Author Topic: Rogue Killer Log Help needed for PUM entries  (Read 6017 times)

0 Members and 1 Guest are viewing this topic.

October 02, 2014, 02:07:50 AM

MoovinTarget

  • Guest
Rogue Killer Log Help needed for PUM entries
« on: October 02, 2014, 02:07:50 AM »
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_812A\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E24BB5CC-F1BB-4926-A4C3-4574DF18FA7E} | NameServer : 8.26.56.26,156.154.70.22  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_3907\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C406CFE3-F3E4-4855-A243-38AC1858CDD4} | DhcpNameServer : 172.20.1.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_L_3907\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E24BB5CC-F1BB-4926-A4C3-4574DF18FA7E} | NameServer : 8.26.56.26,156.154.70.22  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59AFBF09-F044-42A0-8EFC-2F5C5F2EC63E} | DhcpNameServer : 172.20.1.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E24BB5CC-F1BB-4926-A4C3-4574DF18FA7E} | NameServer : 8.26.56.26,156.154.70.22  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_23F2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_23F2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_L_F811\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_L_F811\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_23F2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_23F2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_L_F811\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_L_F811\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\RK_Jacque_ON_F_792A\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.drudgereport.com/  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\RK_Jacque_ON_F_792A\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.drudgereport.com/  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-443274777-1843769276-3568719699-1000\Software\Microsoft\Internet Explorer\Main | Start Page :   -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-443274777-1843769276-3568719699-1000\Software\Microsoft\Internet Explorer\Main | Start Page :   -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-443274777-1843769276-3568719699-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-443274777-1843769276-3568719699-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2003FYYS-05T8B0 ATA Device +++++
--- User ---
[MBR] a32ea7e904f1155d6ff0b8623a6a8914
[BSP] 2597a66d19ee088ba30ba2d81679d1c1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 670000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1372162048 | Size: 1237726 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 840 EVO 750G SCSI Disk Device +++++
--- User ---
[MBR] 8ba16df2d63d41998299b156a2307c4e
[BSP] f671a84b74561321f7ae4fefde4a17ac : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715403 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: ST320006 41AS SCSI Disk Device +++++
--- User ---
[MBR] dbdc3efec73e791eb84a61a650b45d71
[BSP] 55c25ce7caabbdf499cb409e67b97f4e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 802427 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1643372544 | Size: 1105301 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


Reply #1October 02, 2014, 12:17:25 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Rogue Killer Log Help needed for PUM entries
« Reply #1 on: October 02, 2014, 12:17:25 PM »
Hello
Please abuse politeness and ask a question.