Author Topic: PLEASE HELP ALL I SEE IS YELLOW :O  (Read 6330 times)

0 Members and 1 Guest are viewing this topic.

October 06, 2015, 06:29:09 AM

ts427

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
PLEASE HELP ALL I SEE IS YELLOW :O
« on: October 06, 2015, 06:29:09 AM »
Hello everyone,

This is my first time here. I am an English speaker mainly, wish I knew French. Please try and bare with me if I do not understand explanations fully. I have been using roguekiller for a while and downloaded a recent version, after the buggy version, and ever since I see a wall of yellow IAT hooks. I never really go to illegitimate website and I am fairly safe on the net so this really scares me. Please help!

Report:
¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84a8547a-a041-49b4-b63b-4180490ec3bd} | DhcpNameServer : 172.16.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{84a8547a-a041-49b4-b63b-4180490ec3bd} | DhcpNameServer : 172.16.0.1 ([X])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

¤¤¤ Antirootkit : 38 (Driver: Not loaded [0x20]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetFolderPathEx : C:\WINDOWS\SysWOW64\windows.storage.dll @ 0x7659fb70 (jmp dword [0x74a75024])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SysWOW64\windows.storage.dll @ 0x76662800 (jmp dword [0x74a75030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SysWOW64\windows.storage.dll @ 0x7665f920 (jmp dword [0x74a7502c])
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x170010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x170010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x170010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x790010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x790010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GdiDllInitialize : Unknown @ 0xb80010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ MSCTF.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ shlwapi.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x790010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0xcf0010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0xcf0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GdiDllInitialize : Unknown @ 0x10c0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ MSCTF.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ shlwapi.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0xcf0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010


All of these hooks in Chrome? How do I get rid of them? Are these real issues?

Reply #1October 06, 2015, 04:05:23 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: PLEASE HELP ALL I SEE IS YELLOW :O
« Reply #1 on: October 06, 2015, 04:05:23 PM »
Hi ts427,

Welcome to Adlice.com Forum.
Your report is clean.

PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation.

The Chrome's hooks are legit.

Regards.

Reply #2October 06, 2015, 08:51:22 PM

ts427

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: PLEASE HELP ALL I SEE IS YELLOW :O
« Reply #2 on: October 06, 2015, 08:51:22 PM »
Legit meaning safe right?

Reply #3October 07, 2015, 12:43:58 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: PLEASE HELP ALL I SEE IS YELLOW :O
« Reply #3 on: October 07, 2015, 12:43:58 AM »
Hi ts427,

Yes.

Regards.