Results 1 to 4 of 4

Thread: Deep Scan Results - Are these dangerous?

  1. #1
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default Deep Scan Results - Are these dangerous?

    // info: Rootkit removal help file
    // copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\OneDrive:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Pictures:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\OneDrive\Public:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\Downloads\MSEInstall.exe:$CmdZnID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore.js:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\AppData\Roaming\Mozilla\Firefox\Profiles\qrnhcizq.default\sessionstore-backups\previous.js:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Temp\Quarantine.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\beacon[1].js:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\Q9EHKXDE\quant[1].js:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Vilyam\AppData\Local\Microsoft\Windows\INetCache\IE\6S15YPSM\ga[1].js:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files\HitmanPro\HitmanPro.exe:$CmdZnID:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner\CCleaner64.exe:$CmdTcID:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner\uninst.exe:$CmdTcID:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello zillo396,

    How is the computer running, any infections lately?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Apr 2015
    Posts
    14

    Default

    Hi Tashi, thanks for the response.

    My PC is running fine at the moment. However; yesterday around 4:00 pm, when I opened up Chrome I was re-directed to some PC Support Page. I knew something was wrong and sure enough something was.
    I downloaded Avast, Spybot, Comodo, Malware, Adware etc and they all found certain things on the PC and removed, however; I'm not entirely sure if whatever I had has been removed.

    So I decided to run a Rootkit Scan on Spybot to see if anything hidden installed anywhere.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello zillo396,

    Someone can take a look at the system.

    Please start a topic in the Malware Removal Forum and one of our volunteer analysts will advise.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •