Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Dad's PC infected with Dregol, etc.

12 May 2015   #1
Microsoft MVP

Dad's PC infected with Dregol, etc.

My Dad's PC was infected with some sort of adware package I think was clicked on in a webpage popup. He says he knows not to do anything but close those out, but I wonder if even doing that can download them. Are they able to reprogram the exit X to download in IE11? Should we always just reboot if a dodgy ad page or popup appears while browsing?

For Dregol, after uninstalling that and some others in Control Panel, a search suggested SPyhunter which I ran. It seems to have found multiple adware and searchware. But when I click Fix Infections it wants us to pay so now I'm suspicious of it. It says it found evidence of Conduit, Search Protect, Adware Helpers which I see no evidence of so I'm now wondering if it is illegit and maybe seeded us. I uninstalled it.

I could not remove Dregol from IE search so reset that browser which seems OK now. There is no evidence of it in files or registry using name search.

MBAM found PUPS I removed but didn't seem to find Dregol, SAS found cookies, so I ran AdwCleaner and ESET online scanner. AdwCleaner found Conduit and Search Protect and some other things but I'm waiting for ESET to finish before cleaning those up since it wants to Force Shut all programs.

Anything else suggested?

Attached Files
File Type: txt eset.txt (730 Bytes, 4 views)
File Type: txt AdwCleaner[S0].txt (3.0 KB, 6 views)
My System SpecsSystem Spec
12 May 2015   #2

Windows 7 Professional 64-bit

Hitman Pro is one of the few that actually find Conduit and Ask, SpyHunter's probably correct on that one. I still have Malwarebytes AM & SUPERAntispyware on my system. Take heed using SpyHunter, many others have removed it.
My System SpecsSystem Spec
12 May 2015   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Greg, this adware will sneak in with some 'freeware software'. Warn your Dad about that!

Download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
My System SpecsSystem Spec

12 May 2015   #4

Windows 7 Home Premium


After running JRT as recommended by Jacee, please see if you can do the following to check a few things:

Please download Zoek.exe:
Download z o e k . e x e version
Save to the Desktop.

Please close all antivirus and anti-malware programs so they do not interfere with the download or execution of Zoek.
Instructions how to disable security application:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

• Next, double click zoek.exe to start the program.
• Copy and paste the following script in the code box:

Note: This script is written specifically for this user's computer.
Do not use it on another computer even if its problems are similar !

• Close any open browsers.
• Click the Run script button and wait patiently.
• When finished the logfile, zoek-results.log, is opened in Notepad.
• If a reboot is needed the logfile is opened after rebooting.
• The zoek-results.log is also found on your system drive (normally C:\).

Please post the zoek-results.log in your reply.
My System SpecsSystem Spec
13 May 2015   #5
Microsoft MVP


His performance Is better than before. He's a little annoyed by new IE11 install asking if he wants to enable Add-Ons like WMP and Quicktime plug-in, offering only to Allow but not to Disable unless he goes into IE Add-Ons. I will keep an eye on that.

Both logs coming

Attached Files
File Type: txt JRT.txt (857 Bytes, 4 views)
File Type: txt zoek-results.txt (33.2 KB, 4 views)
My System SpecsSystem Spec
13 May 2015   #6

Windows 7 Professional 64-bit

Greg, Wise Plugin Manager, just one of several good ones, might be a good tool for him. I've used it to remove some pesky plugins, extensions. Be advised that many FF add-ons have mighty unhelpful strange names listed in WPM :) However, the listing within Chrome and IE are almost always in plain language.
My System SpecsSystem Spec
13 May 2015   #7

Windows 7 Home Premium


Did not see malware in the Zoek report, and the JRT took care of an item.

If you wish, you can also check browsers plugins and see if they are up to date.
Plugins add new capabilities into the browser, but, they can also provide opportunities for malicious code to get in.

Check Firefox >

To check other browsers, use: Qualys BrowserCheck
It is a cloud service that scans your browsers and plugins to see if they are all up-to-date.

Download >

When the program opens, click on: Scan without installing plugin
Then, click on: Scan now
My System SpecsSystem Spec

 Dad's PC infected with Dregol, etc.

Thread Tools

Similar help and support threads
Thread Forum
Infected with
My brother downloaded a free video converter on my system & he didn't uncheck all the usual pre checked boxes & now my system is infected with something. Whenever I open a web page & click on any URL, I'm directed to a page asking me to click on the I AM NOT A BOT box then it forwards me...
System Security
My PC is infected!
:(I've tried to find these things and delete them. But I have at least two I can't get rid of. One of them is a "PC CLeaner" Another is some problem in ITunes saying its not for my new W-7....but it always was good till this other thing came along. The PC is doing something else when I...
System Security
I am infected.
I was looking for info on a new korean game called tree of saviour and i found a webpage which apparently had a good image of the game classes so i tried to go into the page and suddenly a windows want to execute cmd something came up and i went full retard and put yes my laptop...
System Security
I'm wondering if I got a virus. I got the death blue screen once, but only once. Things boot fine now. Anyway, later, when I try to run various applications, I get errors for some of them, like this: "The application was unable to start correctly (0x0000005). Click OK to close the application."...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:41.
Twitter Facebook Google+