Ross2011
Members-
Posts
7 -
Joined
-
Last visited
Reputation
0 Neutral-
Thank you!!
-
This is what I can get from Spybot hope it helps. When I hover over the following it says "WinBancos.zip" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurretVersion\Internet Settings\prd Thanks in advance!
-
Hi miekiemoes, Since my last post everything has been clean. As scheduled I ran malwarebytes and spybot last night and spybot told me I had "win32.bancos" trojan? I don't get it because Malwarebytes is running in protection mode (w/latest updates) all the time on my pc blocking sites so how would I get this? Here is the malwarebytes log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6256 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/3/2011 10:54:37 AM mbam-log-2011-04-03 (10-54-37).txt Scan type: Quick scan Objects scanned: 179847 Time elapsed: 13 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I also ran the HTL Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:52 AM, on 4/3/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\BacsTray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint\Apntex.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Trend Micro\Browser Guard\BGUI.exe C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe C:\Documents and Settings\Viraj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE" O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8687 bytes Thanks in advance!
-
Thanks! Would everyone who uses the pc need to change passwords or just the user which showed up in the original scan? Thanks again for all your help.
-
Ok here are the logs from Hijack and Malwarebytes. Thanks! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:27:18 PM, on 11/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\BacsTray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-21-1535801421-1010644667-692029220-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Narendra') O4 - HKUS\S-1-5-21-1535801421-1010644667-692029220-1005\..\Run: [Google Update] "C:\Documents and Settings\Narendra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Narendra') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O10 - Unknown file in Winsock LSP: c:\program files\iobit\advanced systemcare 3\spictrl.dll O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9730 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5062 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/6/2010 1:39:07 PM mbam-log-2010-11-06 (13-39-07).txt Scan type: Quick scan Objects scanned: 170548 Time elapsed: 10 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
I just did a search for "appconf32.exe" and nothing came up would I still need to anything? Thanks!
-
Ran malware on friends laptop and the log came up with the following. I fixed the files. Do I have anything else to worry about? There are several users but infected files came up for only "1" user. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5056 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/5/2010 6:41:42 PM mbam-log-2010-11-05 (18-41-42).txt Scan type: Quick scan Objects scanned: 170311 Time elapsed: 10 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 65 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\cock\user@2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ad.yieldmanager[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@ads.bridgetrack[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@bankofamerica[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@barclaybankdelaware.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@capitalone[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@capitalone[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@cards.chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@cdn4.specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@cdn4.specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chaseonline.chase[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chaseonline.chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chase[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@content.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@content.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@content.yieldmanager[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@dhgmanagement.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@edge.ru4[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@edge.ru4[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@healthwiseorg.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@highbeam.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@homestore.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@juniper[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@juniper[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@malaysiaairlines.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@marriottinternational.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@revsci[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@rm.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@roiservice[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@sales.liveperson[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@sales.liveperson[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@sales.liveperson[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@servicing.capitalone[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@servicing.capitalone[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tradekey[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tradekey[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@traveladvertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@traveladvertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tribalfusion[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@triseptsolutions.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@vendorweb.citibank[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@vendorweb.citibank[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@virginamerica.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@wamu[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@wamu[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@webtrends.chase[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@webtrends.chase[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@webtrends.chase[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.bankofamerica[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.juniper[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.juniper[2].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.juniper[3].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@www.tradekey[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\cock\user@yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.