Results 1 to 6 of 6

Thread: Unknown ADS in videos, and more

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2017-03-16, 22:34 #1
    wolfdogg
    wolfdogg is offline
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default Unknown ADS in videos, and more

    Hello,
    Thanks for the forum, and the product!!

    I have ran a full rootkit scan on also my data drive, which i do have things installed to (most all things possible infact), and im seeing entries in videos, which has been on my mind after i learned the fact that things(malicious links??) are nowadays even embedded in video streams. Would it be possible if somebody can tell me if these logs look like one big red flag or not? I have had my share of system troubles, and last week did a 4 year windows reinstallation because of it, after i installed a game "world of warships" and started to see many russian and chinese ip traffic in my windows resource monitor which completely opened a can of worms for me (securing router, utilizing spybot, mbam, and comodo fw, watching traffic, inspecting everything, backing up 5TB of data, sucking out all my extra time, etc..)
    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 1:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 2:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 3:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 1:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 2:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 3:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 1:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 2:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 3:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Comcast TV Shows Listings  Movies  Airings  Channels - XFINITY TV.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Dog sings while the baby cries - YouTube.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Gold Rush-03-Special-SinisterGrin@1chann  SockShare.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\How to do SSH Tunneling (Port Forwarding) - Screen-cast  Ramki .webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Portland, Oregon TV Listings.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Set up Apache server and SSH client to allow tunneling SSH over .webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\SSH Tunneling · Whatbox.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Data\Dropbox\Photos\iPhoto Library\ThemeCache:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\dusers\Guest\AppData\Local\Google\Chrome\User Data\SwReporter\8.62.4\software_reporter_tool.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG`+ Music + Docu +\Attack Of The Killer Tomatoes (1978).avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG`+ Music + Docu +\Attack Of The Killer Tomatoes (1978).avi:com.apple.LaunchServices.OpenWith:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\Pippi Longstocking (1973).avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\Pippi Longstocking (1973).avi:com.apple.LaunchServices.OpenWith:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\20 000 Leagues Under The Sea\20 000 Leagues Under The Sea.avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\20 000 Leagues Under The Sea\20 000 Leagues Under The Sea.avi:com.apple.LaunchServices.OpenWith:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Documentary\`Reality\R5 Sons\R5 Sons - When Things Go Wrong.avi:TOC.WMV:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Documentary\`Food\Hells Kitchen\S2\S02E05 Hells Kitchen Lol.avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Cartoon Shorts\Yogi Bear\Yogi Bear 07 Tally Ho Ho Ho.avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_opsystems\VirtualBox-5.1.14-112924-Win.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\378.49-desktop-win8-win7-64bit-international-whql.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\GeForce_Experience_v3.3.0.95.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\Git-2.10.2-64-bit.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\npp.7.3.1.Installer.x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\vcredist_x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\vcredist_x86.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\Falcon Server GA-M61PM-S2 rev2\motherboard_bios_ga-m61pm-s2_f8.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\Falcon Server GA-M61PM-S2 rev2\motherboard_bios_ga-m61pm-s2_f9d.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Pro_Flight_FSX_Plugin_7_0_50_1_x64_Software.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Saitek_X52_Flight_Controller_7_0_53_6_x64_Drivers.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Saitek_X52_Flight_Controller_7_0_53_6_x64_Software.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\music\audio\animals-nature\nature\Sounds of Nature\Sounds of the Dolphin alias:AFP_AfpInfo:$DATA"
    File:"Unknown ADS","D:\dpub\music\audio\animals-nature\nature\Sounds of Nature\Sounds of the Dolphin alias 2:AFP_AfpInfo:$DATA"
    File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\nostalgia4_setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\nostalgia5_setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\intellivision\emulators\jzinstall.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\dxwebsetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\addons\Nexus Mod Manager-0.62.1.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\addons\skse_1_07_03_installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2XClient_12.0_build_2193.paf.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\342.01-desktop-win8-win7-winvista-64bit-international.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\ddmsetup1800.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\EpicSetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\esetsmartinstaller_enu.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Ext2Fsd-0.68.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\JetBrains.dotPeek.2016.3.2.web (1).exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\kodi-16.1-Jarvis.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Linux_Reader.