stag
New Helpee
Posts: 40
|
Post by stag on Sept 28, 2014 17:06:06 GMT -8
Yes
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 28, 2014 17:14:46 GMT -8
The activity by dllhost.exe and the Norton Alerts should have stopped Your key involved is the same as the other active user here, that has to be repaired. Download the attached .reg files (right click Save As if required,like what was done with the fixlist for FRST to make sure the files download) Then click to run the .reg file or right click and choose from the menu "Run as Administrator" Then the system should ask if you want the data added to the registry, answer = yes. A cofirmation message should them appear saying that the data has been added. The other way is to right click the files and choose "Open With" from the menu, and you should see Registry Editor as an option to choose. The change will not take effect until the system is RestartedQuads
|
|
stag
New Helpee
Posts: 40
|
Post by stag on Sept 28, 2014 17:26:47 GMT -8
Registry Editor Box: Cannot import C:\Users\Andrew\Desktop\Poweliks_repair.reg. Not all data was successfully written to the registry. Some keys are open by the system or other processes.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 28, 2014 17:48:23 GMT -8
It may be because the parent CLSID key is in use but the sub key could be written so only the missing section of the key could be imported back (correct windows and not Poweliks)
A bit strange
Has the alerts and Dllhost being over active stopped, they were the main symptoms you reported??
Quads
|
|
stag
New Helpee
Posts: 40
|
Post by stag on Sept 28, 2014 17:52:30 GMT -8
Yes, the alerts and dllhosts has stopped.
|
|
stag
New Helpee
Posts: 40
|
Post by stag on Sept 28, 2014 17:59:45 GMT -8
"The change will not take effect until the system is Restarted"
I did not restart the system due to the registry editor box.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 28, 2014 18:12:46 GMT -8
OK, the problem may have occurred due to Regedit not running as the Administrator according to Microsoft In the Start Menu, Search Box type Regedit At the top of the results you should see Regedit, Right click Regedit instead of the normal left click Choose from the menu that appears Run as AdministratorRegedit will start and appear Go to the File Menu at the Regedit Menu bar Select Import from the file menu Find the downloaded .reg file and once selected press the Open button Quads
|
|
stag
New Helpee
Posts: 40
|
Post by stag on Sept 28, 2014 18:23:19 GMT -8
Did the above.
The result is the same message: Cannot import C:\Users\Andrew\Desktop\Poweliks_repair.reg. Not all data was successfully written to the registry. Some keys are open by the system or other processes.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 28, 2014 18:36:55 GMT -8
OK I will have to think on that bit, The parent key maybe system protected (so for Windows only to Modify) looks like with that key missing Windows does not really need it so that there is no adverse effects which does happen with other keys chosen by Poweliks or Zeroaccess
It did notice the possibility or pieces of Adware /PUPs on your system, that may already be gone.
Q
|
|
stag
New Helpee
Posts: 40
|
Post by stag on Sept 28, 2014 18:41:23 GMT -8
Ok, appreciate your help insofar.
|
|