Pum.dns removal trouble

[Jwinebago382]

Did a scan with pretty much everything, malwarebytes, Avast, Symantec.

 

adwcleaner and Roguekiller detected the virus, but i am still experiencing huge lags in disk space. I tried a system restore too, but i think this only deterred the problem for a small time. 

 

Here is the log from adwcleaner:

 

Adwcleaner log below:

# AdwCleaner v6.044 - Logfile created 25/03/2017 at 13:36:32
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-23.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Administrator2 - VOYAGER
# Running from : C:\Users\Administrator2\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Administrator2\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\ProgramData\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence

***** [ Files ] *****

[-] File deleted: C:\Users\Administrator2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File deleted: C:\END
[-] File deleted: C:\Users\Public\Desktop\Free Youtube Downloader.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}

***** [ Web browsers ] *****

[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Administrator2\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator2\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Niko Guest Space\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Niko Guest Space\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2829 Bytes] - [25/03/2017 13:36:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2908 Bytes] - [25/03/2017 13:35:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2975 Bytes] ##########

 

 

the roguekiller log:

RogueKiller V12.10.1.0 (x64) [Mar 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Administrator2 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/25/2017 14:00:55 (Duration : 01:21:55)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93aa8f3f-fc51-4713-8f26-b3842bdd2265} | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a43df913-8946-4d51-b2e8-d49ad5aaba4d} | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Replaced ()
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {883A27FD-0E44-498A-8009-777E949EA572} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\dndclient.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26945D02-8033-4647-A7E8-3C9894EF8DCF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\dndclient.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D187DEC2-39A6-4910-87DF-AD1C3964A483} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\TurbineLauncher.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E946C828-9BD5-45D5-99BE-097495F6498C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Turbine\Dungeons and Dragons Online\DDO Unlimited\TurbineLauncher.exe|Name=Dungeons and Dragons Online| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F1236F2-6F1A-430A-A669-199A6E75BB30} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Niko\AppData\Local\Temp\nslF9A2.tmp\Installer-10611649.exe|Name=proinstaller428677851| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7777A23C-95E1-407D-B5D3-8AE3BBBB775D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Niko\AppData\Local\Temp\nslF9A2.tmp\Installer-10611649.exe|Name=proinstaller428677851| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\ProgramData\Free YouTube Downloader\ffmpeg.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\Free YouTube Downloader\ffprobe.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\Downloads.data -> Deleted
[PUP.Gen1][File] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\ffmpeg.exe -> Deleted
[PUP.Gen1][File] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\Settings.data -> Deleted
[PUP.Gen1][Folder] C:\Users\Administrator2\AppData\Local\Free YouTube Downloader\Temp -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Free YouTube Downloader -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader\Free YouTube Downloader.lnk -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\BouncyCastle.Crypto.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\MigraDoc.DocumentObjectModel.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\MigraDoc.Rendering.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\PdfSharp.Charting.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\PdfSharp.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\de -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\es\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\es -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Analyzer.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Common.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Converter.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Debug.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Downloader.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Localization.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Ionic.Zip.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Microsoft.WindowsAPICodePack.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Microsoft.WindowsAPICodePack.Shell.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\MigraDoc.DocumentObjectModel.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\MigraDoc.Rendering.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Newtonsoft.Json.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\NLog.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\ObjectListView.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\PdfSharp.Charting.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\PdfSharp.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\pt\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\pt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Readme.txt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\ru\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\ru -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\SplitButton.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\uk\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\uk -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.dat -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.msg -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Uninstall.txt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.vshost.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\zh-CHS\FreeYouTubeDownloader.Localization.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\zh-CHS -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WD      WD10JPVX-60JC3T0 SCSI Disk Device +++++
--- User ---
[MBR] f688592a03b58373db9c5f4a708baeac
[BSP] c3ca02d57617eaac5a3c8b204c9c4908 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 922604 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1889902592 | Size: 30962 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

Honestly i probably only made it worse, since now not even roguekiller can pick up the virus anymore.

[AdvancedSetup]

Hello @Jwinebago382 and

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 02

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View Log file (bottom left-hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program
• If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks