Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: help with possible virus removal?

29 Apr 2015   #21
drmax

W7 premium 64
 
 

Quote   Quote: Originally Posted by Jacee View Post
I don't want you to click on anything else, just the full *scan* button. It may take a while. I just need to see the .txt log that the full scan produces.
After it says "waiting for action" .... click on the Report button. Then copy and paste the log file.

I'll look at that and then tell you what to click on next.
with my screen shot, then tell me were is the "report" button? There is also so "dontate" button missing. I did download a fresh copy. It also looks the same on my laptop. Don't get it.


My System SpecsSystem Spec
.
29 Apr 2015   #22
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

On my machine I see "Scan" - it takes a while.

help with possible virus removal?-adwcleaner.jpg

Once finished just open the "Logfile" and upload the report. "Logfile = Report"

help with possible virus removal?-adwcleaner-2.jpg


My System SpecsSystem Spec
29 Apr 2015   #23
drmax

W7 premium 64
 
 

Quote   Quote: Originally Posted by Callender View Post
On my machine I see "Scan" - it takes a while.

Attachment 357685

Once finished just open the "Logfile" and upload the report. "Logfile = Report"

Attachment 357686
Thanks for clearing that up! Was not told to me, what you did. I also found I can't get into safe mode by holding down F8 key. Not an option.
My System SpecsSystem Spec
.

29 Apr 2015   #24
drmax

W7 premium 64
 
 
logfile adwc

# AdwCleaner v4.202 - Logfile created 29/04/2015 at 14:29:22
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : greg - GREG-PC
# Running from : C:\Users\greg\Desktop\adwcleaner_4.202.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
File Found : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\eyt134nm.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\ShopSave Toolbar1
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\SpeedMaxPc
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\Users\greg\AppData\Local\Conduit
Folder Found : C:\Users\greg\AppData\Local\globalUpdate
Folder Found : C:\Users\greg\AppData\LocalLow\Conduit
Folder Found : C:\Users\greg\AppData\LocalLow\weDownload Manager Pro
Folder Found : C:\Users\greg\AppData\Roaming\DriverCure
Folder Found : C:\Users\greg\AppData\Roaming\ernden
Folder Found : C:\Users\greg\AppData\Roaming\SpeedMaxPc
Folder Found : C:\Users\greg\AppData\Roaming\Strongvault
Folder Found : C:\Users\greg\AppData\Roaming\Systweak
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Scheduled tasks ] *****

Task Found : AmiUpdXp
Task Found : PostPoneInstall
Task Found : Run_Bobby_Browser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:61545;hxxps=127.0.0.1:61545
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Local AppWizard-Generated Applications
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Ask.com - What's Your Question?
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{320F532C-EF2E-463E-9A4C-D9DE1246E897}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE84A6EA-6695-49EF-BD6C-C286D1D4A225}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\SpeedMaxPC
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Local AppWizard-Generated Applications
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{320F532C-EF2E-463E-9A4C-D9DE1246E897}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE84A6EA-6695-49EF-BD6C-C286D1D4A225}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\SpeedMaxPC
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Found : HKLM\SOFTWARE\0e9d844d-14f0-dff3-a785-fc7cf8be1bc6
Key Found : HKLM\SOFTWARE\Clara
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\SpeedMaxPC
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[eyt134nm.default] - Line Found : user_pref("CT3306061.smartbar.homepage", "true");
[eyt134nm.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[eyt134nm.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
[eyt134nm.default] - Line Found : user_pref("browser.search.order.1", "SafeSearch");
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylig[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.expiration", "Sat Sep 13 2014 21:08:46 GMT-0400 (Eastern Standard Ti[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.expiration", "Fri Sep 19 2014 21:08:53 GMT-0400 (Eastern Sta[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.expiration", "Sat Sep 13 2014 21:08:54 GMT-0400 (Eastern Standa[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.description", "Enhance your search results with direct download links and information for apps and[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
[eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
[eyt134nm.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
[eyt134nm.default] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
[eyt134nm.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11438289523175132&UM=2&q=");
[eyt134nm.default] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
[eyt134nm.default] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
[eyt134nm.default] - Line Found : user_pref("smartbar.machineId", "OOY03ZCOC4NKRUD+EN4NM5KLFJMLGD5DMJKUP/JV5QD8TIMSLSH4AHHP/UGI7EVSFQX8MTEY8YMSCCHBR847DQ");
[eyt134nm.default] - Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13");

-\\ Google Chrome v

[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

*************************

AdwCleaner[R0].txt - [14320 bytes] - [27/04/2015 10:45:34]
AdwCleaner[R1].txt - [14380 bytes] - [27/04/2015 10:47:16]
AdwCleaner[R2].txt - [14199 bytes] - [27/04/2015 15:22:54]
AdwCleaner[R3].txt - [14257 bytes] - [28/04/2015 15:46:14]
AdwCleaner[R4].txt - [14323 bytes] - [28/04/2015 16:53:09]
AdwCleaner[R5].txt - [14381 bytes] - [29/04/2015 14:12:36]
AdwCleaner[R6].txt - [14619 bytes] - [29/04/2015 14:29:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [14679 bytes] ##########
My System SpecsSystem Spec
29 Apr 2015   #25
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Great - that log is what's needed. Await Jacee's advice on the next steps.
My System SpecsSystem Spec
29 Apr 2015   #26
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

YAY!!
Open AdwCleaner again, Now.......

