Author Topic: DNS keys/Browser Issues.  (Read 5363 times)

0 Members and 1 Guest are viewing this topic.

July 28, 2014, 07:00:50 AM

Douglas45

  • Guest
DNS keys/Browser Issues.
« on: July 28, 2014, 07:00:50 AM »
After I did a scan I got redirected here: http://www.adlice.com/kernelmode-rootkits-part-3-kernel-filters/ .  In the scan it mentioned registry keys concerning DNS and also Chrome browser issues?
Thanks.

Reply #1July 28, 2014, 11:51:55 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: DNS keys/Browser Issues.
« Reply #1 on: July 28, 2014, 11:51:55 AM »
Hello

Can you please provide a report? :)

Reply #2July 30, 2014, 04:33:34 AM

Douglas45

  • Guest
Re: DNS keys/Browser Issues.
« Reply #2 on: July 30, 2014, 04:33:34 AM »
Yes, here it is.  :)

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : john [Admin rights]
Mode : Scan -- Date : 07/28/2014  15:42:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 198.142.0.51  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 198.142.0.51  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 198.142.0.51  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | NameServer : 156.154.70.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | DhcpNameServer : 8.26.56.26 198.142.0.51  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C4FC679E-0CF0-4B12-9D7D-3BFD029F6B65} | DhcpNameServer : 10.143.147.147 10.143.147.148  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | NameServer : 156.154.70.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | DhcpNameServer : 8.26.56.26 198.142.0.51  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C4FC679E-0CF0-4B12-9D7D-3BFD029F6B65} | DhcpNameServer : 10.143.147.147 10.143.147.148  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | NameServer : 156.154.70.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | DhcpNameServer : 8.26.56.26 198.142.0.51  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C4FC679E-0CF0-4B12-9D7D-3BFD029F6B65} | DhcpNameServer : 10.143.147.147 10.143.147.148  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\msrpc.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000526SV ATA Device +++++
--- User ---
[MBR] 0d045626d84f3d91c2aa3b8181e48ff0
[BSP] 790f3f41881509e26865f88de7034a64 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000526SV ATA Device +++++
--- User ---
[MBR] 264a3cc523980de401663de2930c555b
[BSP] a07943d555a412d9697e072a3065792c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 646459 MB
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 1323950080 | Size: 307409 MB
User = LL1 ... OK
User = LL2 ... OK

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : john [Admin rights]
Mode : Remove -- Date : 07/29/2014  14:35:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.8.4.4  -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.8.4.4  -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.26.56.26 8.8.4.4  -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | DhcpNameServer : 8.26.56.26 8.8.4.4  -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | DhcpNameServer : 8.26.56.26 8.8.4.4  -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6EA1F250-E6C5-46E4-8A95-FB0D406385F2} | DhcpNameServer : 8.26.56.26 8.8.4.4  -> REPLACED ()

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\msrpc.sys)

¤¤¤ Web browsers : 7 ¤¤¤
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> DELETED
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : Google Voice Search Hotword (Beta) [bepbmhgboaologfdajaanbcjmnhjmhfn] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000526SV ATA Device +++++
--- User ---
[MBR] 78f9135bb54d6cc17fefc0b7b1087206
[BSP] 8bdb8e4bfa3cdd19ff5857c587e6be77 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000526SV ATA Device +++++
--- User ---
[MBR] 264a3cc523980de401663de2930c555b
[BSP] a07943d555a412d9697e072a3065792c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 646459 MB
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 1323950080 | Size: 307409 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Kingston DataTraveler G2 USB Device +++++
--- User ---
[MBR] e4efb308a2b2f503993952a95536ddcb
[BSP] 19da921b954f9cebd65f898cb279c34e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7636 MB
User = LL1 ... OK

I provided two actually because I keep get different results under Rootkits.
Thanks.