Jump to content

spyware.password.xgen


Recommended Posts

Hi

I am running MBAM (pro) 1.51.1.1800 on Windows XP SP3. My antivirus software is McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.7.0i.

About one week ago, the protection module found Defender.exe, quarantined it and I then deleted it from the quarantine. All seemed to be well. This week I noticed that the sprint spooler service was not running. I tried to start it again and the protection module then warned me that it had quarantined spyware.password.xgen. Whether they are related or not, I don't know.

I want to be sure that there is nothing lingering and also if you had any info about what spyware.password.xgen does.

Here is the text from DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26

Run by username at 17:26:29 on 2011-08-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3060.1572 [GMT -5:00]

.

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\ngvpnmgr.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

svchost.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\fdhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\WINDOWS\OA001Mon.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\MI1933~1\Office14\OIS.EXE

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

.

============== Pseudo HJT Report ===============

.

uLocal Page = \blank.htm

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Google Update] "c:\documents and settings\username\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [OA001Mon] c:\windows\OA001Mon.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

Trusted Zone: facebook.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248818629296

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256582034497

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8EC6497F-BD02-4117-BC5A-EEF4BD40C8F2} : DhcpNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\username\application data\mozilla\firefox\profiles\niqv59na.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.cyfairfcu.org/v2/

FF - plugin: c:\documents and settings\username\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.68\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R?2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-15 343920]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-15 366640]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-15 70728]

R2 MSSQL$SQL2008R2;SQL Server (SQL2008R2);c:\program files\microsoft sql server\mssql10_50.sql2008r2\mssql\binn\sqlservr.exe [2010-4-3 42884448]

R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2010-10-10 291504]

R2 SQLAgent$SQL2008R2;SQL Server Agent (SQL2008R2);c:\program files\microsoft sql server\mssql10_50.sql2008r2\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-21 112512]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-7-21 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-21 244368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-15 22712]

R3 MSSQLFDLauncher$SQL2008R2;SQL Full-text Filter Daemon Launcher (SQL2008R2);c:\program files\microsoft sql server\mssql10_50.sql2008r2\mssql\binn\fdlauncher.exe [2010-4-3 28512]

R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2010-10-10 27160]

R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2010-10-10 77336]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-7-21 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-21 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-21 280096]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-7-21 232744]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-7-12 245760]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2009-11-1 223232]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-15 91832]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-15 43288]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-15 66600]

S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584]

S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880]

S3 MSOLAP$SQL2008R2;SQL Server Analysis Services (SQL2008R2);c:\program files\microsoft sql server\msas10_50.sql2008r2\olap\bin\msmdsrv.exe [2010-4-3 25768800]

S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2010-10-10 23064]

S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2010-10-10 25112]

S3 ReportServer$LTusername;SQL Server Reporting Services (LTusername);c:\program files\microsoft sql server\msrs10.ltusername\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]

S3 ReportServer$SQL2008R2;SQL Server Reporting Services (SQL2008R2);c:\program files\microsoft sql server\msrs10_50.sql2008r2\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]

S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

.

=============== Created Last 30 ================

.

2011-08-28 16:56:42 388096 ----a-r- c:\documents and settings\username\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-28 16:56:41 -------- d-----w- c:\program files\Trend Micro

2011-08-18 16:28:42 -------- d-----w- c:\program files\eMule

2011-08-18 15:50:28 -------- d-----w- c:\program files\Conduit

2011-08-18 15:50:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-18 15:50:26 -------- d-----w- c:\program files\ConduitEngine

2011-08-18 15:50:26 -------- d-----w- c:\documents and settings\username\local settings\application data\uTorrentBar

2011-08-18 15:50:26 -------- d-----w- c:\documents and settings\username\local settings\application data\ConduitEngine

2011-08-18 15:50:25 -------- d-----w- c:\documents and settings\username\local settings\application data\Conduit

2011-08-18 15:50:24 -------- d-----w- c:\program files\uTorrentBar

2011-08-18 15:02:33 -------- d-----w- c:\program files\SPEtc.com

2011-08-13 13:36:30 2646016 ----a-w- c:\documents and settings\username\application data\microsoft\sharepoint designer\proxyassemblycache\14.0.0.5138\Microsoft.SharePoint.Proxy.dll

2011-08-05 20:49:59 28672 ----a-w- c:\documents and settings\username\application data\microsoft\sharepoint designer\proxyassemblycache\14.0.0.5138\System.Web.Proxy.dll

2011-08-05 20:12:16 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-07-31 17:19:35 -------- d-----w- c:\documents and settings\username\application data\Company Software

2011-07-31 17:16:58 -------- d-----w- c:\documents and settings\username\local settings\application data\Company Software

2011-07-30 22:22:25 -------- d-----w- c:\program files\Company Software

2011-07-30 22:22:25 -------- d-----w- c:\documents and settings\all users\application data\Company Software

.

==================== Find3M ====================

.

2011-08-26 02:56:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-23 16:08:03 256 ----a-w- c:\windows\system32\pool.bin

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 17:26:56.89 ===============

Here is the text from the mbam-log after spyware.password.xgen was quarantined:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7595

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2011-08-28 12:19:26 PM

mbam-log-2011-08-28 (12-19-26).txt

Scan type: Quick scan

Objects scanned: 282114

Time elapsed: 21 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the text from the protection log:

09:44:55 IP-BLOCK 208.73.210.29 (Type: outgoing)

09:44:58 IP-BLOCK 208.73.210.29 (Type: outgoing)

09:45:04 IP-BLOCK 208.73.210.29 (Type: outgoing)

11:45:22 DETECTION C:\Documents and Settings\username\Local Settings\temp\40EF.tmp Spyware.Passwords.XGen QUARANTINE

11:45:22 DETECTION C:\Documents and Settings\username\Local Settings\temp\40EF.tmp Spyware.Passwords.XGen DENY

11:57:35 MESSAGE IP Protection stopped

11:57:43 MESSAGE Database updated successfully

11:57:45 MESSAGE IP Protection started successfully

20:25:35 MESSAGE IP Protection stopped

20:25:36 MESSAGE Scheduled update executed successfully

20:25:45 MESSAGE Database updated successfully

20:25:47 MESSAGE IP Protection started successfully

23:28:13 MESSAGE Protection started successfully

23:28:21 MESSAGE IP Protection started successfully

I have also attached the logs from GMER and DDS.

Hi

Is anyone available to take a look at my logs? Thanks.

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

This goes for uTorrent and anything else you may have installed.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.