleaner\Quarantine\C\Users\Helen\AppData\Local\Searchprotect d------ [01:43 23/02/2014]
C:\AdwCleaner\Quarantine\C\Users\Helen\AppData\Local\Searchprotect\SearchProtect d------ [01:43 23/02/2014]

Searching for "*SimilarProducts*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Sweet*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*Trusteer*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*WiseConvert*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*FriendsChecker*"
No folders found.

Searching for "*UnfriendApp*"
No folders found.

Searching for "*ExFriendAlert*"
No folders found.

Searching for "*RecordChecker*"
No folders found.

Searching for "*InfoSeeker*"
No folders found.

Searching for "*SecureWeb*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"XMLUrl"="C:\Users\Helen\AppData\LocalLow\AskToolbar\accl.xml"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"XMLUrl"="C:\Users\Helen\AppData\LocalLow\AskToolbar\accl.xml"

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search]
"DefaultActivity"="ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"Icon"="C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"HomepageURL"="http://ss.websearch.ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"Domain"="ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"XML"="C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute]
"Action"="http://www.ask.com/web?q={selection}&o=15414&l=dis&qsrc=2871&gct=hlt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview]
"Action"="http://sp.ask.com/toolbar/config/feature/ie/ssieaccelerator/1.0/ss_en_ieaccel.html?q={selection}&o=15414&l=dis&qsrc=2871&gct=hlt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\preferences\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\FIND_MOZ_EXT\toolbar@ask.com\searchplugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\assets\oobe\b.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search]
"DefaultActivity"="ask.com"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"Icon"="C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"HomepageURL"="http://ss.websearch.ask.com"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"Domain"="ask.com"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
"XML"="C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute]
"Action"="http://www.ask.com/web?q={selection}&o=15414&l=dis&qsrc=2871&gct=hlt"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview]
"Action"="http://sp.ask.com/toolbar/config/feature/ie/ssieaccelerator/1.0/ss_en_ieaccel.html?q={selection}&o=15414&l=dis&qsrc=2871&gct=hlt"
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediaactivextask.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mediaactivextask.com]

Searching for "ContentSAFER"
No data found.

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VBMZ]
"P1"="conduit"

Searching for "Coupons"
No data found.

Searching for "DP1815"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "facemoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "IMVU"
No data found.

Searching for "Mysearchdial"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]

Searching for "PutLockerDownloader"
No data found.

Searching for "searchab"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "Searchou"
No data found.

Searching for "SearchProtect"
No data found.

Searching for "SimilarProducts"
No data found.

Searching for "Slick"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]

Searching for "smartbar"
No data found.

Searching for "SuperFish"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"

Searching for "Sweetpack"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

Searching for "Tarma"
No data found.

Searching for "Trusteer"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trolltech]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "WiseConvert"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "FriendsChecker"
No data found.

Searching for "UnfriendApp"
No data found.

Searching for "ExFriendAlert"
No data found.

Searching for "RecordChecker"
No data found.

Searching for "InfoSeeker"
No data found.

Searching for "SecureWeb"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-


==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\PROGRA~2\Rock Turner" not found
"C:\PROGRA~2\Rock Turner" not found

==== EOF on Mon 06/02/2014 at 11:12:59.35 ======================
sarasotalady
Regular Member
 
Posts: 34
Joined: December 8th, 2013, 12:41 am

Re: Can't delete "Similar products popup" + other adware

Unread postby pgmigg » June 3rd, 2014, 12:11 am

Hello sarasotalady,

After this removal has been completed, could you refer me to a protocol of scans that I can do on a regular basis to catch malware before it takes hold.
Sure, we will discuss this issue at the end...

