help with possible virus removal?

Page 3 of 3 FirstFirst 123

  1. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #21

    Jacee said:
    I don't want you to click on anything else, just the full *scan* button. It may take a while. I just need to see the .txt log that the full scan produces.
    After it says "waiting for action" .... click on the Report button. Then copy and paste the log file.

    I'll look at that and then tell you what to click on next.
    with my screen shot, then tell me were is the "report" button? There is also so "dontate" button missing. I did download a fresh copy. It also looks the same on my laptop. Don't get it.
      My Computer
    Quote Quote

  3. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #22

    On my machine I see "Scan" - it takes a while.

    help with possible virus removal?-adwcleaner.jpg

    Once finished just open the "Logfile" and upload the report. "Logfile = Report"

    help with possible virus removal?-adwcleaner-2.jpg
      My Computer
    Quote Quote

  4. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #23

    Callender said:
    On my machine I see "Scan" - it takes a while.

    help with possible virus removal?-adwcleaner.jpg

    Once finished just open the "Logfile" and upload the report. "Logfile = Report"

    help with possible virus removal?-adwcleaner-2.jpg
    Thanks for clearing that up! Was not told to me, what you did. I also found I can't get into safe mode by holding down F8 key. Not an option.
      My Computer
    Quote Quote

  6. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #24

    logfile adwc


    # AdwCleaner v4.202 - Logfile created 29/04/2015 at 14:29:22
    # Updated 23/04/2015 by Xplode
    # Database : 2015-04-23.1 [Local]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : greg - GREG-PC
    # Running from : C:\Users\greg\Desktop\adwcleaner_4.202.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
    File Found : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\eyt134nm.default\user.js
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\globalUpdate
    Folder Found : C:\Program Files (x86)\ShopSave Toolbar1
    Folder Found : C:\ProgramData\Conduit
    Folder Found : C:\ProgramData\SpeedMaxPc
    Folder Found : C:\ProgramData\Uniblue
    Folder Found : C:\Users\greg\AppData\Local\Conduit
    Folder Found : C:\Users\greg\AppData\Local\globalUpdate
    Folder Found : C:\Users\greg\AppData\LocalLow\Conduit
    Folder Found : C:\Users\greg\AppData\LocalLow\weDownload Manager Pro
    Folder Found : C:\Users\greg\AppData\Roaming\DriverCure
    Folder Found : C:\Users\greg\AppData\Roaming\ernden
    Folder Found : C:\Users\greg\AppData\Roaming\SpeedMaxPc
    Folder Found : C:\Users\greg\AppData\Roaming\Strongvault
    Folder Found : C:\Users\greg\AppData\Roaming\Systweak
    Folder Found : C:\Windows\SysWOW64\SearchProtect

    ***** [ Scheduled tasks ] *****

    Task Found : AmiUpdXp
    Task Found : PostPoneInstall
    Task Found : Run_Bobby_Browser

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:61545;hxxps=127.0.0.1:61545
    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\Compete
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\GlobalUpdate
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Local AppWizard-Generated Applications
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Ask.com - What's Your Question?
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{320F532C-EF2E-463E-9A4C-D9DE1246E897}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE84A6EA-6695-49EF-BD6C-C286D1D4A225}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\ParetoLogic
    Key Found : HKCU\Software\powerpack
    Key Found : HKCU\Software\SpeedMaxPC
    Key Found : [x64] HKCU\Software\Compete
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\GlobalUpdate
    Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
    Key Found : [x64] HKCU\Software\Local AppWizard-Generated Applications
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{320F532C-EF2E-463E-9A4C-D9DE1246E897}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE84A6EA-6695-49EF-BD6C-C286D1D4A225}
    Key Found : [x64] HKCU\Software\ParetoLogic
    Key Found : [x64] HKCU\Software\powerpack
    Key Found : [x64] HKCU\Software\SpeedMaxPC
    Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
    Key Found : HKLM\SOFTWARE\0e9d844d-14f0-dff3-a785-fc7cf8be1bc6
    Key Found : HKLM\SOFTWARE\Clara
    Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Found : HKLM\SOFTWARE\Classes\driverscanner
    Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
    Key Found : HKLM\SOFTWARE\CompeteInc
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\firstsearch
    Key Found : HKLM\SOFTWARE\GlobalUpdate
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\ParetoLogic
    Key Found : HKLM\SOFTWARE\SpeedMaxPC
    Key Found : HKLM\SOFTWARE\Uniblue
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
    Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
    Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
    Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17728


