Presentationhost & Conhost Plus More

FoxTrot05 · Jan 17, 2016

Hi

i recently noticed that my laptop has been running a LOT of random processes that i dont recognize and is taking up a big chunk. (See the attached image) the first 3 processes i believe are fake and the presentationhost.exe process is something thats new to me and most likely a virus or some kind.

I ran hitman pro and removed the malwares and trojans and rebooted. I did a 2nd run and found few cookies and no malwares, but all the random processes still remain. please help

I forgot to save the first log but i did save the 2nd one

Thanks

Kestrel13! · Jan 17, 2016

Hi and a warm welcome to Majorgeeks.

For me to check for malware, you will need to run through our procedures in their entirety.

Here is the link: READ & RUN ME FIRST - Malware Removal Guide

FoxTrot05 · Jan 17, 2016

hi

so i went through all the steps very carefully and i dont see the random processes anymore which is great!

but i was wondering if you can look through the logs to see if its all clear or not

thank you in advance

Kestrel13! · Jan 18, 2016

Good morning... just off to a dr appointment. Soon as I am back I'll make a response.

Kestrel13! · Jan 18, 2016

Hi there.

I strongly advise you to clean up your desktop. It's rather cluttered.

I'd like you to re run Malware Bytes yet again and let it remove anything else it may find.

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Better-Surf -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SimpleFiles -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mchInjDrv (\??\C:\Users\Kevin\AppData\Local\Temp\mc25A38.tmp) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv (\??\C:\Users\Kevin\AppData\Local\Temp\mc25A38.tmp) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv (\??\C:\Users\Kevin\AppData\Local\Temp\mc25A38.tmp) -> Found

[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-2914078422-3803083522-4181326434-1001\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for this entry on the files tab please...

[PUP][Folder] C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Re run RogueKiller again (just a scan) and attach log.

Log in or Sign up

Presentationhost & Conhost Plus More

FoxTrot05 Private E-2

Attached Files:

HitmanPro_20160117_0306.log

Untitled.png

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

FoxTrot05 Private E-2

Attached Files:

Anti-Malware Home log.txt

HitmanPro_20160117_1611.log

RogueKiller log.txt

TDSSKiller.3.1.0.9_17.01.2016_15.55.26_log.txt

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member