Jump to content

Rogue Killer Log


Recommended Posts

Hi there, I recently found out my computer is infested with Malware. I ran Adwcleaner and it removed most Malware. I then ran Rogue Killer and all this shows up. I don't know what to remove and what to keep. Please help!

 

RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Karl [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/04/2016 03:56:13 (Duration : 01:34:31)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 87 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{9FF9AE6F-4553-41a7-B645-B0E88850EABF} (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{B5963225-DC80-4D1A-960B-F983006F2FCE} (C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\amd64\RzSurroundVADSettingsStreamROT.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468} (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG SafeGuard toolbar -> Found
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar -> Found
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\AVG SafeGuard toolbar -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\IM -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\AVG SafeGuard toolbar -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\IM -> Found
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar -> Found
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0814avt : C:\Users\Karl\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=0814avt [x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1114avt : C:\Users\Karl\AppData\Roaming\Avg_Update_1114avt\AVG-Secure-Search-Update_1114avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1114avt [x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1214av : C:\Users\Karl\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1214av [x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0814avt : C:\Users\Karl\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=0814avt [x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1114avt : C:\Users\Karl\AppData\Roaming\Avg_Update_1114avt\AVG-Secure-Search-Update_1114avt.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1114avt [x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_1214av : C:\Users\Karl\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=58f79d9bbfa947d39dc545d7408cdcc7-e5ae9edfc15133458f377b5b012a9bf0f2b522b6 /CMPID=1214av [x] -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54309;https=127.0.0.1:54309  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:54309;https=127.0.0.1:54309  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55930;https=127.0.0.1:55930  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548  -> Found
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4160592222-2471696740-187910471-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.istartsurf.com/web/?type=ds&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548&q={searchTerms}  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7A31F899-4436-42A5-9CB9-B46A4069E8BE} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8156ABDF-BFB5-4D2A-804D-37543AEFA997} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe|Name=Blizzard Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {15239EC1-11B9-43BB-8AC5-C787ACC3A6F7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe|Name=Blizzard Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {20C20BCC-223A-4E23-9F1B-BE4E63237EA4} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDC75D61-FE98-49F7-88DA-5688484524F7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1AC38EA2-28FF-4841-9DC5-BCA719577930} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe|Name=TERA| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F78A636E-D8F5-422C-9A56-C60E3BDE2046} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe|Name=TERA| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2E324F65-9902-4938-844F-DC4E452980CB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB6C7E21-2C1B-43CC-AA9A-0CB84E7A18C9} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3666D6BE-D60D-4C28-B748-4A3ECF683D8E} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe|Name=TERA| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A773DC06-D557-4359-8839-F14531956F56} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe|Name=TERA| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A765BF54-18B3-4853-8951-EB2C7F7F0837} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D64AAD56-2337-41E6-B2E7-C59F983455D7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {128F181D-7235-4D1E-880E-21CB2134F261} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F9789088-BEA9-4CD3-BB27-17D88014D696} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9826AFA7-347F-4138-9835-7A81124C7E2A} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4C58FC4B-5844-4F6C-BEC3-A7EC98B60326} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {24E024FD-DB39-4C28-9674-68E80AADDFD3} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {49D510BB-F786-4146-B64B-8F7F3538EEAD} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {895DDBC8-6BA2-4F5B-BE50-1F9C7C5FF643} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {290896D9-7843-43A5-9B47-9B5E0A462035} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DE7221E1-7C9E-4D86-AFA5-1BC317966A2F} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3F314565-D90C-4032-81C3-9B93090E78AA} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {367264A1-7161-4198-879A-417597155D51} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EDEE7D0D-7C8E-475D-ACE9-36316C39BBF7} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A78026C6-692E-4FC6-9903-D2D4169597EA} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E73A8669-1042-4088-B93D-086249BB9D01} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9AED6A67-D128-479B-95D3-08F0763E6412} