I have deleted it out of everything else ( I think). I just can't seem to uninstall it from the program list
Shopping helper smartbar engine
- Thread starter Rob Burgoyne
- Start date
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
- Mar 8, 2013
- 22,627
The PC appears to be working fine except the "shopping helper smartbar" and the "shopping helper smartbar engine" are still in the program list and won't uninstall. Is this a problem or have they been rendered useless?
- Mar 8, 2013
- 22,627
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; autoclean; Shopping Helper Smartbar;u Shopping Helper Smartbar Engine;u emptyalltemp; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
I hope this is ok, I couldn't find "Notepad" to upload it
I have looked at D:Users\Lizbee and the "shopping helper smartbar engine" still appears in her list of programs
Zoek.exe v5.0.0.0 Updated 24-12-2014
Tool run by Rob on Sat 27/12/2014 at 23:58:15.35.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Rob\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28/12/2014 12:02:27 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\office.tmp deleted successfully
D:\Users\dylan_000\AppData\Roaming\Apple Computer deleted successfully
D:\Users\Lizbee\AppData\Roaming\BitTorrent deleted successfully
D:\Users\Lizbee\AppData\Roaming\uTorrent deleted successfully
D:\Users\Rob\AppData\Roaming\uTorrent deleted successfully
D:\Users\Robert\AppData\Roaming\.minecraft deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4929A628-B626-41CC-9EA5-BA91173651B8} deleted successfully
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{604F777C-6CFC-4DFB-B7D6-C1A91829567F} deleted successfully
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D6135D6-4062-4CF1-9CBD-961507EB593} deleted successfully
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D321E672-6740-4947-993-602C414280AD} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
D:\Users\Lizbee\AppData\Local\nst2194.tmp deleted
D:\Users\Lizbee\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Firefox Start and Search pages ======================
ProfilePath: D:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\upltv1l6.default
user_pref("browser.search.defaultenginename", "Secure Search");
ProfilePath: D:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\72vjhc9c.default
user_pref("browser.search.defaultenginename", "Secure Search");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [19/12/2014 01:08 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 06:36 PM]
==== Firefox Extensions ======================
ProfilePath: D:\Users\Lizbee\AppData\Roaming\Mozilla\Firefox\Profiles\39vj6o4q.default
- Undetermined - {a30b5f37-0a36-419b-d6be-36e1bd3686f2}
- Shopping Helper Smartbar - %ProfilePath%\extensions\{a30b5f37-0a36-419b-d6be-36e1bd3686f2}
ProfilePath: D:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\4puhgwi4.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
ProfilePath: D:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\72vjhc9c.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Telstra Extension - %AppDir%\browser\extensions\mcciwbch@motive.com.xpi
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: D:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\4puhgwi4.default
424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx[02/10/2014 02:18 PM]
Google Voice Search Hotword (Beta) - Dav3b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Dav3b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Google Voice Search Hotword (Beta) - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Google Voice Search Hotword (Beta) - dylan_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - dylan_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
SiteAdvisor - dylan_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Voice Search Hotword (Beta) - Lizbee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Lizbee\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
SiteAdvisor - Lizbee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Voice Search Hotword (Beta) - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Google Voice Search Hotword (Beta) - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
SiteAdvisor - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD4CA175-B85B-434A-8A3B-7E04CDD1741F} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\Dav3b_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\harveynorman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\harveynorman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Users\Lizbee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\Lizbee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
D:\Users\Lizbee\AppData\Local\Mozilla\Firefox\Profiles\39vj6o4q.default\cache2 emptied successfully
D:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\72vjhc9c.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
D:\Users\Dav3b_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\Lizbee\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6 folders=4 632830 bytes)
==== Empty Temp Folders ======================
D:\Users\Dav3b_000\AppData\Local\Temp emptied successfully
D:\Users\David\AppData\Local\Temp emptied successfully
D:\Users\Default\AppData\Local\Temp emptied successfully
D:\Users\Default User\AppData\Local\Temp emptied successfully
D:\Users\dylan_000\AppData\Local\Temp emptied successfully
D:\Users\harveynorman\AppData\Local\Temp emptied successfully
D:\Users\Lizbee\AppData\Local\Temp emptied successfully
D:\Users\Rob\AppData\Local\Temp will be emptied at reboot
D:\Users\Robert\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on Sun 28/12/2014 at 0:16:09.86 ======================
