ÿþRogueKiller Anti-Malware V13.1.3.0 [Jan 24 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits Started in : Normal mode User : p [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Signatures : 20190121_152739, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/01/30 15:56:12 (Duration : 00:56:34) Switches : -refid 3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [VT.Unknown (Potentially Malicious)] DFServ.exe (892) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [VT.Unknown (Potentially Malicious)] tapstrong (0) -- (Strong Technology, LLC) system32\DRIVERS\tapstrong.sys -> Found [PUP.Gen1 (Potentially Malicious)] Util Norpalla (0) -- "C:\Program Files\Norpalla\bin\utilNorpalla.exe" -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1|Adw.PayByAds (Malicious)] (Microsoft Windows) \Yahoo! Search Updater -- wscript.exe [//B "C:\Users\p\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\..\updt.js"] -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O101 - Clsid [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{0B257DAE-66FE-4A5B-954F-0DA536599865} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterBroker.exe" -> Found [PUP.Gen0 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{2EDC1FA7-A499-4B61-A8EF-6D7358086220} -- (Maxiget Limited) C:\Program Files\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{375D6409-3B2F-4093-9A8A-597660C9FFEA} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterOnDemand.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{76C99418-BC08-4D65-9652-531101EFF701} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterBroker.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{7B3418AF-9901-4F15-B66B-7053D7A1BD1E} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterBroker.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{877C41CD-A715-4E93-B1F5-F73606E7F456} -- (Maxiget Limited) C:\Program Files\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{952C2A45-A877-4FDA-A2E9-3BACF926084C} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterOnDemand.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{A98F1BF0-2DD7-4813-86CA-625808970141} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterOnDemand.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{B79DCCCE-5D68-405E-A844-2114E3DBC1D1} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterBroker.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{B8B812CD-E38D-47F7-8B3C-AED08B4B2CF5} -- (Maxiget Limited) C:\Program Files\Maxiget\Updater\70.3.29.7018\psmachine.dll -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{BCD8E0F4-2C79-40FF-A3D9-BFB45B03252E} -- (Maxiget Limited) C:\Program Files\Maxiget\Updater\70.3.29.7018\psmachine.dll -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{C13EF276-BD72-4874-B405-CDD6193212F4} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterOnDemand.exe" -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{CB2433C3-7FC4-43C9-89AE-10652126D7E1} -- (Maxiget Limited) "C:\Program Files\Maxiget\Updater\70.3.29.7018\MaxigetUpdaterOnDemand.exe" -> Found >>>>>> XX - Software [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Maxiget -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-532372818-831637793-4151276621-1000\Software\Distromatic -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-532372818-831637793-4151276621-1000\Software\Maxiget -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-532372818-831637793-4151276621-1000\Software\PowerPack -- N/A -> Found >>>>>> XX - Uninstall [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MaxiGet Software Manager_is1 -- N/A -> Found >>>>>> O23 - Services [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Util Norpalla -- "C:\Program Files\Norpalla\bin\utilNorpalla.exe" (missing) -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Util Norpalla -- "C:\Program Files\Norpalla\bin\utilNorpalla.exe" (missing) -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Util Norpalla -- "C:\Program Files\Norpalla\bin\utilNorpalla.exe" (missing) -> Found >>>>>> XX - Explorer Advanced [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-532372818-831637793-4151276621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potentially Malicious)] (folder) Maxiget -- C:\Users\p\AppData\Local\Maxiget -> Found [PUP.Gen1 (Potentially Malicious)] (folder) Amazon Browser Settings -- C:\Program Files\Amazon Browser Settings -> Found [PUP.Gen1 (Potentially Malicious)] (folder) Maxiget -- C:\Program Files\Maxiget -> Found [PUP.Gen1 (Potentially Malicious)] (folder) Amazon Browser Settings -- C:\Program Files\Amazon Browser Settings -> Found [PUP.Gen1 (Potentially Malicious)] (folder) Maxiget -- C:\Program Files\Maxiget -> Found [PUP.Gen1 (Potentially Malicious)] (folder) Maxiget -- C:\Users\p\AppData\Local\Maxiget -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Firefox Config [PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename (C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\1fan8a2l.default\prefs.js) -- Bing -> Found [PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\1fan8a2l.default\prefs.js) -- Bing -> Found >>>>>> Chrome Config [PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\p\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- yahoo.com -> Found [PUP.Gen1 (Potentially Malicious)] homepage (C:\Users\p\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- http://rts.dsrlte.com?affID=na -> Found