Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what i have...


  • This topic is locked This topic is locked
15 replies to this topic

#1 s7ormx

s7ormx

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 05 February 2017 - 12:42 PM

FRST.txt was too long to fit into this post, so i attached it.

Thanks for your time <3

 

Attached File  FRST.txt   248.24KB   6 downloads

Attached File  Addition.txt   54.92KB   2 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 05 February 2017 - 02:26 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP57BFB221-ED48-4399-9789-3084319E0DBC&SSPV=","hxxp://www.google.com/"
CHR Extension: (My JDownloader) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2017-01-15]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2017-01-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-15]
CHR Extension: (Poppit!) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-15]
CustomCLSID: HKU\S-1-5-21-588938083-3865928016-3856226083-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1AF02AB0DD12}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 11 February 2017 - 09:32 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 16 February 2017 - 12:20 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Tyler (01-02-2017 01:15:20) Run:1
Running from C:\Users\Tyler\Desktop
Loaded Profiles: Tyler (Available Profiles: defaultuser0 & Tyler)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
S3 dbx; system32\DRIVERS\dbx.sys [X]
2016-12-28 11:41 - 2016-12-28 11:41 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-28 11:41 - 2016-12-28 11:41 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2010-03-17 01:11 - 2010-03-17 01:11 - 0149352 ____R (Microsoft Corporation) C:\Users\Greg\AppData\Local\Temp\ose00000.exe
2017-01-25 20:17 - 2017-01-30 12:05 - 0044903 _____ () C:\Users\Greg\AppData\Local\Temp\PCCheckupInstaller.exe
Task: {819C743C-B1DE-4DEC-B7D8-DF3EEB6F0B59} - System32\Tasks\Norton PC Checkup Setup => C:\Users\Greg\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe [2012-01-18] (Symantec Corporation) <==== ATTENTION
C:\Users\Greg\AppData\Local\Temp\PCCUStubInstaller
FirewallRules: [{90EE8345-2DD6-4B72-B974-C28A0D648A48}] => LPort=2869
FirewallRules: [{B7D8AEBC-E060-4D02-807A-B4C247284E52}] => LPort=1900
Hosts:
CMD: ipconfig /flushDNS
EmptyTemp:
end
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
dbx => service not found.
"C:\ProgramData\mntemp" => not found.
"C:\ProgramData\mudtcpaz.vzs" => not found.
"C:\Users\Greg\AppData\Local\Temp\ose00000.exe" => not found.
"C:\Users\Greg\AppData\Local\Temp\PCCheckupInstaller.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{819C743C-B1DE-4DEC-B7D8-DF3EEB6F0B59} => key not found. 
C:\Windows\System32\Tasks\Norton PC Checkup Setup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton PC Checkup Setup => key not found. 
"C:\Users\Greg\AppData\Local\Temp\PCCUStubInstaller" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90EE8345-2DD6-4B72-B974-C28A0D648A48} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7D8AEBC-E060-4D02-807A-B4C247284E52} => value not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= ipconfig /flushDNS =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 880247802 B
Java, Flash, Steam htmlcache => 179381323 B
Windows/system/drivers => 691718 B
Edge => 53312 B
Chrome => 569440092 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2372 B
NetworkService => 72614 B
defaultuser0 => 128 B
Tyler => 741676306 B
 
RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:17:24 ====


#5 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,404 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:57 AM

Posted 16 February 2017 - 12:20 AM

Topic unlocked at Op's request.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 16 February 2017 - 08:20 AM

s7ormx I'm listening.

What is your current situation with this computer?

#7 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 16 February 2017 - 05:42 PM

just some apps close out of no where, my computer clones apps and uses them, random folders like .Recycle Bin with abunch of random names show up, my computer just isnt right right now, ive even reformatted and it hasnt done anything, its still there..

 

i also have another username called 'defaultuser0' that i have no idea what it is


Edited by s7ormx, 16 February 2017 - 05:42 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 17 February 2017 - 08:42 AM


i also have another username called 'defaultuser0' that i have no idea what it is


Reinstalling Windows 10 is the cause of this new defaultuser0


Windows 10: Windows 10 Anniversary update Account Unknown and defaultuser0
https://www.tenforums.com/user-accounts-family-safety/60226-windows-10-anniversary-update-account-unknown-defaultuser0.html

=

Read this article.
https://www.bleepingcomputer.com/forums/t/628865/windows-10-1607-build-14393222-shows-incorrect-lisencing-information/?hl=%2Bdefaultuser0#entry4098190

Looks like you can delete it.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#9 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 17 February 2017 - 08:04 PM

added zoek-results.log

 

computer still acting funny. i have two Explorer.exe's running -_-

Attached Files


Edited by s7ormx, 17 February 2017 - 08:06 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 18 February 2017 - 08:07 AM


computer still acting funny. i have two Explorer.exe's running -_-


Lets investigate further.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#11 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 19 February 2017 - 04:07 AM

