Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What's wrong with my computer?


  • Please log in to reply
1 reply to this topic

#1 pixycomp

pixycomp

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 31 July 2015 - 12:30 AM

Windows 7 -- "My Documents" became "hidden" without my hiding them, yet no one else had physical access to my computer.  Others had network access (I don't know if sharing was allowed on my computer at the time).  Tech guys who subsequently examined my computer told me that my "activity" has been "watched" via a "rootkit" so I should change my passwords and bank account info. 

 

I want to know for various reasons if someone broke into my computer via a network or if I simply clicked the wrong link(s) at some point and downloaded something bad.  Any feedback by your experts is appreciated.  This is what was on my computer:

C:\Qoobox\Quarantine\C\ProgramData\1420144794.bdinstall.bin.vir
C:\Qoobox\Quarantine\C\ProgramData\1420144785.bdinstall.bin.vir
C:\Qoobox\Quarantine\C\ProgramData\1420086589.bdinstall.bin.vir

C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll.vir

C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\5c57a158-1254-45f6-b629-b2debbf1fd29.dll.vir
C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\c74b2d1b-fd92-4f74-8532-20f83f9afd65.dll.vir
C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\ee4747a4-1d1b-42c1-8a8c-1de04bbb2379.dll.vir
C:\Qoobox\Quarantine\C\ProgramData\PCDr\6426\AddOnDownloaded\0124e21d-018c-4ce0-92a3-b9e205a76bc0.dll.vir
C:\Qoobox\Quarantine\C\END.vir

HKU\S-1-5-21-2893293162-2142547107-3866354414-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic
    PUP.Optional.Softonic.A

HKU\S-1-5-21-2893293162-2142547107-3866354414-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes
    PUP.Optional.Conduit.A

HKU\S-1-5-21-2893293162-2142547107-3866354414-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
    PUM.Hijack.StartMenu

HKU\S-1-5-21-2893293162-2142547107-3866354414-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{f999a48b-1950-4d81-9971-79018f807b4b}
    PUP.Optional.Conduit.A

HKU\S-1-5-21-2893293162-2142547107-3866354414-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS
    PUP.Optional.Conduit.A</vendor

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS
    PUP.Optional.Conduit.A

HKU\S-1-5-21-2893293162-2142547107-3866354414-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{f999a48b-1950-4d81-9971-79018f807b4b}
    PUP.Optional.Conduit.A

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{f999a48b-1950-4d81-9971-79018f807b4b}
    PUP.Optional.Conduit.A

HKU\S-1-5-21-2893293162-2142547107-3866354414-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
    PUM.Hijack.StartMenu

C:\Users\Marissa\AppData\Roaming\OpenCandy
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\3578F5513B8346BEA4AC7D80A61584E4
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\4AAED7B39747431BA9ECED2CFEC1406D
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\B18276EEFF79411EA0D6B9E145BE941A
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\FE12F815EA94492BBA42594A5C5CA231
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\3578F5513B8346BEA4AC7D80A61584E4\LatestDLMgr.exe
    PUP.Optional.OpenCandy.A

C:\Users\Marissa\AppData\Roaming\OpenCandy\3578F5513B8346BEA4AC7D80A61584E4\OpenCandyU1Dlm.dll
    PUP.Optional.OpenCandy.A

C:\Users\Marissa\AppData\Roaming\OpenCandy\B18276EEFF79411EA0D6B9E145BE941A\LatestDLMgr.exe
    PUP.Optional.OpenCandy.A

C:\Users\Marissa\AppData\Roaming\OpenCandy\B18276EEFF79411EA0D6B9E145BE941A\OpenCandyU1Dlm.dll
    PUP.Optional.OpenCandy.A

C:\Users\Marissa\AppData\Roaming\OpenCandy\3578F5513B8346BEA4AC7D80A61584E4\4087.ico
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\3578F5513B8346BEA4AC7D80A61584E4\SystemCheckup_p1v0.exe
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\4AAED7B39747431BA9ECED2CFEC1406D\RealPlayerR71POC3_p2v2.exe
    PUP.Optional.OpenCandy

C:\Users\Marissa\AppData\Roaming\OpenCandy\B18276EEFF79411EA0D6B9E145BE941A\47A647BD-4905-48C7-9539-A95F199019A4
    PUP.Optional.OpenCandy</vendor

C:\Users\Marissa\AppData\Roaming\OpenCandy\B18276EEFF79411EA0D6B9E145BE941A\B8DCC36F-4F05-445F-B1EE-FD8FC38CBBDA
    PUP.Optional.OpenCandy

 

C:\Users\Marissa\AppData\Roaming\OpenCandy\FE12F815EA94492BBA42594A5C5CA231\SendoriSetupx10403.exe
    PUP.Optional.OpenCandy



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:55 AM

Posted 31 July 2015 - 01:20 PM

These are results from running ComboFix..
Now to resolve your issues you need to repost the issues with a complete ComboFix log here...

Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users