Author Topic: What to delete?  (Read 4793 times)

0 Members and 1 Guest are viewing this topic.

August 26, 2017, 01:57:29 PM

drisco24

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
What to delete?
« on: August 26, 2017, 01:57:29 PM »
Please see report below. Wondering what i need to delete out of this list?


RogueKiller V12.11.11.0 (x64) [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : tigertripper [Administrator]
Started from : C:\Users\tigertripper\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 08/26/2017 10:35:14 (Duration : 01:55:03)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-814694285-3784135006-844523869-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #3 : C:\Users\tigertripper\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\tigertripper\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
  • -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-814694285-3784135006-844523869-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #3 : C:\Users\tigertripper\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\tigertripper\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
  • -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-814694285-3784135006-844523869-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-814694285-3784135006-844523869-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{54A9B362-A921-4E75-98BE-218630C9F3C6}C:\users\tigertripper\appdata\local\popcorn time\nw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\tigertripper\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User|
  • -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A7D6EF47-0A4F-43A0-9B88-B5A0052E3327}C:\users\tigertripper\appdata\local\popcorn time\nw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\tigertripper\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User|
  • -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2C3BC20F-1589-4C75-8D63-A6B8675DAC80}C:\users\tigertripper\appdata\local\temp\i1500977106\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\tigertripper\appdata\local\temp\i1500977106\windows\resource\jre\bin\javaw.exe|Name=javaw.exe|Desc=javaw.exe|Defer=User|
  • -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C96232C3-306F-43D7-A0DA-A5E483FD348B}C:\users\tigertripper\appdata\local\temp\i1500977106\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\tigertripper\appdata\local\temp\i1500977106\windows\resource\jre\bin\javaw.exe|Name=javaw.exe|Desc=javaw.exe|Defer=User|
  • -> Found


¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[PUP][File] C:\Users\Public\Desktop\Popcorn Time.lnk [LNK@] C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found
[PUP][File] C:\Users\tigertripper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk [LNK@] C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found
[PUP|PUP][Folder] C:\Users\tigertripper\AppData\Local\SweetLabs App Platform -> Found
[PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time -> Found
[PUP][Folder] C:\Program Files (x86)\Popcorn Time -> Found
[PUP][File] C:\Users\Public\Desktop\Popcorn Time.lnk [LNK@] C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10S21X-24R1BT0-SSHD-8GB +++++
--- User ---
[MBR] ab7da667522f966bb09387d1e8d5234b
[BSP] 2e2b2421c7f5c9476ad7d89ca45b81c2 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 910517 MB
5 - Basic data partition | Offset (sectors): 1869631488 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1922060288 | Size: 15363 MB
User = LL1 ... OK
User = LL2 ... OK


Reply #1August 26, 2017, 02:20:12 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: What to delete?
« Reply #1 on: August 26, 2017, 02:20:12 PM »
Hi drisco24,

Welcome to Adlice.com Forum.
You can safetly delete all the entries but these two :
Code: [Select]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-814694285-3784135006-844523869-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-814694285-3784135006-844523869-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found

Regards.