Author Topic: Would someone check my report for me please?  (Read 5801 times)

0 Members and 1 Guest are viewing this topic.

January 21, 2019, 01:47:28 PM

Flee

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Would someone check my report for me please?
« on: January 21, 2019, 01:47:28 PM »
I've had problems with autoexecutor.exe flicking on and off in Task manager and making my internet run high. Since I downloaded and scanned with Roguekiller it's stopped, but I don't know what I should remove.

Here's report:

RogueKiller Anti-Malware V13.0.22.0 (x64) [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ME [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2019/01/21 12:22:18 (Duration : 00:14:27)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O101 - Clsid
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC} -- (Grammarly, Inc.) C:\Users\ME\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.148\93E6FFF433\GrammarlyShim64.dll -> Found
>>>>>> XX - Software
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1185400306-745865266-466623641-1000\Software\YahooPartnerToolbar -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-1185400306-745865266-466623641-1000\Software\YahooPartnerToolbar -- N/A -> Found
>>>>>> O23 - Services
  [PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
  [PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Slimware (Potentially Malicious)] (file) SWDUMon.sys -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\ME\AppData\Local\AdvinstAnalytics -> Found
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\ME\AppData\Local\AdvinstAnalytics -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Config
  [PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- google.com__ -> Found
  [PUM.SearchPage (Potentially Malicious)] default_search_provider_data.template_url_data.url (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} -> Found

Reply #1January 22, 2019, 02:03:04 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Would someone check my report for me please?
« Reply #1 on: January 22, 2019, 02:03:04 AM »
Hi Flee,

Welcome to Adlice.com Forum.

First, I advise you to uninstall all Slimware currently present on your system.
Then, please select all the lines for deletion except these ones :
Quote
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC} -- (Grammarly, Inc.) C:\Users\ME\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.148\93E6FFF433\GrammarlyShim64.dll

[PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- google.com__
[PUM.SearchPage (Potentially Malicious)] default_search_provider_data.template_url_data.url (C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.