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9018F5FB-BC74-473B-B036-AD816E4A6202} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{63AE077E-FE71-4BAE-8077-D604EB9D6A72}C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{ED5BE0B7-400D-48E8-934D-8DFA4D86BA45}C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\karl\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A98A9BA3-8DE5-4CE2-B167-1FBEC005E0D5} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3BE0D155-4C39-4883-B3C7-88A7BF59CFE3} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F5665A48-837F-4894-B74F-DF5A874B95F8} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83B6976E-659F-45B5-890F-8C8D0AD6FFAB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D1C762BC-8B42-48C5-9DB7-487A4465BCAB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2366D3A8-3A5E-4F0A-AC97-F7013285E78A} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {630BDBEE-4B02-4B94-93D0-63E5F6B78350} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7F70A275-9B08-4EE3-8D73-C229F619EAE5} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F0C2F5FE-8256-45B9-8DC3-2C860F73F556} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {411380A4-70C5-460B-83F4-69479325E257} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [-] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 30 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\AVG-SSU_1116avz.job -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe (/CMPID=1116avz /RUNBY=AV) -> Found
[Suspicious.Path] %WINDIR%\Tasks\AVG-SSU_1116avz_DELETE.job -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe ( /CMPID=1116avz /CMPN_DELETE_ALL /RUNBY=AV) -> Found
[Suspicious.Path] %WINDIR%\Tasks\DingRing.job -- c:\programdata\{7cf640ba-e0d8-b6d7-7cf6-640bae0d02eb}\6331770522753531716b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\EasyLinks.job -- c:\programdata\{a86a7b52-2f78-43e0-a86a-a7b522f7ed48}\584384711206213629b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\EasyUpdate.job -- c:\programdata\{e760a475-4bf3-9aed-e760-0a4754bf91d5}\8997366422892820817b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\InvestQuest.job -- c:\programdata\{d5506e9e-1097-3061-d550-06e9e109ba78}\2239782516067653546b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\JavaLava.job -- c:\programdata\{6a7e1e11-c4f7-097d-6a7e-e1e11c4f7847}\7183946674602915571b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\PhraseSmartifier.job -- c:\programdata\{a81ed437-bea4-6b5b-a81e-ed437bea50de}\5494190051056317166b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\ShadowLoader.job -- c:\programdata\{4e236a2a-f69d-1b0c-4e23-36a2af69a8ab}\4697978085396306384b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\StashCache.job -- c:\programdata\{96e6491d-eb1f-b59e-96e6-6491deb12477}\8972440561097148295b.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\SW.Booster-S-4606583622.job -- c:\programdata\greenapp\sw.booster\SW.Booster.exe (/schedule /profile "c:\programdata\greenapp\sw.booster\4606583622.ini") -> Found
[Suspicious.Path] %WINDIR%\Tasks\TourMaster.job -- c:\programdata\{40aead7f-bcb2-4a6c-40ae-ead7fbcbb5fe}\6006290760717598913c.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\TrackGraph.job -- c:\programdata\{5572febc-05bd-a912-5572-2febc05bfaf0}\2831529604139760544c.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\VidMustSee.job -- c:\programdata\{2bfe864f-28d6-f46e-2bfe-e864f28d193c}\9032780107734129261c.exe (--startup=1 --single) -> Found
[Suspicious.Path] %WINDIR%\Tasks\YourTea.job -- c:\programdata\{21d19db1-fb74-278b-21d1-19db1fb776c7}\3545640803519789852b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \AVG-SSU_1116avz -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe (/CMPID=1116avz /RUNBY=AV) -> Found
[Suspicious.Path] \AVG-SSU_1116avz_DELETE -- C:\ProgramData\Avg_Update_1116avz\AVG-Secure-Search-Update_1116avz.exe (/CMPID=1116avz /CMPN_DELETE_ALL /RUNBY=AV) -> Found
[Suspicious.Path] \DingRing -- c:\programdata\{7cf640ba-e0d8-b6d7-7cf6-640bae0d02eb}\6331770522753531716b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \EasyLinks -- c:\programdata\{a86a7b52-2f78-43e0-a86a-a7b522f7ed48}\584384711206213629b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \EasyUpdate -- c:\programdata\{e760a475-4bf3-9aed-e760-0a4754bf91d5}\8997366422892820817b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \InvestQuest -- c:\programdata\{d5506e9e-1097-3061-d550-06e9e109ba78}\2239782516067653546b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \JavaLava -- c:\programdata\{6a7e1e11-c4f7-097d-6a7e-e1e11c4f7847}\7183946674602915571b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \PhraseSmartifier -- c:\programdata\{a81ed437-bea4-6b5b-a81e-ed437bea50de}\5494190051056317166b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \ShadowLoader -- c:\programdata\{4e236a2a-f69d-1b0c-4e23-36a2af69a8ab}\4697978085396306384b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \StashCache -- c:\programdata\{96e6491d-eb1f-b59e-96e6-6491deb12477}\8972440561097148295b.exe (--startup=1 --single) -> Found
[Suspicious.Path] \SW.Booster-S-4606583622 -- c:\programdata\greenapp\sw.booster\SW.Booster.exe (/schedule /profile "c:\programdata\greenapp\sw.booster\4606583622.ini") -> Found
[Suspicious.Path] \TourMaster -- c:\programdata\{40aead7f-bcb2-4a6c-40ae-ead7fbcbb5fe}\6006290760717598913c.exe (--startup=1 --single) -> Found
[Suspicious.Path] \TrackGraph -- c:\programdata\{5572febc-05bd-a912-5572-2febc05bfaf0}\2831529604139760544c.exe (--startup=1 --single) -> Found
[Suspicious.Path] \VidMustSee -- c:\programdata\{2bfe864f-28d6-f46e-2bfe-e864f28d193c}\9032780107734129261c.exe (--startup=1 --single) -> Found
[Suspicious.Path] \YourTea -- c:\programdata\{21d19db1-fb74-278b-21d1-19db1fb776c7}\3545640803519789852b.exe (--startup=1 --single) -> Found