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\MPC-HCPortable_1.7.10.paf.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Nexus Mod Manager-0.63.13.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\PortableRDC.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\PSISetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\unetbootin-windows-625.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\VirtualBox-5.1.12-112440-Win.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\VirtualBox-5.1.14-112924-Win.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\WinCDEmu-4.1.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\WinPcap_4_1_3.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Wireshark-win32-2.2.4.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\WoWS_internet_install_na.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Xming-6-9-0-31-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Xming-fonts-7-7-0-10-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Net Nanny 6.31+serial\SETUP.EXE:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\LSPFix.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\mp3tagv281setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\picard-setup-1.4.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\TagRename3913.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\FRST.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\FRST64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\JRT.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\MiniToolBox.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\AutoSplitter_setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\boinc_7.6.22_windows_x86_64_vbox.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\boinc_7.6.33_windows_x86_64_vbox.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\CreationKit DLCs Fixer V3-25146-3.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\DCS_World_Web_Installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\deskew.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\DNGCodec_2_0_Installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\eMule0.50a-Installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\gimp-2.8.18-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\Git-2.10.2-64-bit.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\googledrivesync.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\heroku-toolbelt (1).exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\heroku-toolbelt.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\lprof-setup-1.11.4.1.2.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\MEGAsyncSetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\MultiCommander_x64_(6.4.8.2265).exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\naps2-5.3.1-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\Nexus Mod Manager-0.62.1.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\Quarantine_Tool.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\rbsetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\setup-x86_64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\TeamSpeak3-Client-win64-3.0.19.4.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\VDFilterPack.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\VidCoder-1.5.34-x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\x264.2744.x86_64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\x264vfw.2273kMod.x86_64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\zeetreewin-ztw22x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\scanner\SIE-0.2.603-win64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\scanner\vuex6495.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\2peer087.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\aresregular243_installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\setup_gigatribe_v3.04.013.6884.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\dl_utils\winrar\wrar540.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\dl_media_editing\DScaler4115.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\dl_media_editing\x264vfw_full_43_2694bm_43159_fix.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2015\Defogger.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2015\kg5g4n0t.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2015\dl_utils\SecurityCheck.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
    File:"Unknown ADS","D:\$RECYCLE.BIN\S-1-5-21-492785007-2985417403-3322722115-1019\$RJJ3IF3.exe:BDU:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\SLDL\5673e322-818b-4767-9f7c-0ff3f9da9a49\5a09f637-321b-4ade-a8fe-686820e1cb57"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0","Rules"
    RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations\2\HIPS\Policy\0","Index"
    RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations\2\HIPS\Policy\0","TreatAs"


    There is also a 254MB scanner log, which i will not attach :-)

    and the quick log

    RootAlyzer Quick Scan Results

    Files in Windows folder
    ----------------------------------------
    96 files tested.
    No hidden files detected.
    ========================================

    Files in System folder
    ----------------------------------------
    2354 files tested.
    No hidden files detected.
    ========================================

    Global run entries
    ----------------------------------------
    7 values tested.
    No hidden entries detected.
    ========================================

    Winlogon entries
    ----------------------------------------
    1 keys tested.
    No hidden entries detected.
    ========================================

    Invisible processes (from handles)
    ----------------------------------------
    No handle process IDs tested.
    No hidden processes detected.
    ========================================

    Invisible processes (from threads)
    ----------------------------------------
    71 processes tested.
    No hidden processes detected.
    ========================================

    Any help is appreciated.

    Regards
    Last edited by tashi; 2017-03-16 at 22:38. Reason: Removed code wrap. :-)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules