hi need help just did a scan not sure what to do

[angelina1982]

 I have the scan done and I not sure how to share it,, it has open report I not  savory at these type of things or programs . so I like to share my report to get help and see what these mean.. what to do  thank you..

[Curson]

Hi Angelina,

Welcome to Adlice.com Forum.
Please click on the "Open TXT" button and copy/paste the content of the file in your next reply.
I will then analyze it.

Regards.

[angelina1982]

Hi Curson, Thnxs 4 u reply& welcome to the forum. I not sure why my email didn't show I had a reply.. anyway. I going to try to post it. I do really appreciate ur help and reply thnxs so much...
RogueKiller V12.7.5.0 (x64) [Oct 31 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : angie [Administrator]
Started from : C:\Users\angie\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 11/04/2016 06:00:05 (Duration : 01:13:41)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\couponprinter_x64.ocx) -> Found
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{7141B702-4F1A-4031-9A7F-6F2F5983B508} (C:\ProgramData\WRData\PKG\wrSyncNameExt64.dll) -> Found
[PUP|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\couponprinter_x64.ocx) -> Found
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{B057AA88-1020-4250-9EF6-46C89F12E31D} (C:\ProgramData\WRData\PKG\wrSyncNameExt64.dll) -> Found
[Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | S6000Mnt : \C:\WINDOWS\SysWOW64\Rundll32.exe S6000Rmv.dll

• -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {47A6A114-4221-40D9-98B9-3E14F38F64F5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe|Name=VIPRE Patch Management Agent|

• -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39594620-3DAA-4925-833D-1DAC07D94CFB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe|Name=VIPRE Patch Management Agent|

• -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B849C425-F855-4C5F-A26C-ABB032689F08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe|Name=VIPRE Patch Management Agent|

• -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5C11D88C-0F6C-4421-874A-D3ACCA790BAF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe|Name=VIPRE Patch Management Agent|

• -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3E6AEEB0-417C-4885-9E5C-85E33DC16182} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe|Name=VIPRE Patch Management Agent|

• -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {28F58E6E-CF2A-4CE9-A82F-3F82FFCACA5C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe|Name=VIPRE Patch Management Agent|

• -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX SATA Disk Device +++++
--- User ---
[MBR] 1c398c91a20938fa7cbf440a6eeada62
[BSP] b7443032a998f045022db4ba3e24ecff : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 593914 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1219409920 | Size: 450 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1220331520 | Size: 14615 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Curson]

Hi Angelina,

I advice you to remove the PUP.Coupons entries :

[PUP|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\couponprinter_x64.ocx) -> Found
[PUP|VT.Application.Win32.Coupons.a] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\couponprinter_x64.ocx) -> Found

This is a component of an potentially unwanted program (PUP) from Coupons that may effect the performance, security and privacy of you or your computer.

The others detections are false positive, aka legit entries.
We will fix this in RogueKiller next release and they won't appear anymore.

Regards.

[angelina1982]

Hi Curson... Thnxs 4 ur reply! Those 2 that u told me to remove are highlighted in red,, there one more that highlighted in red Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | S6000Mnt : \C:\WINDOWS\..... Do I also delete that one too??? when will next released be? I let u know if I get a diff results on my next scan. thank again... sincerely angelina

[Curson]

Hi Angelina,

You are welcome.
No, this item is legit. We will release a new version next week (probably on Monday).

Regards.