Jump to content

Eight PUM Detections(Using Roguekiller) Nothing Found by Malwarebytes


Recommended Posts

Hello!
I scanned with Roguekiller just out of paranoia and it found eight PUM detections in my registry. Malwarebytes has found nothing, so I figure it might just be Roguekiller being overly-protective. Nonetheless, I attached logs from Roguekiller and FRST. If nothing is detected(F/Ps), please tell me. I've never used P2P software, and have never pirated anything. Cheers! :)

roguekillerReport.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

I fixed my problem using Malwarebytes RegASSASSIN, please close the thread.

I also wanted to thank the people who help others in this section for free, very generous(Not being sarcastic, it kind of sounds like that when I re-read what I typed).

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

The entries you quote in the roguekiller log are not malicious or infected, they are registry entries for system folders:

 

“{20D04FE0-3AEA-1069-A2D8-08002B30309D}” CLSID for "My Computer" or "Computer" or "My PC" depending on the version of Windows

 

“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”     CLSID for "User Files"

 

The default setting is DWord ending with 1 meaning hidden, if you care to look at one of the tutorials regarding RogueKiller it will tell you to ignore susch registry entries.

I see from the RK log that you`ve posted that the "Delete" function was used to change those settings, maybe a good idea to use system restore and go back to a point in time prior to running that action....

 

Do not see any obvious malware or infection in the FRST logs, do you have any symptoms that suggest malware or infection maybe present on your system....

 

Kevin

Link to post
Share on other sites

Nope, I stated I ran it out of paranoia.(I'm very cautious, anything that is even slightly fishy I immmediately go into "lockdown mode")

The registry keys were replaces, the only reason I thought maybe they were malicious was because I had just installed Classic Shell a couple weeks ago. The items were deleted, but instantly replaced. I just scanned again, and got a large list of host files, is this normal?

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

Link to post
Share on other sites

  • [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com

[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

Link to post
Share on other sites

Those entries in the Hosts file are not malicious, they are entries that have been added by a security program to block advertising software modules. I did note that UnChecky is installed, that will be the responsible software...

 

Thanks,

 

Kevin...

Link to post
Share on other sites
  • 2 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.