Swizz006 Posted June 6, 2014 ID:838515 Share Posted June 6, 2014 Hello all I would like a little advice regarding the following entry. I have only just performed a scan with "AdwCleaner" And in the registry tab shows as follows..Would the entries below be safe to delete? Thank you. # AdwCleaner v3.212 - Report created 06/06/2014 at 11:59:01# Updated 05/06/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Home PC - HOMEPC-PC# Running from : C:\Users\Home PC\Downloads\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\user.jsFolder Found : C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : [x64] HKCU\Software\ConduitKey Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16843-\\ Mozilla Firefox v29.0.1 (en-US)[ File : C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\prefs.js ]-\\ Google Chrome v31.0.1650.63[ File : C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]Found [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}*************************AdwCleaner[R0].txt - [978 octets] - [14/01/2014 21:38:52]AdwCleaner[R10].txt - [4088 octets] - [18/02/2014 16:59:10]AdwCleaner[R11].txt - [3696 octets] - [19/02/2014 00:57:22]AdwCleaner[R12].txt - [3681 octets] - [19/02/2014 01:08:11]AdwCleaner[R13].txt - [3743 octets] - [19/02/2014 01:11:24]AdwCleaner[R14].txt - [3804 octets] - [19/02/2014 01:18:45]AdwCleaner[R15].txt - [3865 octets] - [19/02/2014 02:20:38]AdwCleaner[R16].txt - [3926 octets] - [19/02/2014 02:29:02]AdwCleaner[R17].txt - [3987 octets] - [19/02/2014 02:35:21]AdwCleaner[R18].txt - [2113 octets] - [20/02/2014 05:36:24]AdwCleaner[R19].txt - [2174 octets] - [20/02/2014 06:48:10]AdwCleaner[R1].txt - [1035 octets] - [14/01/2014 21:50:40]AdwCleaner[R20].txt - [2235 octets] - [20/02/2014 15:27:06]AdwCleaner[R21].txt - [2296 octets] - [21/02/2014 00:09:37]AdwCleaner[R22].txt - [2357 octets] - [21/02/2014 02:32:47]AdwCleaner[R23].txt - [2418 octets] - [21/02/2014 16:02:13]AdwCleaner[R24].txt - [2555 octets] - [22/02/2014 01:29:57]AdwCleaner[R25].txt - [2616 octets] - [23/02/2014 19:48:12]AdwCleaner[R26].txt - [2737 octets] - [24/02/2014 04:58:50]AdwCleaner[R27].txt - [2798 octets] - [07/03/2014 14:57:40]AdwCleaner[R28].txt - [2859 octets] - [07/03/2014 14:59:24]AdwCleaner[R29].txt - [3808 octets] - [06/06/2014 11:59:01]AdwCleaner[R2].txt - [5888 octets] - [15/02/2014 15:25:31]AdwCleaner[R3].txt - [4744 octets] - [18/02/2014 13:11:40]AdwCleaner[R4].txt - [4804 octets] - [18/02/2014 13:28:36]AdwCleaner[R5].txt - [3195 octets] - [18/02/2014 13:35:39]AdwCleaner[R6].txt - [3255 octets] - [18/02/2014 13:38:27]AdwCleaner[R7].txt - [3315 octets] - [18/02/2014 13:42:33]AdwCleaner[R8].txt - [3377 octets] - [18/02/2014 14:17:47]AdwCleaner[R9].txt - [4904 octets] - [18/02/2014 14:52:24]AdwCleaner[s0].txt - [3677 octets] - [19/02/2014 07:24:35]AdwCleaner[s1].txt - [2651 octets] - [19/02/2014 21:51:01]AdwCleaner[s2].txt - [2637 octets] - [23/02/2014 19:48:33]########## EOF - C:\AdwCleaner\AdwCleaner[R29].txt - [4529 octets] ########## Link to post Share on other sites More sharing options...
Swizz006 Posted June 6, 2014 Author ID:838684 Share Posted June 6, 2014 Yet another scan with RogueKiller. Again would it be completely safe to delete the following below? Thanks guys. RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Home PC [Admin rights]Mode : Scan -- Date : 06/06/2014 21:29:31¤¤¤ Bad processes : 1 ¤¤¤[ZeroAccess] SUPERANTISPYWARE.EXE -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[7] -> KILLED [TermProc]¤¤¤ Registry Entries : 16 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 0 ¤¤¤¤¤¤ Web browsers : 1 ¤¤¤[PUP][FIREFX:Addon] rr07ro2j.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> FOUND¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++--- User ---[MBR] 0c4428d2fa6966c5364d687aab393729[bSP] b2d0ca3f7ab8807a453dea48e42740ef : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: ST3000DM001-1CH166 ATA Device +++++--- User ---[MBR] 0086f36f0b7bc8b257f89fc226376c3d[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MBUser = LL1 ... OKUser = LL2 ... OK Link to post Share on other sites More sharing options...
MrCharlie Posted June 8, 2014 ID:839225 Share Posted June 8, 2014 You can delete what AdwCleaner found but NOT the RogueKiller items. MrC Link to post Share on other sites More sharing options...
Swizz006 Posted June 9, 2014 Author ID:839550 Share Posted June 9, 2014 Thank you boss..Will do. I appreciate your response Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2014 Root Admin ID:840129 Share Posted June 10, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts