Messages

1

RogueKiller / Not sure if I should be worried about some things that were found.

« on: July 27, 2016, 11:44:09 PM »

Hey there! So I just decided to run RogueKiller while doing some antivirus work on my PC, and I didn't really see anything in the logs that seemed to severe, but I am confused by the appearance of some entries.

The entries I'm confused about are the ones prefixed with "Start_", as they pertain to the Start menu. I've disabled a few options from my Start menu, so I'm thinking that's why those have shown up. As well, the ConsentPromptBehaviorAdmin worries me. Should I remove those entries with RogueKiller?

I'm obviously going to remove all the Hola stuff and the Internet Explorer stuff as I don't use either program, same with the Discord entries.

Code: [Select]

RogueKiller V12.4.0.0 (x64) [Jul 18 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 404 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/27/2016 17:33:32

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 31 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Hola -> Found
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\Hola -> Found
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\Hola -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Hola -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Hola -> Found
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\Hola -> Found
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\Hola -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Run | Discord : C:\Users\404\AppData\Local\Discord\app-0.0.292\Discord.exe [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Run | Discord : C:\Users\404\AppData\Local\Discord\app-0.0.292\Discord.exe [7] -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://gateway.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://gateway.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://gateway.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://gateway.msn.com  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3414343756-560274184-2910045562-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP][Folder] C:\Users\404\AppData\Roaming\Hola -> Found
[PUM.Firefox][File] C:\Users\404\AppData\Roaming\Mozilla\Firefox\Profiles\1hla1ub2.default\Invalidprefs.js -> Found
[PUP][Folder] C:\Program Files\Hola -> Found
[PUP][Folder] C:\Program Files (x86)\IObit -> Found
[PUM.Firefox][File] C:\Users\404\AppData\Roaming\Mozilla\Firefox\Profiles\1hla1ub2.default\Invalidprefs.js -> Found

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-22PASB0 +++++
--- User ---
[MBR] 5171256f02f517ad451eee083a059971
[BSP] ca0f35d08c0db95d410b9a692c4c1627 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 1893291 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic Mini SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )