1
RogueKiller / Would someone check my report for me please?
« on: January 21, 2019, 01:47:28 PM »
I've had problems with autoexecutor.exe flicking on and off in Task manager and making my internet run high. Since I downloaded and scanned with Roguekiller it's stopped, but I don't know what I should remove.
Here's report:
RogueKiller Anti-Malware V13.0.22.0 (x64) [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ME [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2019/01/21 12:22:18 (Duration : 00:14:27)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O101 - Clsid
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC} -- (Grammarly, Inc.) C:\Users\ME\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.148\93E6FFF433\GrammarlyShim64.dll -> Found
>>>>>> XX - Software
[PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -- N/A -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1185400306-745865266-466623641-1000\Software\YahooPartnerToolbar -- N/A -> Found
[PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-1185400306-745865266-466623641-1000\Software\YahooPartnerToolbar -- N/A -> Found
>>>>>> O23 - Services
[PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
[PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Slimware (Potentially Malicious)] (file) SWDUMon.sys -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\ME\AppData\Local\AdvinstAnalytics -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\ME\AppData\Local\AdvinstAnalytics -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Config
[PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- google.com__ -> Found
[PUM.SearchPage (Potentially Malicious)] default_search_provider_data.template_url_data.url (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} -> Found
Here's report:
RogueKiller Anti-Malware V13.0.22.0 (x64) [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ME [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2019/01/21 12:22:18 (Duration : 00:14:27)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O101 - Clsid
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC} -- (Grammarly, Inc.) C:\Users\ME\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.148\93E6FFF433\GrammarlyShim64.dll -> Found
>>>>>> XX - Software
[PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -- N/A -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1185400306-745865266-466623641-1000\Software\YahooPartnerToolbar -- N/A -> Found
[PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-1185400306-745865266-466623641-1000\Software\YahooPartnerToolbar -- N/A -> Found
>>>>>> O23 - Services
[PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
[PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Slimware (Potentially Malicious)] (file) SWDUMon.sys -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\ME\AppData\Local\AdvinstAnalytics -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\ME\AppData\Local\AdvinstAnalytics -> Found
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Config
[PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- google.com__ -> Found
[PUM.SearchPage (Potentially Malicious)] default_search_provider_data.template_url_data.url (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} -> Found