Jump to content

PUPs/PUMs found


Recommended Posts

Can you advise which of the following should be removed?  IE is highjacked by "your security settings do not allow download."  and chrome is highjacked by "shockwave plugin not working" msg.  Malwarebytes did not find so ran RogueKiller which found pup and pums.  Can you help if removing below will solve the highjacks?  thanks!

Started in : Normal mode
Mode : Scan -- Date : 01/01/2015  16:12:55

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 27 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://poc.flexmls.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://poc.flexmls.com/  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-501\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-501\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 204.186.80.251 204.186.110.114 216.144.187.199 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 204.186.80.251 204.186.110.114 216.144.187.199 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 204.186.80.251 204.186.110.114 216.144.187.199 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC83281B-DB74-48E6-BD04-D558A489F213} | DhcpNameServer : 204.186.80.251 204.186.110.114 216.144.187.199 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC83281B-DB74-48E6-BD04-D558A489F213} | DhcpNameServer : 204.186.80.251 204.186.110.114 216.144.187.199 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BC83281B-DB74-48E6-BD04-D558A489F213} | DhcpNameServer : 204.186.80.251 204.186.110.114 216.144.187.199 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++


 

 

Link to post
Share on other sites

Hello and :welcome: :

We are not permitted to review scan logs or work on possible malware-related issues here in this section of the forum.


So, for expert assistance deciding what to remove and what to keep, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.