    -\\ Mozilla Firefox v37.0.2 (x86 en-US)

    [eyt134nm.default] - Line Found : user_pref("CT3306061.smartbar.homepage", "true");
    [eyt134nm.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    [eyt134nm.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
    [eyt134nm.default] - Line Found : user_pref("browser.search.order.1", "SafeSearch");
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylig[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.expiration", "Sat Sep 13 2014 21:08:46 GMT-0400 (Eastern Standard Ti[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.expiration", "Fri Sep 19 2014 21:08:53 GMT-0400 (Eastern Sta[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.expiration", "Sat Sep 13 2014 21:08:54 GMT-0400 (Eastern Standa[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.description", "Enhance your search results with direct download links and information for apps and[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
    [eyt134nm.default] - Line Found : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
    [eyt134nm.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
    [eyt134nm.default] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
    [eyt134nm.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11438289523175132&UM=2&q=");
    [eyt134nm.default] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
    [eyt134nm.default] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
    [eyt134nm.default] - Line Found : user_pref("smartbar.machineId", "OOY03ZCOC4NKRUD+EN4NM5KLFJMLGD5DMJKUP/JV5QD8TIMSLSH4AHHP/UGI7EVSFQX8MTEY8YMSCCHBR847DQ");
    [eyt134nm.default] - Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13");

    -\\ Google Chrome v

    [C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

    *************************

    AdwCleaner[R0].txt - [14320 bytes] - [27/04/2015 10:45:34]
    AdwCleaner[R1].txt - [14380 bytes] - [27/04/2015 10:47:16]
    AdwCleaner[R2].txt - [14199 bytes] - [27/04/2015 15:22:54]
    AdwCleaner[R3].txt - [14257 bytes] - [28/04/2015 15:46:14]
    AdwCleaner[R4].txt - [14323 bytes] - [28/04/2015 16:53:09]
    AdwCleaner[R5].txt - [14381 bytes] - [29/04/2015 14:12:36]
    AdwCleaner[R6].txt - [14619 bytes] - [29/04/2015 14:29:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [14679 bytes] ##########
      My Computer
    Quote Quote

  7. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #25

    Great - that log is what's needed. Await Jacee's advice on the next steps.
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #26

    YAY!!
    Open AdwCleaner again, Now.......

    This time click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder

    ******Post that .txt log
      My Computer
    Quote Quote

  10. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #27

    after cleaning


    # AdwCleaner v4.202 - Logfile created 29/04/2015 at 17:44:10
    # Updated 23/04/2015 by Xplode
    # Database : 2015-04-27.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : greg - GREG-PC
    # Running from : C:\Users\greg\Desktop\adwcleaner_4.202.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\SpeedMaxPc
    Folder Deleted : C:\ProgramData\Uniblue
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\ShopSave Toolbar1
    Folder Deleted : C:\Windows\SysWOW64\SearchProtect
    Folder Deleted : C:\Users\greg\AppData\Local\Conduit
    Folder Deleted : C:\Users\greg\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\greg\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\greg\AppData\LocalLow\weDownload Manager Pro
    Folder Deleted : C:\Users\greg\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\greg\AppData\Roaming\SpeedMaxPc
    Folder Deleted : C:\Users\greg\AppData\Roaming\Strongvault
    Folder Deleted : C:\Users\greg\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\greg\AppData\Roaming\ernden
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
    File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\eyt134nm.default\user.js

    ***** [ Scheduled tasks ] *****

    Task Deleted : AmiUpdXp
    Task Deleted : PostPoneInstall
    Task Deleted : Run_Bobby_Browser

