Jump to content
Sign in to follow this  
me82

HKCU software and HKLM software registry key

Recommended Posts

Need to know the full key strings to make that determination.

 

HKCU software & HKLM software keys hold all the registry information for all of your installed software. These are absolutely needed.

 

What are the specific strings that malwarebytes has targeted? Can you post a malwarebytes log?

 

:) Y

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.03.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702nika :: YOUR-PA86Z1I3G7 [administrator]11/4/2013 5:49:15 PMMBAM-log-2013-11-04 (18-34-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 267015Time elapsed: 34 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 8HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> No action taken.HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{BD0F5D09-EB62-23C9-E4C2-053B60799BD8} (PUP.Optional.Tarma.A) -> No action taken.HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSETUP.EXE (PUP.Optional.Tarma.A) -> No action taken.HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{A30E2199-21A0-1454-AC3C-4DC87C9714BC} (PUP.Optional.Tarma.A) -> No action taken.HKCUSoftware1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.HKCUSoftwareConduitSearchScopes (PUP.Optional.Conduit.A) -> No action taken.HKCUSoftwareAppDataLowSProtector (PUP.Optional.SProtector.A) -> No action taken.HKLMSOFTWAREBabylonToolbar (PUP.Optional.Babylon.A) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 1C:Documents and SettingsnikaApplication DataBabylon (PUP.Optional.Babylon.A) -> No action taken.Files Detected: 10C:Documents and SettingsAll UsersApplication DataBroowsie2saavieuninstall.exe (PUP.Optional.SilentInstall.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{2F26816B-CF11-4130-A3DB-8733F4C5A39D}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{2F26816B-CF11-4130-A3DB-8733F4C5A39D}TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{D8056004-59E8-40AA-A241-11CA03E642F2}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{D8056004-59E8-40AA-A241-11CA03E642F2}TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal SettingstempTsuD43A0CB4.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal SettingstempTsu14B80E2A.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal Settingstemp{825BE6DA-9941-45C2-A729-D16359B8C42C}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal Settingstemp{0F3D058F-DF43-4671-A49A-9761D4DE2779}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaApplication DataBabylonlog_file.txt (PUP.Optional.Babylon.A) -> No action taken.(end)

Share this post


Link to post
Share on other sites

Hi me82,

 

Y is more experienced at reading a log file than I am but this is the definition of PUP:

 

 

A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.

The term was created by McAfee, the Internet Security company, because marketing firms objected to having their products called "spyware": in the view of such firms, all the information necessary for informed consent is included in the download agreement. It is widely recognized, however, that many if not most users fail to read a download agreement in sufficient detail to understand exactly what they are downloading.

McAfee differentiates PUPs from other types of malware, such as viruses, Trojans, and worms, which can be safely assumed to be unwanted by the user.

Personally, I would have taken the same action you took....delete them. :mrgreen:
Regards,
Hawk :b33r:

Share this post


Link to post
Share on other sites

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:AdwCleaner folder.

Share this post


Link to post
Share on other sites

Jacee, I was just wondering about this:

 

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly.

 

I detest toolbars so I would not use the program. I will continue to use Malwarebytes. :)

 

Regards,

 

Hawk :b33r:

Share this post


Link to post
Share on other sites

AdwCleaner is a good program for cleaning unwanted adware and the like but AdwCleaner can be overly aggresive in what it wants to remove. It will take out any toolbar, good or bad if you let it so you do need to carefully see and uncheck anything you want to keep

Share this post


Link to post
Share on other sites

Thanks for posting the malwarebytes log.

Those items are safe and recommended that you delete them.

 

Since ConduitSearchScopes and the Babylon toolbar were detected, I agree with Jacee that running AdwCleaner would be in your best interest as a follow through. :nospys:

 

:) Y

Share this post


Link to post
Share on other sites

I can't count the times the "Ask toolbar" was bundled in other downloads. If that is not bad enough, when I Google something,there is the "Ask" search engine. I detest Ask with a passion. :geezer:

 

Regards,

 

Hawk :b33r:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...