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

******Post that .txt log
My System SpecsSystem Spec
29 Apr 2015   #27
drmax

W7 premium 64
 
 
after cleaning

# AdwCleaner v4.202 - Logfile created 29/04/2015 at 17:44:10
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : greg - GREG-PC
# Running from : C:\Users\greg\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\ShopSave Toolbar1
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\greg\AppData\Local\Conduit
Folder Deleted : C:\Users\greg\AppData\Local\globalUpdate
Folder Deleted : C:\Users\greg\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\greg\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\greg\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\greg\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\greg\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\greg\AppData\Roaming\Systweak
Folder Deleted : C:\Users\greg\AppData\Roaming\ernden
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\eyt134nm.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : PostPoneInstall
Task Deleted : Run_Bobby_Browser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\0e9d844d-14f0-dff3-a785-fc7cf8be1bc6
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{320F532C-EF2E-463E-9A4C-D9DE1246E897}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE84A6EA-6695-49EF-BD6C-C286D1D4A225}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Ask.com - What's Your Question?
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:61545;hxxps=127.0.0.1:61545
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[eyt134nm.default\prefs.js] - Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SafeSearch");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylig[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.expiration", "Sat Sep 13 2014 21:08:46 GMT-0400 (Eastern Standard Ti[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.expiration", "Fri Sep 19 2014 21:08:53 GMT-0400 (Eastern Sta[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.expiration", "Sat Sep 13 2014 21:08:54 GMT-0400 (Eastern Standa[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11438289523175132&UM=2&q=");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "OOY03ZCOC4NKRUD+EN4NM5KLFJMLGD5DMJKUP/JV5QD8TIMSLSH4AHHP/UGI7EVSFQX8MTEY8YMSCCHBR847DQ");
[eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13");

-\\ Google Chrome v

[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [14320 bytes] - [27/04/2015 10:45:34]
AdwCleaner[R1].txt - [14380 bytes] - [27/04/2015 10:47:16]
AdwCleaner[R2].txt - [14199 bytes] - [27/04/2015 15:22:54]
AdwCleaner[R3].txt - [14257 bytes] - [28/04/2015 15:46:14]
AdwCleaner[R4].txt - [14323 bytes] - [28/04/2015 16:53:09]
AdwCleaner[R5].txt - [14381 bytes] - [29/04/2015 14:12:36]
AdwCleaner[R6].txt - [14811 bytes] - [29/04/2015 14:29:22]
AdwCleaner[R7].txt - [14501 bytes] - [29/04/2015 17:43:36]
AdwCleaner[S0].txt - [14036 bytes] - [29/04/2015 17:44:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14096 bytes] ##########
My System SpecsSystem Spec
29 Apr 2015   #28
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Much better. You had a lot of adware!

Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer Download - Geeks to Go Forum and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also eliminate all desktop shortcuts (only the background will be there), so just be aware!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
It will take a while to finish, be patient.

Important! Manually reboot the machine to ensure a complete clean.

Let me know when you've done this and rebooted.
My System SpecsSystem Spec
30 Apr 2015   #29
drmax

W7 premium 64
 
 

did what you asked. it cleaned nearly 1GB. Shut it down then, completely and restarted. I won't be back here to check until sat or sun. Thx
My System SpecsSystem Spec
30 Apr 2015   #30
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

That's fine. Let me know when you're back, because I have a couple more steps for you to do.
My System SpecsSystem Spec
Reply

 help with possible virus removal?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Virus Removal
Just bought a laptop pretty decently priced even with the virus problem. I am just having problems getting rid of this one. It has content explorer which sets up proxy so after disabling it i can not get on net to install removal sofware. It has wb.exe, pc health, a password viewer, scorpion...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
BSOD after virus removal
Hi, I am running Windows 7 starter on a Asus eee PC netbook. I removed a few virus files last night following instructions from the web (it was essentially just one temp file), then ran AVG as well as Windows security essentials. Now my computer will boot ok but then after 30 seconds or so...
BSOD Help and Support
Virus Removal
My Microsoft Security Essentials keeps alerting me to something called: Name: Exploit:HTML/IframeRef.gen Alert Level: Severe I click remove but sometime later the message pops up again saying to remove. I have clicked remove quite enough times now but still the pop-up appears. I have also...
System Security
happili virus removal
Can someone direct me to find the ability to remove the happili! redirect virus? I was directed last time to how to remove it to the tune of purchasing some software that now has not apparently worked. :mad:
System Security
After Virus Removal
After virus removal, this message has been popping up every time I start the computer. What do I do to restore these two DLL files? Startup repair has done nothing and I don't want to system restore because I just installed tons of drivers.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:42.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App