Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uNisales 2.0


  • This topic is locked This topic is locked
5 replies to this topic

#1 barefeat

barefeat

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 21 January 2015 - 10:26 PM

Greetings

 

First let me say thanks for the many times this website has saved my A$$.   :)

I appreciate all the hardwork of the folks here.

 

I rushed a download and forgot to uncheck everything under custom install and ended up with this  uNisales 2.0 malware.

It has presented itself as a chrome extension (im not currently using any other browser but do have firefox/IE installed.)

 

I have removed some pretty tough ones using tools and help from here in the past so I set to work and did 

the normal (?) run around chasing and scanning this thing. Below is the list of what i tried. I will wait to post a scan result 

until someone has time to direct me.  EDIT: None of the programs I have used have found anything. 

 

I have:

 

    disabled and uninstalled from chrome    (uNisales 2.0)

    uninstalled from windows

     

scanned with

 

     spybot

     malwarebytes

 

It came back again rinse, lather, repeat, and then I also ran  CCleaner and deleted everything in temp. and cookies

I checked windows again the program part has not returned there (that can be seen anyway) and it does not show up in ccleaner.

 

restarted chrome it was back-

 

     removed entry again and ran and downloaded combofix even though i was not supposed to   :P

     

Ran everything again with full deep scans and nothing found it yet but it is back in chrome-

 

 

 

 

I have followed a couple other threads on this tried various things but am afraid to screw up registry etc. and could use some help!

I think i have about everything we will need installed should you have time to help.  

 

Thanks again :)

gene


Edited by barefeat, 21 January 2015 - 10:27 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 21 January 2015 - 10:39 PM

Hello gene... Having run ComboFix it is best to see that log. Please repost here,,, Virus, Trojan, Spyware, and Malware Removal Logs   
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 barefeat

barefeat
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 21 January 2015 - 11:43 PM

Thanks

 

 

 

 

