Adlice forum

General Category => Malware removal help => Topic started by: melen on July 03, 2016, 11:28:26 PM

Title: PUM's and don't know if they are safe or bad.... HELP
Post by: melen on July 03, 2016, 11:28:26 PM

Hi...

Can somebody please verify if these PUM's are safe or should I remove them...


RogueKiller V12.3.6.0 (x64) [Jun 27 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : melen [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/03/2016 17:08:19

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.toshiba.com/?cid=C001B2Y  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.toshiba.com/?cid=C001B2Y  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] f4ac79b6a1a948e74d7f9b6d0649379a
[BSP] b72eeb4ef45ede7ec6828e66fb2a6a62 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699978 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1436628992 | Size: 13925 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Title: Re: PUM's and don't know if they are safe or bad.... HELP
Post by: Curson on July 04, 2016, 02:13:55 PM

Hi melen,

These PUM's are safe.
However, I advice you to remove IObit Uninstaller, since they use shadow practices.

Regards.

Title: Re: PUM's and don't know if they are safe or bad.... HELP
Post by: Cobana on September 20, 2016, 08:07:06 AM

What are shadow practices?

Title: Re: PUM's and don't know if they are safe or bad.... HELP
Post by: Curson on September 20, 2016, 12:30:49 PM

Hi Cobana,

Please refer to this thread : IOBit Steals Malwarebytes' Intellectual Property (https://forums.malwarebytes.org/topic/29681-iobit-steals-malwarebytes-intellectual-property/).

Regards.