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\0e9d844d-14f0-dff3-a785-fc7cf8be1bc6
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91EE0830-B539-45AB-83F2-741FED0B0E2F}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{320F532C-EF2E-463E-9A4C-D9DE1246E897}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EE84A6EA-6695-49EF-BD6C-C286D1D4A225}
    Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
    Key Deleted : HKCU\Software\Compete
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\SpeedMaxPC
    Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\CompeteInc
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\firstsearch
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\SpeedMaxPC
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Clara
    Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Ask.com - What's Your Question?
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:61545;hxxps=127.0.0.1:61545
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17728


    -\\ Mozilla Firefox v37.0.2 (x86 en-US)

    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SafeSearch");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylig[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.expiration", "Sat Sep 13 2014 21:08:46 GMT-0400 (Eastern Standard Ti[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.expiration", "Fri Sep 19 2014 21:08:53 GMT-0400 (Eastern Sta[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.expiration", "Sat Sep 13 2014 21:08:54 GMT-0400 (Eastern Standa[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.4362 8.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11438289523175132&UM=2&q=");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "OOY03ZCOC4NKRUD+EN4NM5KLFJMLGD5DMJKUP/JV5QD8TIMSLSH4AHHP/UGI7EVSFQX8MTEY8YMSCCHBR847DQ");
    [eyt134nm.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11438289523175132&UM=2&SearchSource=13");

    -\\ Google Chrome v

    [C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [14320 bytes] - [27/04/2015 10:45:34]
    AdwCleaner[R1].txt - [14380 bytes] - [27/04/2015 10:47:16]
    AdwCleaner[R2].txt - [14199 bytes] - [27/04/2015 15:22:54]
    AdwCleaner[R3].txt - [14257 bytes] - [28/04/2015 15:46:14]
    AdwCleaner[R4].txt - [14323 bytes] - [28/04/2015 16:53:09]
    AdwCleaner[R5].txt - [14381 bytes] - [29/04/2015 14:12:36]
    AdwCleaner[R6].txt - [14811 bytes] - [29/04/2015 14:29:22]
    AdwCleaner[R7].txt - [14501 bytes] - [29/04/2015 17:43:36]
    AdwCleaner[S0].txt - [14036 bytes] - [29/04/2015 17:44:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14096 bytes] ##########
      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #28

    Much better. You had a lot of adware!

    Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer Download - Geeks to Go Forum and save it to your desktop.

    Save any unsaved work. TFC will close ALL open programs including your browser! This will also eliminate all desktop shortcuts (only the background will be there), so just be aware!

    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    It will take a while to finish, be patient.

    Important! Manually reboot the machine to ensure a complete clean.

    Let me know when you've done this and rebooted.
      My Computer
    Quote Quote

  12. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #29

    did what you asked. it cleaned nearly 1GB. Shut it down then, completely and restarted. I won't be back here to check until sat or sun. Thx
      My Computer
    Quote Quote

  13. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #30

    That's fine. Let me know when you're back, because I have a couple more steps for you to do. :)
      My Computer
    Quote Quote

 
Page 3 of 3 FirstFirst 123

  Related Discussions
Virus Removal
in System Security

Just bought a laptop pretty decently priced even with the virus problem. I am just having problems getting rid of this one. It has content explorer which sets up proxy so after disabling it i can not get on net to install removal sofware. It has wb.exe, pc health, a password viewer, scorpion...
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
Virus Removal
in System Security

My Microsoft Security Essentials keeps alerting me to something called: Name: Exploit:HTML/IframeRef.gen Alert Level: Severe I click remove but sometime later the message pops up again saying to remove. I have clicked remove quite enough times now but still the pop-up appears. I have also...
when you take it to a store to remove a virus what and how do they do it ? do they use a antivirus program to scan the pc and remove the virus ? do they reinstall windows with a used or new windows install disk ? im thinking of posting on craigslist that i could do this for people i have not...
After Virus Removal
in System Security

After virus removal, this message has been popping up every time I start the computer. What do I do to restore these two DLL files? Startup repair has done nothing and I don't want to system restore because I just installed tons of drivers.
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:52.
Find Us