PDA

View Full Version : Deep Scan Results - Are these dangerous?



zillo396
2015-04-22, 02:48
// info: Rootkit removal help file
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Public:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore.js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore-backups\previous.js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\beacon[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\quant[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\6S15YPSM\ga[1].js:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\HitmanPro\HitmanPro.exe:$CmdZnID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner64.exe:$CmdTcID:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner\uninst.exe:$CmdTcID:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"

tashi
2015-04-22, 03:50
Hello zillo396,

How is the computer running, any infections lately?

Best regards.

zillo396
2015-04-22, 03:58
Hi Tashi, thanks for the response.

My PC is running fine at the moment. However; yesterday around 4:00 pm, when I opened up Chrome I was re-directed to some PC Support Page. I knew something was wrong and sure enough something was.
I downloaded Avast, Spybot, Comodo, Malware, Adware etc and they all found certain things on the PC and removed, however; I'm not entirely sure if whatever I had has been removed.

So I decided to run a Rootkit Scan on Spybot to see if anything hidden installed anywhere.

tashi
2015-04-22, 07:28
Hello zillo396,

Someone can take a look at the system. :)

Please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and one of our volunteer analysts will advise.

First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Best regards.