Good job! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{67EC6999-123C-4AC8-87F8-E525AE035CFE}: "URL" = http://search.yahoo.com/search?p= {searchTerms}&fr=tightropetb&type=10741
    IE - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\SearchScopes\{B5874762-543C-4D24-9173-7D0A3A9CC8C9}: "URL" = http://www.bing.com/search?FORM=U220DF& ... 220&q= {searchTerms}&src=IE-SearchBox
    [2013/06/04 15:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Extensions
    [2014/06/01 14:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions
    [2014/05/31 12:25:28 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [2014/05/18 14:48:12 | 000,384,004 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
    [2014/06/01 14:08:57 | 000,009,022 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}.xpi
    [2014/05/01 13:38:16 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\nmhzubkn.default-1397022210699\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/05/12 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    CHR - default_search_provider: search_url = http://speedial.com/results.php?f=4&q= {searchTerms}&a=spd_dnldstr_14_22_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByE0D0AyDyD0D0ByByBzy0B0EtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtAtByEyE0EtAzytGzytA0ByCtGyEyByDyDtG0D0C0DyBtGyCyByD0AyEyB0EyBtBtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzyzyzzyB0A0AtGzyyCzyyBtG0B0FyDyBtGyDtAzy0DtGyEtC0AzzyDyE0CzztDyEzytB2Q&cr=2143485961&ir=
    O2 - BHO: (Rock Turner) - {527b365c-1bd3-4a66-906f-8729805ce78c} - C:\Program Files (x86)\Rock Turner\RockTurnerBHO.dll (Rock Turner)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2694911468-2725480652-2267897185-1000\..\Toolbar\WebBrowser: (no name) - {870BD786-09A0-440D-ADB7-8F2ABE9B7845} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    [2013/07/02 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\webex
    [2013/06/09 22:37:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech
    
    :Reg
    Searching for "AskToolbar"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    "XMLUrl"=-
    [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    "XMLUrl"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search]
    "DefaultActivity"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute]
    "Action"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview]
    "Action"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\preferences\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\defaults\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\temp\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\content\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\chrome\skin\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "D:\FIND_MOZ_EXT\toolbar@ask.com\searchplugins\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720]
    "A28B4D68DEBAA244EB686953B7074FEF"=-
    [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search]
    "DefaultActivity"=-
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
    [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\execute]
    "Action"=-
    [HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com\Action1\preview]
    "Action"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tooslick.ru]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\tooslick.ru]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trolltech]
    [-HKEY_USERS\S-1-5-21-2694911468-2725480652-2267897185-1000\Software\Trolltech]
    
    :Files
    C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.ico
    C:\Users\Helen\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
    C:\Program Files (x86)\*.tmp
    C:\Windows\*.tmp
    @C:\ProgramData\TEMP:373E1720
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Remove Similar Products from browsers
  • Internet Explorer
    1. Please open Internet Explorer
    2. Press Alt+X and select "Manage add-ons"
    3. Under "Add-ons Type" label please select "Toolbars and Extensions"
    4. If you can see in the list "SuperFish", select it, and click on the Disable button
    5. Close and restart browser, then close it again.
  • Mozilla Firefox
    1. Please open Mozilla Firefox
    2. Press Ctrl+Shift+A and Add-ons tab will be opened
    3. If you can see in the list SimilarProducts, please disable it by click on the Disable button. Then remove it by click on the Remove button.
    4. Close and restart browser, then close it again.
  • Google Chrome
    1. Please open Google Chrome
    2. Then type in the address bar: http://chrome:extensions
    3. If you can see in the list "SimilarProducts by SuperFish", please uncheck Enabled at the right and remove it by clicking the next trash can icon
    4. Close and restart browser, then close it again.

Step 3.
Malwarebytes' Anti-Malware
As you have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:
  1. Launch Malwarebytes then click Update Now.
  2. Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  3. Press the Scan Now >> button.
  4. When the scan is finished:
  5. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!". Then post it in your next reply and proceed with Step 4.
  6. If infections were found, click the Quarantine all button.
  7. Press the View detailed log >> link to display the results log.
  8. Press the Copy to Clipboard button.
  9. Copy and paste the scan results in your next reply and exit MBAM.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-06-... file
  4. Contents of a OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 148 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware