1
Malware removal help / Question on pum.dns registry keys
« on: May 02, 2015, 05:22:32 PM »
Hello All,
Working on a computer--have run several scans...MalwareBytes, Rogue Killer, Adwcleaner, Junkware Removal Tool, Hitman Pro, Zone Alarm....Still get these same six strings on each Rogue Killer scans after fixing and rebooting. Any thoughts on where to go from here? Here's the report:
RogueKiller V10.6.1.0 (x64) [Apr 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KB [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 05/01/2015 23:36:56
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A5D18430-9846-402E-8748-29680514504C} | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A5D18430-9846-402E-8748-29680514504C} | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A5D18430-9846-402E-8748-29680514504C} | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00BEVT-60A23T0 SATA Disk Device +++++
--- User ---
[MBR] c8d83c909ba0543b71ac8cfb5e156b96
[BSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 286067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 586274816 | Size: 14914 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04282015_205741.log - RKreport_DEL_04282015_205840.log - RKreport_SCN_04292015_060922.log - RKreport_DEL_04292015_061026.log
RKreport_SCN_04292015_180704.log - RKreport_DEL_04292015_180927.log - RKreport_SCN_05012015_054044.log - RKreport_DEL_05012015_055105.log
RKreport_DEL_05012015_055114.log - RKreport_SCN_05012015_232041.log - RKreport_SCN_05012015_233346.log
Thanks in advance!!!!
Working on a computer--have run several scans...MalwareBytes, Rogue Killer, Adwcleaner, Junkware Removal Tool, Hitman Pro, Zone Alarm....Still get these same six strings on each Rogue Killer scans after fixing and rebooting. Any thoughts on where to go from here? Here's the report:
RogueKiller V10.6.1.0 (x64) [Apr 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KB [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 05/01/2015 23:36:56
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A5D18430-9846-402E-8748-29680514504C} | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A5D18430-9846-402E-8748-29680514504C} | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A5D18430-9846-402E-8748-29680514504C} | DhcpNameServer : 205.171.3.25 205.171.2.25 [US][-] -> Replaced ()
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00BEVT-60A23T0 SATA Disk Device +++++
--- User ---
[MBR] c8d83c909ba0543b71ac8cfb5e156b96
[BSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 286067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 586274816 | Size: 14914 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04282015_205741.log - RKreport_DEL_04282015_205840.log - RKreport_SCN_04292015_060922.log - RKreport_DEL_04292015_061026.log
RKreport_SCN_04292015_180704.log - RKreport_DEL_04292015_180927.log - RKreport_SCN_05012015_054044.log - RKreport_DEL_05012015_055105.log
RKreport_DEL_05012015_055114.log - RKreport_SCN_05012015_232041.log - RKreport_SCN_05012015_233346.log
Thanks in advance!!!!