¤¤¤ Files : 0 ¤¤¤


¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 6 ¤¤¤
[PUP][Firefox:Addon] 368vt0s5.default : Widget context [{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}] -> Found
[PUP][Firefox:Addon] 368vt0s5.default : SeeSimilar02 [seesimilar02@SeeSimilar.com] -> Found
[PUM.SearchEngine][Firefox:Config] 368vt0s5.default : user_pref("browser.search.selectedEngine", "Default"); -> Found
[PUM.SearchEngine][Firefox:Config] 368vt0s5.default : user_pref("browser.search.defaultenginename", "Default"); -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.istartsurf.com/?type=hp&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.istartsurf.com/?type=hp&ts=1423878590&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548|http://www.istartsurf.com/?type=hppp&ts=1423878664&from=ild&uid=WDCXWD10EZEX-75ZF5A0_WD-WMC1S156654866548|http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_32&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtByByDtCzyyD0F0CtC0AtN0D0Tzu0StCtAtCtBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0BtCtA0AyDzztGyE0D0E0BtGyEyE0CyEtGyCtDtAtAtGzz0CtBtCyCyCyDtAyEyE0Azy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0CyCyE0E0DtCtGtAyC0B0FtGyE0DtD0CtGzyyD0FtBtGyCzztDyCyCyByC0C0EtB0Fzy2QtN0A0LzuyE%26cr%3D228330861%26a%3Dwncy_ir_15_32%26os%3DWindows%2B8|http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_32&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dca%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCtByByDtCzyyD0F0CtC0AtN0D0Tzu0StCtAtCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EtCtAyC0CtBtCtGtCzzyBtDtG0EtC0ByCtGyBtDtB0BtG0D0AtCtBtAzy0EzyyDtDyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0CyCyE0E0DtCtGtAyC0B0FtGyE0DtD0CtGzyyD0FtBtGyCzztDyCyCyByC0C0EtB0Fzy2QtN0A0LzuyE%26cr%3D562425129%26a%3Dwny_ir_15_32%26os%3DWindows 8] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75ZF5A0 +++++
--- User ---
[MBR] 6fabe91d9341cd6b6c6b873c6f0e71fc
[BSP] 40466e23af3d87d026e7578eda66d7a4 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
4 - Basic data partition | Offset (sectors): 2394112 | Size: 940981 MB
5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1929523200 | Size: 11718 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

 


 

Please download Zemana AntiMalware and save it to your  Desktop.

  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scanto begin.
  • After the short scan is finished, if threats are detected press Next to remove them.


Note:
If restart is required to finish the cleaning process, you should click
Reboot
. If reboot isn't required, please restart your computer manually.

  • Open Zemana AntiMalware again.
  • Click on 4zu6vb.jpg icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.

Link to post
Share on other sites

Let's find out.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.