ComboFix 15-01-18.01 - Mustard-Tiger 01/21/2015  15:45:35.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1989.1195 [GMT -8:00]
Running from: i:\users\Mustard-Tiger\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\programdata\18277273340906737070
i:\programdata\18277273340906737070\cd5b15e575e1c3d01e7fe8747e3e8129.ini
i:\users\Mustard-Tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Android Control.exe.lnk
i:\users\Mustard-Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\5f1b60zv.default\extensions\staged\zQVnyA@Y.net
i:\users\Mustard-Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\5f1b60zv.default\extensions\staged\zQVnyA@Y.net\bootstrap.js
i:\users\Mustard-Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\5f1b60zv.default\extensions\staged\zQVnyA@Y.net\chrome.manifest
i:\users\Mustard-Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\5f1b60zv.default\extensions\staged\zQVnyA@Y.net\content\bg.js
i:\users\Mustard-Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\5f1b60zv.default\extensions\staged\zQVnyA@Y.net\install.rdf
i:\windows\system32\drivers\npf.sys
i:\windows\system32\Packet.dll
i:\windows\system32\pthreadVC.dll
i:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-22 to 2015-01-22  )))))))))))))))))))))))))))))))
.
.
2015-01-21 21:34 . 2015-01-21 22:01 -------- d-----w- i:\programdata\Spybot - Search & Destroy
2015-01-21 21:34 . 2015-01-21 21:38 -------- d-----w- i:\program files\Spybot - Search & Destroy
2015-01-20 18:35 . 2014-10-13 05:57 89856 ----a-w- i:\windows\system32\drivers\ssudbus.sys
2015-01-20 18:35 . 2014-10-13 05:57 184192 ----a-w- i:\windows\system32\drivers\ssudmdm.sys
2015-01-20 17:46 . 2014-05-08 01:42 144664 ----a-w- i:\windows\system32\secman.dll
2015-01-20 17:37 . 2015-01-20 17:37 -------- d-----w- i:\programdata\dpddlocaabohcolmdipnombeecoaaene
2015-01-20 17:36 . 2015-01-20 17:53 -------- d-----w- i:\programdata\{e28ad432-5821-e223-e28a-ad43258250c9}
2015-01-19 16:35 . 2015-01-19 16:35 -------- d-----w- i:\program files\OpenOffice 4
2015-01-18 14:11 . 2015-01-18 14:11 62576 ----a-w- i:\programdata\Microsoft\Windows Defender\Definition Updates\{76BFEC37-E6D8-4758-84C9-128F082CB3AD}\offreg.dll
2015-01-17 23:19 . 2015-01-17 23:19 22328 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys
2015-01-17 23:19 . 2015-01-17 23:19 107832 ----a-w- i:\windows\system32\PnkBstrB.exe
2015-01-17 23:19 . 2015-01-17 23:19 682280 ----a-w- i:\windows\system32\pbsvc.exe
2015-01-17 23:19 . 2015-01-17 23:19 66872 ----a-w- i:\windows\system32\PnkBstrA.exe
2015-01-17 23:17 . 2015-01-17 23:17 -------- d-----w- i:\program files\Activision
2015-01-13 16:22 . 2011-12-27 05:37 73712 ----a-w- i:\windows\system32\drivers\CLVirtualDrive.sys
2015-01-13 16:22 . 2015-01-13 16:22 -------- d-----w- i:\program files\Common Files\CyberLink
2015-01-13 16:19 . 2015-01-13 16:26 -------- d-----w- i:\programdata\install_clap
2015-01-13 16:19 . 2015-01-13 16:27 -------- d-----w- i:\program files\CyberLink
2015-01-13 16:18 . 2015-01-13 16:19 -------- d-----w- i:\programdata\CLSK
2015-01-13 16:18 . 2015-01-17 22:57 -------- d-----w- i:\programdata\CyberLink
2015-01-09 00:09 . 2015-01-09 00:09 -------- d-----w- i:\windows\system32\Macromed
2015-01-08 23:55 . 2015-01-08 23:55 -------- d-----w- i:\program files\EA GAMES
2015-01-08 14:31 . 2015-01-08 14:55 -------- d-----w- i:\programdata\regid.1986-12.com.adobe
2015-01-06 01:00 . 2015-01-21 20:40 -------- d-----w- i:\program files\Common Files\Adobe
2015-01-05 23:04 . 2010-05-26 19:41 470880 ----a-w- i:\windows\system32\d3dx10_43.dll
2015-01-05 23:04 . 2010-05-26 19:41 248672 ----a-w- i:\windows\system32\d3dx11_43.dll
2015-01-05 23:04 . 2010-05-26 19:41 1998168 ----a-w- i:\windows\system32\D3DX9_43.dll
2015-01-05 23:03 . 2014-12-13 00:11 1291464 ----a-w- i:\windows\system32\nvspbridge.dll
2015-01-05 23:03 . 2014-12-13 00:11 2210040 ----a-w- i:\windows\system32\nvspcap.dll
2015-01-05 23:02 . 2015-01-22 00:05 -------- d-----w- i:\programdata\NVIDIA
2015-01-05 23:02 . 2014-12-13 07:03 620176 ----a-w- i:\windows\system32\nvStreaming.exe
2015-01-05 23:02 . 2014-12-13 07:30 4403016 ----a-w- i:\windows\system32\nvcpl.dll
2015-01-05 23:02 . 2014-12-13 07:30 3056784 ----a-w- i:\windows\system32\nvsvc.dll
2015-01-05 23:02 . 2014-12-13 07:30 669840 ----a-w- i:\windows\system32\nvvsvc.exe
2015-01-05 23:02 . 2014-12-13 07:30 62784 ----a-w- i:\windows\system32\nvshext.dll
2015-01-05 23:02 . 2014-12-13 07:30 375112 ----a-w- i:\windows\system32\nvmctray.dll
2015-01-05 23:02 . 2014-12-13 07:30 2554000 ----a-w- i:\windows\system32\nvsvcr.dll
2015-01-05 23:02 . 2014-12-11 12:49 4151176 ----a-w- i:\windows\system32\nvcoproc.bin
2015-01-05 23:02 . 2014-12-13 10:02 60560 ----a-w- i:\windows\system32\OpenCL.dll
2015-01-05 23:02 . 2015-01-05 23:06 -------- d-----w- i:\programdata\NVIDIA Corporation
