1
RogueKiller / advice for log
« on: January 19, 2017, 03:18:31 PM »
Can you advise which should be removed? Thank you.
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
Mode : Scan -- Date : 01/18/2017 22:48:31 (Duration : 02:15:14)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{00020812-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\et.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{000209FF-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\wps.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{00024500-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\et.exe /Automation) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} (C:\Program Files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{45540086-5750-5300-4B49-4E47534F4655} (C:\Users\agale\AppData\Local\Kingsoft Office\10.2.0.5811\office6\et.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{91493441-5A91-11CF-8700-00AA0060263B} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\wpp.exe /Automation) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\AppDataLow\Software\adawarebp -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B7FDC056-F051-4067-92EE-BE1DC00AD4C3} | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B7FDC056-F051-4067-92EE-BE1DC00AD4C3} | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\xfin_portal -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤
¤¤¤ Web browsers : 3 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [mysearch.avg.com] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://mysearch.avg.com/search?cid={0DA3AF34-B38C-40F8-BCCA-B97F1C105D76}&mid=81f2b15037ed47d389d1d1574dc092a5-c16a38ad0ae11ab66968c60fe659f49aa1e8cc56&lang=en&ds=dl011&pr=sa&d=2013-08-10 12:03:33&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [http://toolbar.avg.com/acp?q={searchTerms}&o=1] -> Found
¤¤¤ MBR Check : ¤¤¤
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
Mode : Scan -- Date : 01/18/2017 22:48:31 (Duration : 02:15:14)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{00020812-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\et.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{000209FF-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\wps.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{00024500-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\et.exe /Automation) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} (C:\Program Files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{45540086-5750-5300-4B49-4E47534F4655} (C:\Users\agale\AppData\Local\Kingsoft Office\10.2.0.5811\office6\et.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{91493441-5A91-11CF-8700-00AA0060263B} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\wpp.exe /Automation) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\AppDataLow\Software\adawarebp -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B7FDC056-F051-4067-92EE-BE1DC00AD4C3} | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B7FDC056-F051-4067-92EE-BE1DC00AD4C3} | DhcpNameServer : 172.16.0.1 ([]) -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\xfin_portal -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤
¤¤¤ Web browsers : 3 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [mysearch.avg.com] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://mysearch.avg.com/search?cid={0DA3AF34-B38C-40F8-BCCA-B97F1C105D76}&mid=81f2b15037ed47d389d1d1574dc092a5-c16a38ad0ae11ab66968c60fe659f49aa1e8cc56&lang=en&ds=dl011&pr=sa&d=2013-08-10 12:03:33&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [http://toolbar.avg.com/acp?q={searchTerms}&o=1] -> Found
¤¤¤ MBR Check : ¤¤¤