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Tyler [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/19/2017 03:18:21 (Duration : 00:44:34)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 13 ¤¤¤
[Suspicious.Path|VT.Trojan.Win32.AutoIt.gen.1 (v)] (X64) HKEY_USERS\S-1-5-21-588938083-3865928016-3856226083-1001\Software\Microsoft\Windows\CurrentVersion\Run | Memory Cleaner : C:\Users\Tyler\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot [7] -> Deleted
[Suspicious.Path|VT.Trojan.Win32.AutoIt.gen.1 (v)] (X86) HKEY_USERS\S-1-5-21-588938083-3865928016-3856226083-1001\Software\Microsoft\Windows\CurrentVersion\Run | Memory Cleaner : C:\Users\Tyler\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot [7] -> ERROR [2]
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DigitalWave.Update.Service ("C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe") -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0D419525-FC44-4894-8593-8AE47BADA2A1} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C783615-D3A0-4D66-85A8-4834F53C92AE} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B36D7CBC-811A-4806-ADA2-276EDDCD586A} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7DBFC87B-004D-48BF-9E1D-C8FB6C6DC1EC} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E614628C-153D-403D-A2C4-2C65D0544D3C} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {82183B7B-96E4-45BC-B757-22397615C33D} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5A1DFE88-32D0-42BE-A161-0AFE75AC30D8} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F94C488D-BCD3-4C56-9BD4-9B492291AFA6} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tyler\AppData\Roaming\AnkhHeart\AnkhBotR2\AnkhBotR2.exe|Name=AnkhBotR2| [-] -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 6 ¤¤¤
[Tr.Gen0][File] C:\Users\Tyler\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Tyler\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\FREEST~1.EXE -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\PREMIU~1.EXE -> Deleted
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\UNINST~1.EXE -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Removed at reboot [91]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\chimes.wav -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\amf-component-vc-windesktop32.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\amf-component-vce-windesktop32.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\amf-core-windesktop32.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater_notification.exe -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\avcodec-57.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\avdevice-57.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\avfilter-6.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\avformat-57.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\avutil-55.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_chrono-vc120-mt-1_56.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_locale-vc120-mt-1_56.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_thread-vc120-mt-1_56.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\CudaTranscoder.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\dlhpr.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\dlmgr.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSiTunes.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSResources.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\dvssyshelper.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\dwl.png -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\dwm.png -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\ffmpeg.exe -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\FreeStudioManager.exe -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\iconengines\qsvgicon.dll -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\iconengines -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\icudt57.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\icuin57.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\icuuc57.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qdds.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qgif.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qicns.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qico.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qjpeg.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qsvg.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qtga.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qtiff.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qwbmp.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats\qwebp.dll -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\imageformats -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\jansson.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\libcurl.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\libeay32.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\libeay32MD.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\libmp3lame.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mcl-windesktop32.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mdevhelper.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\MediaTagsEditor.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mfc120u.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mfcm120u.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mmconv-pinv.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mmconv.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mmcore.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mminfo-pinv.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\mminfo.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\msvcp120.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\msvcr120.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Newtonsoft.Json.Net20.Merged.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\platforms\qwindows.dll -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\platforms -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\postproc-54.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\PremiumMembershipOffer.exe -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Qt5Core.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Qt5Gui.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Qt5Svg.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Qt5Widgets.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\SDL.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\sscrmgr.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\ssleay32.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\ssleay32MD.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\swresample-2.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\swscale-4.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\tier0-pinv.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\tier0.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\updhelper.exe -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\updhelperlib.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\VideoFileToIPOD.dll -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\wbrhelper.dll -> Removed at reboot [5]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll -> Removed at reboot [5]
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib -> Removed at reboot [91]
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\psvince.dll -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DX001-1CM162 +++++
--- User ---
[MBR] 72d802927eba00916c896a4d2a5b29a4
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 953303 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Seagate BUP Slim BK SCSI Disk Device +++++
--- User ---
[MBR] 8ffa31cddd8459ea49f6ffae234422a3
[BSP] 1e93b48039e97f53cde8d71bde389960 : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive3: Hitachi HDS721010CLA332 USB Device +++++
--- User ---
[MBR] 1fc986a4628d8e06e0ba0ce5b0a400d5
[BSP] f6e4c3c1de65032ca62316b33fac53e1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2 | Size: 953419 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++
--- User ---
[MBR] e4f436f4ae703d3a85ea8414f51123f1
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - BOOT | Offset (sectors): 409640 | Size: 3555 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Attached Files


Edited by s7ormx, 19 February 2017 - 04:08 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 19 February 2017 - 10:02 AM

How is the computer running now?

#13 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 19 February 2017 - 02:10 PM

seems to be running a lot smoother, does it appear that everything is gone & back to normal?

i mean i paid for DVDVideoSoft and never thought of it as a virus?


Edited by s7ormx, 19 February 2017 - 02:15 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:57 PM

Posted 20 February 2017 - 07:43 AM


DVDVideoSoft is identified as a PUP. Potentially Unwanted Program The paid version is probably clean.
When all is well you can re-install it. If you have no problems after the installation you can keep it. Let me know of any issues.

[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DigitalWave.Update.Service ("C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe") -> Not selected[


Read about it.
http://www.adlice.com/documentation/roguekiller/documentation/

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#15 s7ormx

s7ormx
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, Michigan
  • Local time:05:57 PM

Posted 24 February 2017 - 08:40 AM

everything seems to be working fine and better now,  but i still sometimes overuse my resources and eventually adds another explorer process, shown in image attached.

 

Attached File  processess.png   44.15KB   0 downloads






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users