2015-01-05 23:00 . 2015-01-05 23:04 -------- d-----w- i:\program files\NVIDIA Corporation
2015-01-05 23:00 . 2015-01-05 23:00 -------- d-----w- I:\NVIDIA
2015-01-05 18:17 . 2014-11-26 16:40 260208 -c----w- i:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_59ef5ccc232e906f183040f412c6f6524916529c_cab_03f1e055\crashreporter.exe
2015-01-05 04:34 . 2015-01-05 04:34 -------- d-----w- i:\program files\Mozilla Maintenance Service
2015-01-05 04:21 . 2015-01-05 04:21 -------- d-----w- i:\program files\Common Files\DivX Shared
2015-01-05 04:20 . 2013-11-01 19:44 276992 -c----w- i:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_ecbff464c277dc611d7b363966c265d5fac4a11_cab_139663e1\Fuel.Service.exe
2015-01-05 04:19 . 2014-12-15 12:13 9054624 ----a-w- i:\programdata\Microsoft\Windows Defender\Definition Updates\{76BFEC37-E6D8-4758-84C9-128F082CB3AD}\mpengine.dll
2015-01-05 04:19 . 2014-11-24 22:04 229000 ------w- i:\windows\system32\MpSigStub.exe
2015-01-05 04:05 . 2015-01-05 04:21 -------- d-----w- i:\program files\DivX
2015-01-05 04:04 . 2015-01-12 19:39 -------- d-----w- i:\programdata\DivX
2015-01-05 04:03 . 2015-01-10 16:16 -------- d-----w- i:\program files\Google
2015-01-05 04:01 . 2015-01-05 04:01 -------- d-----w- i:\windows\system32\RTCOM
2015-01-05 03:54 . 2015-01-05 03:54 -------- d-----w- i:\programdata\AMD
2015-01-05 03:54 . 2012-08-28 12:27 45736 ----a-r- i:\windows\system32\drivers\usbfilter.sys
2015-01-05 03:54 . 2015-01-13 16:22 -------- dc----w- i:\windows\system32\DRVSTORE
2015-01-05 03:54 . 2013-05-27 19:09 178496 ----a-w- i:\windows\system32\drivers\amdxhc.sys
2015-01-05 03:54 . 2013-05-27 19:09 85312 ----a-w- i:\windows\system32\drivers\amdhub30.sys
2015-01-05 03:53 . 2015-01-14 08:15 -------- d-----w- i:\programdata\Package Cache
2015-01-05 03:51 . 2015-01-05 03:51 -------- d-----w- i:\program files\Microsoft.NET
2015-01-05 03:50 . 2009-11-25 19:47 99176 ----a-w- i:\windows\system32\PresentationHostProxy.dll
2015-01-05 03:50 . 2009-11-25 19:47 49472 ----a-w- i:\windows\system32\netfxperf.dll
2015-01-05 03:50 . 2009-11-25 19:47 297808 ----a-w- i:\windows\system32\mscoree.dll
2015-01-05 03:50 . 2009-11-25 19:47 295264 ----a-w- i:\windows\system32\PresentationHost.exe
2015-01-05 03:50 . 2009-11-25 19:47 1130824 ----a-w- i:\windows\system32\dfshim.dll
2015-01-05 03:50 . 2015-01-05 03:50 -------- d-----w- I:\MSI
2015-01-05 03:42 . 2009-11-06 16:37 699896 ----a-w- i:\windows\system32\drivers\bcmwlhigh6.sys
2015-01-05 03:42 . 2009-11-06 16:31 91376 ----a-w- i:\windows\system32\bcmwlcoi.dll
2015-01-05 03:42 . 2009-11-06 16:31 3551232 ----a-w- i:\windows\system32\bcmihvui.dll
2015-01-05 03:42 . 2009-11-06 16:31 3862528 ----a-w- i:\windows\system32\bcmihvsrv.dll
2015-01-05 03:42 . 2009-11-06 16:31 1176312 ----a-w- i:\windows\system32\WdfCoInstaller01009.dll
2015-01-05 03:42 . 2007-01-20 02:20 21728 ----a-w- i:\windows\system32\drivers\SCMNdisP.sys
2015-01-05 03:42 . 2015-01-20 17:46 -------- d--h--w- i:\program files\InstallShield Installation Information
2015-01-05 03:42 . 2015-01-05 03:42 -------- d-----w- i:\program files\NETGEAR
2015-01-05 03:19 . 2015-01-20 17:46 -------- d-----w- i:\program files\SAMSUNG
2015-01-05 03:19 . 2015-01-05 03:19 -------- d-----w- i:\programdata\Samsung
2015-01-05 03:18 . 2015-01-22 00:06 -------- d-sh--w- i:\windows\Installer
2015-01-05 03:18 . 2015-01-05 03:18 -------- d-----w- i:\program files\ATI
2015-01-05 03:18 . 2015-01-05 03:54 -------- d-----w- i:\program files\ATI Technologies
2015-01-05 03:16 . 2015-01-21 16:51 -------- d-----w- i:\windows\system32\wbem\Performance
2015-01-05 03:13 . 2015-01-20 17:56 -------- d-----w- i:\users\Mustard-Tiger
2015-01-05 03:12 . 2015-01-05 03:12 -------- d-----w- I:\Recovery
2015-01-05 02:50 . 2015-01-05 03:12 -------- d-----w- i:\windows\Panther
2015-01-04 19:05 . 2015-01-04 19:05 -------- d-----w- I:\4c8bfeb9d866cc049fed2c6807
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-06 05:42 . 2014-11-06 05:42 341848 ----a-w- i:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-12-19 23:57 1059488 ----a-w- i:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-12-19 23:57 1059488 ----a-w- i:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-12-19 23:57 1059488 ----a-w- i:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-11-01 747264]
"NUSB3MON"="i:\program files\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
"RTHDVCPL"="i:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2013-12-06 6635224]
"DivXMediaServer"="i:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"DivXUpdate"="i:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"NvBackend"="i:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="i:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
