Unknown ADS in videos, and more

[wolfdogg]

Hello,
Thanks for the forum, and the product!!

I have ran a full rootkit scan on also my data drive, which i do have things installed to (most all things possible infact), and im seeing entries in videos, which has been on my mind after i learned the fact that things(malicious links??) are nowadays even embedded in video streams. Would it be possible if somebody can tell me if these logs look like one big red flag or not? I have had my share of system troubles, and last week did a 4 year windows reinstallation because of it, after i installed a game "world of warships" and started to see many russian and chinese ip traffic in my windows resource monitor which completely opened a can of worms for me (securing router, utilizing spybot, mbam, and comodo fw, watching traffic, inspecting everything, backing up 5TB of data, sucking out all my extra time, etc..)
// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 1:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 2:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 3:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 1:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 2:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 3:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 1:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 2:$DATA"
File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 3:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Comcast TV Shows Listings  Movies  Airings  Channels - XFINITY TV.webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Dog sings while the baby cries - YouTube.webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Gold Rush-03-Special-SinisterGrin@1chann  SockShare.webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\How to do SSH Tunneling (Port Forwarding) - Screen-cast  Ramki .webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Portland, Oregon TV Listings.webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Set up Apache server and SSH client to allow tunneling SSH over .webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\SSH Tunneling · Whatbox.webloc:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Documents\Scanned Documents\Welcome Scan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","D:\dusers\Wolfdogg\Data\Dropbox\Photos\iPhoto Library\ThemeCache:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\dusers\Guest\AppData\Local\Google\Chrome\User Data\SwReporter\8.62.4\software_reporter_tool.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG`+ Music + Docu +\Attack Of The Killer Tomatoes (1978).avi:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG`+ Music + Docu +\Attack Of The Killer Tomatoes (1978).avi:com.apple.LaunchServices.OpenWith:$DATA"
File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\Pippi Longstocking (1973).avi:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\Pippi Longstocking (1973).avi:com.apple.LaunchServices.OpenWith:$DATA"
File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\20 000 Leagues Under The Sea\20 000 Leagues Under The Sea.avi:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\20 000 Leagues Under The Sea\20 000 Leagues Under The Sea.avi:com.apple.LaunchServices.OpenWith:$DATA"
File:"Unknown ADS","D:\dpub\videos\Documentary\`Reality\R5 Sons\R5 Sons - When Things Go Wrong.avi:TOC.WMV:$DATA"
File:"Unknown ADS","D:\dpub\videos\Documentary\`Food\Hells Kitchen\S2\S02E05 Hells Kitchen Lol.avi:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dpub\videos\Cartoon Shorts\Yogi Bear\Yogi Bear 07 Tally Ho Ho Ho.avi:AFP_Resource:$DATA"
File:"Unknown ADS","D:\dpub\Support\_opsystems\VirtualBox-5.1.14-112924-Win.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\378.49-desktop-win8-win7-64bit-international-whql.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\GeForce_Experience_v3.3.0.95.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\Git-2.10.2-64-bit.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\npp.7.3.1.Installer.x64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\vcredist_x64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\vcredist_x86.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\Falcon Server GA-M61PM-S2 rev2\motherboard_bios_ga-m61pm-s2_f8.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_host-specific\Falcon Server GA-M61PM-S2 rev2\motherboard_bios_ga-m61pm-s2_f9d.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Pro_Flight_FSX_Plugin_7_0_50_1_x64_Software.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Saitek_X52_Flight_Controller_7_0_53_6_x64_Drivers.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Saitek_X52_Flight_Controller_7_0_53_6_x64_Software.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\music\audio\animals-nature\nature\Sounds of Nature\Sounds of the Dolphin alias:AFP_AfpInfo:$DATA"
File:"Unknown ADS","D:\dpub\music\audio\animals-nature\nature\Sounds of Nature\Sounds of the Dolphin alias 2:AFP_AfpInfo:$DATA"
File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\nostalgia4_setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\nostalgia5_setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\intellivision\emulators\jzinstall.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\dxwebsetup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\addons\Nexus Mod Manager-0.62.1.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\addons\skse_1_07_03_installer.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2XClient_12.0_build_2193.paf.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\342.01-desktop-win8-win7-winvista-64bit-international.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\ddmsetup1800.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\EpicSetup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\esetsmartinstaller_enu.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Ext2Fsd-0.68.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\JetBrains.dotPeek.2016.3.2.web (1).exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\kodi-16.1-Jarvis.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Linux_Reader.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\MPC-HCPortable_1.7.10.paf.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Nexus Mod Manager-0.63.13.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\PortableRDC.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\PSISetup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\unetbootin-windows-625.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\VirtualBox-5.1.12-112440-Win.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\VirtualBox-5.1.14-112924-Win.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\WinCDEmu-4.1.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\WinPcap_4_1_3.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Wireshark-win32-2.2.4.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\WoWS_internet_install_na.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Xming-6-9-0-31-setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Xming-fonts-7-7-0-10-setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\Net Nanny 6.31+serial\SETUP.EXE:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\LSPFix.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\mp3tagv281setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\picard-setup-1.4.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\TagRename3913.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\FRST.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\FRST64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\JRT.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\MiniToolBox.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\AutoSplitter_setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\boinc_7.6.22_windows_x86_64_vbox.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\boinc_7.6.33_windows_x86_64_vbox.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\CreationKit DLCs Fixer V3-25146-3.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\DCS_World_Web_Installer.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\deskew.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\DNGCodec_2_0_Installer.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\eMule0.50a-Installer.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\gimp-2.8.18-setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\Git-2.10.2-64-bit.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\googledrivesync.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\heroku-toolbelt (1).exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\heroku-toolbelt.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\lprof-setup-1.11.4.1.2.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\MEGAsyncSetup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\MultiCommander_x64_(6.4.8.2265).exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\naps2-5.3.1-setup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\Nexus Mod Manager-0.62.1.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\Quarantine_Tool.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\rbsetup.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\setup-x86_64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\TeamSpeak3-Client-win64-3.0.19.4.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\VDFilterPack.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\VidCoder-1.5.34-x64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\x264.2744.x86_64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\x264vfw.2273kMod.x86_64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\zeetreewin-ztw22x64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\scanner\SIE-0.2.603-win64.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\scanner\vuex6495.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\2peer087.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\aresregular243_installer.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\setup_gigatribe_v3.04.013.6884.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\dl_utils\winrar\wrar540.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\dl_media_editing\DScaler4115.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2016\dl_media_editing\x264vfw_full_43_2694bm_43159_fix.exe:BDU:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2015\Defogger.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2015\kg5g4n0t.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
File:"Unknown ADS","D:\dpub\Downloads\2015\dl_utils\SecurityCheck.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
File:"Unknown ADS","D:\$RECYCLE.BIN\S-1-5-21-492785007-2985417403-3322722115-1019\$RJJ3IF3.exe:BDU:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\SLDL\5673e322-818b-4767-9f7c-0ff3f9da9a49\5a09f637-321b-4ade-a8fe-686820e1cb57"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0","Rules"
RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations\2\HIPS\Policy\0","Index"
RegyValue:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations\2\HIPS\Policy\0","TreatAs"


There is also a 254MB scanner log, which i will not attach

and the quick log

RootAlyzer Quick Scan Results

Files in Windows folder
----------------------------------------
96 files tested.
No hidden files detected.
========================================

Files in System folder
----------------------------------------
2354 files tested.
No hidden files detected.
========================================

Global run entries
----------------------------------------
7 values tested.
No hidden entries detected.
========================================

Winlogon entries
----------------------------------------
1 keys tested.
No hidden entries detected.
========================================

Invisible processes (from handles)
----------------------------------------
No handle process IDs tested.
No hidden processes detected.
========================================

Invisible processes (from threads)
----------------------------------------
71 processes tested.
No hidden processes detected.
========================================

Any help is appreciated.

Regards

 

[tashi]

Hello wolfdogg,

If there is the possibility of an infection on the computer it would be best if someone took a look at the system.

Please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Please start a new topic in that forum providing the logs requested so a volunteer analyst can advise, also provide a link back to this thread please.

Best regards.

 

[wolfdogg]

Hi Tashi, thanks for your reponse. The only possibility of infection that I know of, is if these logs look bad. I just reinstalled everything to clean up stuff, and things are running just fine fro the most part. Spybot takes more than 15 minutes to update, not sure what that is though. I just was hoping "Spybot" could explain what all the "Spybot" log stuff here means. Are you suggesting i posted this "log" in the wrong board then? Otherwise i would prefer if someone can just tell me what im seeing here.
Thanks much. Brian

 

[tashi]

Hello wolfdogg,

Hi Tashi, thanks for your reponse. The only possibility of infection that I know of, is if these logs look bad. I just reinstalled everything to clean up stuff, and things are running just fine fro the most part. Spybot takes more than 15 minutes to update, not sure what that is though. I just was hoping "Spybot" could explain what all the "Spybot" log stuff here means. Are you suggesting i posted this "log" in the wrong board then? Otherwise i would prefer if someone can just tell me what im seeing here.
Thanks much. Brian

Your log is posted in the correct forum Brian, the malware removal forum requires different logs.

The RootAlyzer show items which it believes to be out of the ordinary, not necessarily malicious but as an analyst tool. The Quick Scan Results did not flag any files.

The larger log shows file sharing clients and various downloads. P2P is a common cause of infections and a root kit scan will not show viruses.

Hope that helps.

 

[wolfdogg]

The Quick Scan Results did not flag any files.

Im trying to understand this statement better, are you saying that what i posted you dont see any rootkits? that it didnt flag any? I thought they were all flagged, since it logged them.

 

[tashi]

Hello wolfdogg,

Im trying to understand this statement better, are you saying that what i posted you dont see any rootkits? that it didnt flag any? I thought they were all flagged, since it logged them.

The RootAlyzer show items which it believes to be out of the ordinary, not necessarily malicious but as an analyst tool.

Sorry it wasn't clear.

Sometimes legitimate software may use rootkit technologies, so the longer logs can be inconclusive.

RootAlyzer Quick Scan Results

Files in Windows folder
----------------------------------------
96 files tested.
No hidden files detected.
========================================

Files in System folder
----------------------------------------
2354 files tested.
No hidden files detected.
========================================

Global run entries
----------------------------------------
7 values tested.
No hidden entries detected.
========================================

Winlogon entries
----------------------------------------
1 keys tested.
No hidden entries detected.
========================================

Invisible processes (from handles)
----------------------------------------
No handle process IDs tested.
No hidden processes detected.
========================================

Invisible processes (from threads)
----------------------------------------
71 processes tested.
No hidden processes detected.
========================================

The Quick Scan Results did not flag any files.

The larger log shows file sharing clients and various downloads. P2P is a common cause of infections and a root kit scan will not show viruses.

If you'd like someone to take a closer look at the system and see if there are malware or virus infected files please follow the advice above in post #2

https://forums.spybot.info/showthre...ideos-and-more&p=474993&viewfull=1#post474993

Best regards.