Author Topic: advice for log  (Read 6228 times)

0 Members and 1 Guest are viewing this topic.

January 19, 2017, 03:18:31 PM

lmkwin

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
advice for log
« on: January 19, 2017, 03:18:31 PM »
Can you advise which should be removed?  Thank you.

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
Mode : Scan -- Date : 01/18/2017 22:48:31 (Duration : 02:15:14)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{00020812-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\et.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{000209FF-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\wps.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{00024500-0000-0000-C000-000000000046} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\et.exe /Automation) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} (C:\Program Files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{45540086-5750-5300-4B49-4E47534F4655} (C:\Users\agale\AppData\Local\Kingsoft Office\10.2.0.5811\office6\et.exe /Automation) -> Found
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{91493441-5A91-11CF-8700-00AA0060263B} (C:\Users\agale\AppData\Local\KINGSO~1\1020~1.581\office6\wpp.exe /Automation) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\AppDataLow\Software\adawarebp -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} :   -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/  -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B7FDC056-F051-4067-92EE-BE1DC00AD4C3} | DhcpNameServer : 172.16.0.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B7FDC056-F051-4067-92EE-BE1DC00AD4C3} | DhcpNameServer : 172.16.0.1 ([])  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files\xfin_portal -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [mysearch.avg.com] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://mysearch.avg.com/search?cid={0DA3AF34-B38C-40F8-BCCA-B97F1C105D76}&mid=81f2b15037ed47d389d1d1574dc092a5-c16a38ad0ae11ab66968c60fe659f49aa1e8cc56&lang=en&ds=dl011&pr=sa&d=2013-08-10 12:03:33&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [http://toolbar.avg.com/acp?q={searchTerms}&o=1] -> Found

¤¤¤ MBR Check : ¤¤¤
« Last Edit: January 19, 2017, 03:22:10 PM by lmkwin »

Reply #1January 19, 2017, 06:52:04 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: advice for log
« Reply #1 on: January 19, 2017, 06:52:04 PM »
Hi lmkwin,

Welcome to Adlice.com Forum.
You can safely remove the following items :
Code: [Select]
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} (C:\Program Files\Common Files\AVG Secure Search\RewardsInstaller\17.1.2\AVGRewardsWorker.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\AppDataLow\Software\adawarebp -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} :   -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-472153062-2965157551-1287252079-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUP.Gen1][Folder] C:\Program Files\xfin_portal -> Found

The other detections are either false positives (KingSoft Office) or PUMs.
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit.
For more information, please read RogueKiller Documentation.

Regards.