Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 11, 2014 1:20:07 GMT -8
Have Roguekiller Delete these entries only (3 of them)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4147495586-605826844-533025637-1000\Software\Microsoft\Windows\CurrentVersion\Run | ZulurOmasa : regsvr32.exe "C:\ProgramData\ZulurOmasa\ZulurOmasa.dat" -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4147495586-605826844-533025637-1000\Software\Microsoft\Windows\CurrentVersion\Run | ZulurOmasa : regsvr32.exe "C:\ProgramData\ZulurOmasa\ZulurOmasa.dat" -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4147495586-605826844-533025637-1000\Control Panel\Desktop | SCRNSAVE.EXE : "C:\Users\Mike Ehlenbeck\AppData\Roaming\Microsoft\Windows\IEUpdate\tasklist.exe" -> Found
Quads
|
|
|
Post by pennyh0923 on Nov 11, 2014 7:41:25 GMT -8
I can do that...anything else that you would like for me to run after I have Roguekiller do the delete?
|
|
|
Post by pennyh0923 on Nov 11, 2014 17:10:09 GMT -8
Roguekiller has deleted those files. What's next?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 11, 2014 17:12:58 GMT -8
"Now, I have a different .dll that it is complaining about."
They should be gone and the system acting more normally, with dllhost also not being so over active??
Quads
|
|
|
Post by pennyh0923 on Nov 12, 2014 15:24:46 GMT -8
That is true...when I ran the RogueKiller, it is also telling me that I have malware. The name of it is mcshield.exe.
Can I get rid of that via RogueKiller? My McAfee product is not detecting it. Or should I use something like malwarebytes?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 12, 2014 15:31:26 GMT -8
No, Don't over think, There is a reason why I said only the items I did with Roguekiller
Roguekiller has False Positives and that id why users should not just use it for the sake of it.
You don't know what you are looking at so that is why you are wanting to get rid of mcshield.exe when in fact you are not to.
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
Quads
|
|
|
Post by pennyh0923 on Nov 13, 2014 14:38:35 GMT -8
Not wanting to get rid of anything...just questioning the output. I did not remove it. We can close this thread out...I think that the computer is running much better. Thanks for the help provided.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 21, 2014 21:26:42 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by pennyh0923 on Nov 27, 2014 10:03:33 GMT -8
# AdwCleaner v4.102 - Report created 27/11/2014 at 12:00:14 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Mike Ehlenbeck - MIKEEHLENBECK # Running from : C:\Users\Mike Ehlenbeck\Downloads\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\Mike Ehlenbeck\AppData\Local\Conduit Folder Found : C:\Users\Mike Ehlenbeck\AppData\Local\DefineExt Folder Found : C:\Users\Mike Ehlenbeck\AppData\Local\SwvUpdater Folder Found : C:\Users\Mike Ehlenbeck\AppData\LocalLow\Conduit Folder Found : C:\Users\Mike Ehlenbeck\AppData\LocalLow\Delta Folder Found : C:\Users\Mike Ehlenbeck\AppData\Roaming\Babylon Folder Found : C:\Users\Mike Ehlenbeck\AppData\Roaming\Systweak
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Smartbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\BABSOLUTION Key Found : HKCU\Software\Define Ext Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\systweak Key Found : [x64] HKCU\Software\BABSOLUTION Key Found : [x64] HKCU\Software\Define Ext Key Found : [x64] HKCU\Software\systweak Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3286042 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Define Ext Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen Key Found : HKLM\SOFTWARE\systweak Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Google Chrome v39.0.2171.71
*************************
AdwCleaner[R0].txt - [3386 octets] - [27/11/2014 12:00:14]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3446 octets] ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Dec 17, 2014 20:26:40 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|