Jump to content

Ross2011

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. This is what I can get from Spybot hope it helps. When I hover over the following it says "WinBancos.zip" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurretVersion\Internet Settings\prd Thanks in advance!
  2. Hi miekiemoes, Since my last post everything has been clean. As scheduled I ran malwarebytes and spybot last night and spybot told me I had "win32.bancos" trojan? I don't get it because Malwarebytes is running in protection mode (w/latest updates) all the time on my pc blocking sites so how would I get this? Here is the malwarebytes log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6256 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/3/2011 10:54:37 AM mbam-log-2011-04-03 (10-54-37).txt Scan type: Quick scan Objects scanned: 179847 Time elapsed: 13 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I also ran the HTL Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:52 AM, on 4/3/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\BacsTray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint\Apntex.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Trend Micro\Browser Guard\BGUI.exe C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe C:\Documents and Settings\Viraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE" O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8687 bytes Thanks in advance!
  3. Thanks! Would everyone who uses the pc need to change passwords or just the user which showed up in the original scan? Thanks again for all your help.
  4. Ok here are the logs from Hijack and Malwarebytes. Thanks! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:27:18 PM, on 11/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\BacsTray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-21-1535801421-1010644667-692029220-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Narendra') O4 - HKUS\S-1-5-21-1535801421-1010644667-692029220-1005\..\Run: [Google Update] "C:\Documents and Settings\Narendra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Narendra') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9730 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5062 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/6/2010 1:39:07 PM mbam-log-2010-11-06 (13-39-07).txt Scan type: Quick scan Objects scanned: 170548 Time elapsed: 10 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. I just did a search for "appconf32.exe" and nothing came up would I still need to anything? Thanks!
  6. Ran malware on friends laptop and the log came up with the following. I fixed the files. Do I have anything else to worry about? There are several users but infected files came up for only "1" user. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5056 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/5/2010 6:41:42 PM mbam-log-2010-11-05 (18-41-42).txt Scan type: Quick scan Objects scanned: 170311 Time elapsed: 10 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 65 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\cock\user@2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ad.yieldmanager[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ads.bridgetrack[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@bankofamerica[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@barclaybankdelaware.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@capitalone[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@capitalone[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@cards.chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@cdn4.specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@cdn4.specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chaseonline.chase[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chaseonline.chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chase[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@content.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@content.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@content.yieldmanager[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@dhgmanagement.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@edge.ru4[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@edge.ru4[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@healthwiseorg.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@highbeam.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@homestore.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@juniper[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@juniper[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@malaysiaairlines.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@marriottinternational.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@revsci[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@rm.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@roiservice[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@sales.liveperson[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@sales.liveperson[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@sales.liveperson[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@servicing.capitalone[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@servicing.capitalone[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tradekey[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tradekey[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@traveladvertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@traveladvertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tribalfusion[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@triseptsolutions.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@vendorweb.citibank[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@vendorweb.citibank[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@virginamerica.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@wamu[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@wamu[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@webtrends.chase[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@webtrends.chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@webtrends.chase[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.bankofamerica[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.juniper[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.juniper[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.juniper[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.tradekey[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.