"AdobeAAMUpdater-1.0"="i:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"Adobe Creative Cloud"="i:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-01-08 2694320]
"CLMLServer_For_P2G8"="i:\program files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="i:\program files\CyberLink\Power2Go8\VirtualDrive.exe" [2012-06-22 490096]
.
i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - i:\program files\NETGEAR\WNA3100\WNA3100.exe [2015-1-4 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 WSWNA3100;WSWNA3100;i:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-08-27 285152]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);i:\windows\system32\DRIVERS\ssudbus.sys [2014-10-13 89856]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);i:\windows\system32\DRIVERS\ssudmdm.sys [2014-10-13 184192]
S0 SCMNdisP;General NDIS Protocol Driver;i:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 21728]
S1 CLVirtualDrive;CLVirtualDrive;i:\windows\system32\DRIVERS\CLVirtualDrive.sys [2011-12-27 73712]
S2 AMD FUEL Service;AMD FUEL Service;i:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-11-01 276992]
S2 AODDriver4.2.0;AODDriver4.2.0;i:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2013-09-20 50432]
S2 GfExperienceService;NVIDIA GeForce Experience Service;i:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 NvNetworkService;NVIDIA Network Service;i:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;i:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 SBSDWSCService;SBSD Security Center Service;i:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;i:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;i:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
S3 amdhub30;AMD USB 3.0 Hub Driver;i:\windows\system32\DRIVERS\amdhub30.sys [2013-05-27 85312]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;i:\windows\system32\DRIVERS\amdxhc.sys [2013-05-27 178496]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;i:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
S3 NvStreamKms;NvStreamKms;i:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);i:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 usbfilter;AMD USB Filter Driver;i:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 14:08 1087816 ----a-w- i:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-22 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2015-01-05 04:03]
.
2015-01-22 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2015-01-05 04:03]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - i:\users\Mustard-Tiger\AppData\Roaming\Mozilla\Firefox\Profiles\5f1b60zv.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Power2GoExpress8 - (no file)
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLVirtualDrive]
"ImagePath"="system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="i:\users\Mustard-Tiger\Documents\COD.WaW.iso"
"ImagePath"="system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="i:\users\Mustard-Tiger\Documents\COD.WaW.iso"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\nvvsvc.exe
i:\program files\NVIDIA Corporation\Display\nvxdsync.exe
i:\windows\system32\nvvsvc.exe
i:\windows\system32\WLANExt.exe
i:\windows\system32\conhost.exe
i:\windows\system32\PnkBstrA.exe
i:\windows\system32\PnkBstrB.exe
i:\program files\CyberLink\Shared files\RichVideo.exe
i:\windows\system32\conhost.exe
i:\windows\system32\conhost.exe
i:\windows\system32\taskhost.exe
i:\windows\system32\conhost.exe
i:\program files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
i:\program files\NVIDIA Corporation\Display\nvtray.exe
i:\program files\Windows Media Player\wmpnetwk.exe
i:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
i:\windows\system32\msiexec.exe
i:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
i:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
i:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
i:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
.
**************************************************************************
.
Completion time: 2015-01-21  16:13:48 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-22 00:13
ComboFix2.txt  2011-08-03 14:57
.
Pre-Run: 91,932,155,904 bytes free
Post-Run: 91,719,106,560 bytes free
.
- - End Of File - - 428967D2AE6701D7B561843B2F7EF6BA
A36C5E4F47E84449FF07ED3517B43A31


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 22 January 2015 - 01:01 PM

Hello, please repost it here
Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 barefeat

barefeat
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 22 January 2015 - 01:43 PM

done


Edited by barefeat, 22 January 2015 - 01:47 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:38 PM

Posted 22 January 2015 - 03:08 PM

Thanks...
http://www.bleepingcomputer.com/forums/t/564087/unisales-20/#entry3603988

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users