Help with RK log - do I actually have any problems?

[Anonymouse]

Hi folks,

I'm relatively new to RogueKiller, and gather that folks here can tell me from it's log if I actually have problems or not?  I've attached a log from a short while ago, after manually changing the .log to .txt so it would upload.  Thanks in advance for your help.  Oops, just noticed others pasted their log in rather than attaching, so I've added it below...

p.s., No idea if this is related, but I've been getting high memory & sometimes CPU usage from the latest version of flash player, and also today noticed that explorer.exe at least part of the time was using 50% of my CPU (I restarted the computer and now it's not using CPU)

RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robin [Admin rights]
Mode : Scan -- Date : 05/30/2014  11:58:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2739618812-516719390-3748644299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2739618812-516719390-3748644299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2739618812-516719390-3748644299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2739618812-516719390-3748644299-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \Leader Technologies\PowerRegister\Seagate NA4JJ3WM Product Registration (Robin) -- C:\Users\Robin\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JJ3WM Product Registration.exe (/remind /language=ENU /SRNM="NA4JJ3WM" /BRND="Seagate" /BDSR="Seagate NA4JJ3WM" /loadsrnm="NA4JJ3WM") -> FOUND

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Seagate NA4JJ3WM Product Registration.lnk -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4JJ3WM Product Registration.lnk [LNK@] C:\Users\Robin\AppData\Roaming\LEADER~1\POWERR~1\SEAGAT~1.EXE -> FOUND

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] s5yx7u6t.default : Boounce [toolbar@boounce.com] -> FOUND
[PUP][FIREFX:Addon] s5yx7u6t.default : Session Manager [{1280606b-2510-4fe0-97ef-9b5a22eafe30}] -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
--- User ---
[MBR] 80ff88993ed7172dd0189cdf52f3615a
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05302014_111710.log

[Tigzy]

Hello
You only have PUMs, PUPs, and Seagate related things.
You can remove the 2 PUPs in firefox, either with RogueKiller or with AdwCleaner (will do probably a better work)

If you still encouter issues, I can suggest an additional scan with Malwarebytes

[Anonymouse]

What are PUMs?  What problems do they cause?  PUPs are potentially unwanted programs, right? 

How risky is it to remove these items?

I have a seagate external drive - I assume those issues are related to their "nag" screen for registering it - is that an actual problem?

Malwarebites doesn't find any problems, neither does the McAfee version that comes with Cox internet. 

And one of the PUPs looks like it's associated with Session Manager - a great add on  that I've used for years... how can I tell if it's really associated with Session Manager and needed, or if it's a problem that needs to be gotten rid of?

[Tigzy]

PUM: http://www.techterms.com/definition/pum

Yes, Seagate triggers suspicious things, skip them.
After some tests, it looks like Session Manager has been flagged falsely, will remove it.