Inactive RougueKiller findings

[Sam66]

Hi, my antivirus said Svhost.exe tried to contact a malicious site so I ran steps 1 to 4 of
STEP 1: Remove Svchost.exe Master Boot Record infection with Kaspersky TDSSKiller
STEP 2: Run RKill to terminate Svchost.exe malicious processes
STEP 3: Remove Svchost.exe virus with Malwarebytes Anti-Malware Free
STEP 4: Remove Svchost.exe malware with RogueKiller
STEP 5: Remove Svchost.exe infection with HitmanPro
STEP 6: Double check for any left over infections with Emsisoft Emergency Kit
STEP 7: Remove Svchost.exe adware with AdwCleaner
STEP 8: Remove Svchost.exe browser hijacker with Junkware Removal Tool
but not sure if I am safe to delete all these findings

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

Mode : Scan -- Date : 09/08/2014 18:46:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A784E28-6377-4EB0-AA6C-2C24667C0924} | NameServer : 202.136.42.207 202.136.42.208 -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A784E28-6377-4EB0-AA6C-2C24667C0924} | NameServer : 202.136.42.207 202.136.42.208 -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-501\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-501\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3986084605-3247356130-1725618732-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤

[Suspicious.Path] GoogleUpdateTaskMachineUA.job -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> FOUND

[Suspicious.Path] GoogleUpdateTaskUserS-1-5-21-3986084605-3247356130-1725618732-1000UA.job -- C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> FOUND

[Suspicious.Path] \\GoogleUpdateTaskMachineUA -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> FOUND

So it says select which I want to delete. I don't know, are the all evil?

 

[Sam66]

I should also have said they were grey in registry orange in scheduled tasks sections

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.