I have looked at D:Users\Lizbee and the "shopping helper smartbar engine" still appears in her list of programs
Zoek.exe v5.0.0.0 Updated 24-12-2014
Tool run by Rob on Sat 27/12/2014 at 23:58:15.35.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Rob\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28/12/2014 12:02:27 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\office.tmp deleted successfully
D:\Users\dylan_000\AppData\Roaming\Apple Computer deleted successfully
D:\Users\Lizbee\AppData\Roaming\BitTorrent deleted successfully
D:\Users\Lizbee\AppData\Roaming\uTorrent deleted successfully
D:\Users\Rob\AppData\Roaming\uTorrent deleted successfully
D:\Users\Robert\AppData\Roaming\.minecraft deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4929A628-B626-41CC-9EA5-BA91173651B8} deleted successfully
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{604F777C-6CFC-4DFB-B7D6-C1A91829567F} deleted successfully
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D6135D6-4062-4CF1-9CBD-961507EB593} deleted successfully
HKEY_USERS\S-1-5-21-788829986-3988713853-2924854022-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D321E672-6740-4947-993-602C414280AD} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
D:\Users\Lizbee\AppData\Local\nst2194.tmp deleted
D:\Users\Lizbee\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== Firefox Start and Search pages ======================
ProfilePath: D:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\upltv1l6.default
user_pref("browser.search.defaultenginename", "Secure Search");
ProfilePath: D:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\72vjhc9c.default
user_pref("browser.search.defaultenginename", "Secure Search");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [19/12/2014 01:08 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 06:36 PM]
==== Firefox Extensions ======================
ProfilePath: D:\Users\Lizbee\AppData\Roaming\Mozilla\Firefox\Profiles\39vj6o4q.default
- Undetermined - {a30b5f37-0a36-419b-d6be-36e1bd3686f2}
- Shopping Helper Smartbar - %ProfilePath%\extensions\{a30b5f37-0a36-419b-d6be-36e1bd3686f2}
ProfilePath: D:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\4puhgwi4.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
ProfilePath: D:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\72vjhc9c.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Telstra Extension - %AppDir%\browser\extensions\mcciwbch@motive.com.xpi
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: D:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\4puhgwi4.default
424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx[02/10/2014 02:18 PM]
Google Voice Search Hotword (Beta) - Dav3b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Dav3b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Google Voice Search Hotword (Beta) - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Google Voice Search Hotword (Beta) - dylan_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - dylan_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
SiteAdvisor - dylan_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Voice Search Hotword (Beta) - Lizbee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Lizbee\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
SiteAdvisor - Lizbee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Voice Search Hotword (Beta) - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
Google Voice Search Hotword (Beta) - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Telstra Extension - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
SiteAdvisor - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD4CA175-B85B-434A-8A3B-7E04CDD1741F} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\Dav3b_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\harveynorman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\harveynorman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Users\Lizbee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\Lizbee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
D:\Users\Lizbee\AppData\Local\Mozilla\Firefox\Profiles\39vj6o4q.default\cache2 emptied successfully
D:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\72vjhc9c.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
D:\Users\Dav3b_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\Lizbee\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6 folders=4 632830 bytes)
==== Empty Temp Folders ======================
D:\Users\Dav3b_000\AppData\Local\Temp emptied successfully
D:\Users\David\AppData\Local\Temp emptied successfully
D:\Users\Default\AppData\Local\Temp emptied successfully
D:\Users\Default User\AppData\Local\Temp emptied successfully
D:\Users\dylan_000\AppData\Local\Temp emptied successfully
D:\Users\harveynorman\AppData\Local\Temp emptied successfully
D:\Users\Lizbee\AppData\Local\Temp emptied successfully
D:\Users\Rob\AppData\Local\Temp will be emptied at reboot
D:\Users\Robert\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on Sun 28/12/2014 at 0:16:09.86 ======================
- Mar 8, 2013
- 22,627
Hi. If you mean Manually by Right Clicking on it and then pressing uninstall. I have tried this numerous times but it just has the revovling circle over it for about ten seconds and then it disappears.
- Mar 8, 2013
- 22,627
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; installedprogs; - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Hi. The "shopping helper smartbar engine" only appears on "user\lizbee" so when I scanned on my profile "user\rob, even though I scanned all users it did not appear. So I moved across to user\liz and did another scan of all users and this is the result.
Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by Lizbee on Mon 29/12/2014 at 8:10:42.53.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Lizbee\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
D:\zoek-results2014-12-27-161609.log 11238 bytes
D:\zoek-results2014-12-29-000327.log 4168 bytes
==== System Restore Info ======================
29/12/2014 8:11:53 AM Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bonjour
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Clownfish for Skype
CyberLink BD_3D Advisor 2.0
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink MediaEspresso 6.5
CyberLink MediaShow 6
CyberLink Power2Go 7
CyberLink PowerDVD 10
CyberLink PowerProducer 5.5
D3DX10
Don't Starve
e-tax 2013
e-tax 2014
Evolve
Fraps (remove only)
GameSpy Arcade
Garry's Mod
Google Chrome
Google Update Helper
iCloud
iTunes
Java 7 Update 11 (64-bit)
Java 7 Update 71
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office Home and Student 2013 - en-us
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft XNA Framework Redistributable 4.0
Minecraft
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Next Car Game Free Technology Demo
Nokia Connectivity Cable Driver
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA GeForce Experience 2.0.1
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 12.4.67
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 12.4.67
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PAC-MAN Championship Edition DX+
Photo Common
Photo Gallery
Plague Inc: Evolved
QuickTime 7
Realtek High Definition Audio Driver
SHIELD Streaming
Shopping Helper Smartbar Engine
Skype Click to Call
SkypeT 7.0
Spotify
Steam
Team Fortress 2
Telstra Broadband Assistant
Terraria
Unturned
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.20 (64-bit)
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=7 632830 bytes)
==== EOF on Mon 29/12/2014 at 8:12:02.00 ======================
Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by Lizbee on Mon 29/12/2014 at 8:10:42.53.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Lizbee\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
D:\zoek-results2014-12-27-161609.log 11238 bytes
D:\zoek-results2014-12-29-000327.log 4168 bytes
==== System Restore Info ======================
29/12/2014 8:11:53 AM Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bonjour
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Clownfish for Skype
CyberLink BD_3D Advisor 2.0
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink MediaEspresso 6.5
CyberLink MediaShow 6
CyberLink Power2Go 7
CyberLink PowerDVD 10
CyberLink PowerProducer 5.5
D3DX10
Don't Starve
e-tax 2013
e-tax 2014
Evolve
Fraps (remove only)
GameSpy Arcade
Garry's Mod
Google Chrome
Google Update Helper
iCloud
iTunes
Java 7 Update 11 (64-bit)
Java 7 Update 71
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office Home and Student 2013 - en-us
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft XNA Framework Redistributable 4.0
Minecraft
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Next Car Game Free Technology Demo
Nokia Connectivity Cable Driver
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA GeForce Experience 2.0.1
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 12.4.67
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 12.4.67
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PAC-MAN Championship Edition DX+
Photo Common
Photo Gallery
Plague Inc: Evolved
QuickTime 7
Realtek High Definition Audio Driver
SHIELD Streaming
Shopping Helper Smartbar Engine
Skype Click to Call
SkypeT 7.0
Spotify
Steam
Team Fortress 2
Telstra Broadband Assistant
Terraria
Unturned
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.20 (64-bit)
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=7 632830 bytes)
==== EOF on Mon 29/12/2014 at 8:12:02.00 ======================
- Mar 8, 2013
- 22,627
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; Shopping Helper Smartbar Engine;u - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Here are the results of the latest scan run on user\lizbee
Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by Lizbee on Mon 29/12/2014 at 21:31:55.41.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Lizbee\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== Older Logs ======================
D:\zoek-results2014-12-27-161609.log 11238 bytes
D:\zoek-results2014-12-29-000327.log 4168 bytes
D:\zoek-results2014-12-29-001202.log 4258 bytes
==== System Restore Info ======================
29/12/2014 9:36:12 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9764e292-4f40-472c-a6c1-c271cf81c04d} deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=7 632830 bytes)
==== EOF on Mon 29/12/2014 at 21:36:39.28 ======================
Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by Lizbee on Mon 29/12/2014 at 21:31:55.41.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Lizbee\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== Older Logs ======================
D:\zoek-results2014-12-27-161609.log 11238 bytes
D:\zoek-results2014-12-29-000327.log 4168 bytes
D:\zoek-results2014-12-29-001202.log 4258 bytes
==== System Restore Info ======================
29/12/2014 9:36:12 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9764e292-4f40-472c-a6c1-c271cf81c04d} deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=7 632830 bytes)
==== EOF on Mon 29/12/2014 at 21:36:39.28 ======================
- Mar 8, 2013
- 22,627
I have just checked the program list and "shopping helper smartbar engine" is no longer there.
Thank you very much
Thank you very much
- Mar 8, 2013
- 22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself 
MUST READ - security tips:
MUST READ - general maintenance:
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.
TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
Adblock - to surf the web without annoying ads!
Download DelFix by Xplode and save it to your desktop.
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Stay safe,
TwinHeadedEagle
Recommended reading:
- Computer Security - a short guide to staying safer online.
- Simple and easy ways to keep your computer safe and secure on the Internet
The Importance of Software Updating:
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.
Recommended additional software:
Post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
Tool deletes old system restore points and create a fresh system restore point after cleaning.
My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
Stay safe,
TwinHeadedEagle
Similar threads
- Locked
