« previous next »
Pages: [1]   Go Down

Author Topic: Spyware.Passwords.XGen  (Read 363 times)

0 Members and 1 Guest are viewing this topic.

Offline elsie2

  • Newbie
  • *
  • Posts: 4
Spyware.Passwords.XGen
« on: September 26, 2011, 02:06:23 PM »
I ran Malwarebytes and found Spyware.Passwords.XGen on my computer; I removed the infected file.  I have pasted the log below.  I also ran Norton Anti-Virus after this and found no problems.  Is there anything else I need to do or is my computer clean now?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7796

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/25/2011 11:15:03 AM
mbam-log-2011-09-25 (11-15-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 298803
Time elapsed: 52 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\TVMOBiLi\bin\itunesalbumartgenerator.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Spyware.Passwords.XGen
« Reply #1 on: September 26, 2011, 02:50:32 PM »
Hi, elsie2.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

In order to determine if there is anything else that is recommended to be done, I need additional information.  Please follow the instructions in Log Posting Instructions.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline elsie2

  • Newbie
  • *
  • Posts: 4
Re: Spyware.Passwords.XGen
« Reply #2 on: September 26, 2011, 05:56:43 PM »
I ran Malwarebytes and found Spyware.Passwords.XGen on my computer; I removed the infected file with Malwarebytes.  I also ran Norton Anti-Virus after that and found no problems.  I have rebooted the computer since then.  I pasted the Malwarebytes log in my first post.  I have now run the other requested files and pasted the results below (checkup.txt, DDS.txt, and Attach.txt)  Is there anything else I need to do or is my computer clean now?

checkup.txt results:

 Results of screen317's Security Check version 0.99.18 
 Windows 7  (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Norton AntiVirus     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 27 
 Adobe Flash Player   
 Mozilla Firefox (3.6.18) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
``````````End of Log````````````


DDS.txt results:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_27
Run by LC2 at 11:38:35 on 2011-09-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3758.2016 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Luttmann\vmcPlayIt\PlayItVideoServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\FreeBar\FreeBar.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://duckduckgo.com/?ke=-1&kf=w&kj=w&ku=1&kw=w&ky=-1&k1=-1&k4=-1
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\LC2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FreeBar] "C:\Program Files (x86)\FreeBar\FreeBar.exe"
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: netflix.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 192.168.1.1
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 192.168.0.1 205.171.3.25 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DhcpNameServer = 192.168.0.1 205.171.3.25 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\350756272797D2E65647 : DhcpNameServer = 68.87.85.102 68.87.69.150
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LC2\AppData\Roaming\Mozilla\Firefox\Profiles\d4vu3uyn.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo (SSL)
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/?ke=-1&kf=w&kj=w&ku=1&kw=w&ky=-1&k1=-1&k4=-1
FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/&ke=-1&kf=w&kj=w&ku=1&kw=w&ky=-1&k1=-1&k4=-1&?q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\LC2\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\LC2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\LC2\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn
FF - Ext: Hide Google Options: googleoptions@bruceclay.com - %profile%\extensions\googleoptions@bruceclay.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1108000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20110923.030\IDSviA64.sys [2011-9-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1108000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe [2010-12-21 126392]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-12-3 341296]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-3-14 47616]
R2 PlayItVideoServer;PlayIt Video Server Manager;C:\Program Files\Luttmann\vmcPlayIt\PlayItVideoServer.exe [2010-6-12 96768]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-7-3 259192]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-29 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-7-29 575856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-7-3 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-7-29 1021840]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2011-6-17 4419952]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-20 20:33:45   476904   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-20 19:34:12   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-09-20 19:34:12   2048   ----a-w-   C:\Windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2011-09-20 20:37:39   525544   ----a-w-   C:\Windows\System32\deployJava1.dll
2011-09-20 20:33:16   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-08-31 23:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-07-22 05:22:26   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49   243200   ----a-w-   C:\Windows\System32\wow64.dll
2011-07-16 05:41:49   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12   421888   ----a-w-   C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22   272384   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-03 08:13:22   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2011-07-03 08:13:22   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
.
============= FINISH: 11:39:08.35 ===============


Attach.txt results:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2010 10:09:01 PM
System Uptime: 9/26/2011 7:21:32 AM (4 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel(R) Pentium(R) CPU        P6100  @ 2.00GHz | N/A | 1459/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 229.64 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP89: 8/28/2011 6:56:40 AM - Scheduled Checkpoint
RP90: 9/5/2011 12:33:34 AM - Scheduled Checkpoint
RP91: 9/13/2011 12:00:01 AM - Scheduled Checkpoint
RP92: 9/20/2011 1:34:20 PM - Windows Update
RP93: 9/20/2011 1:40:22 PM - Installed Remote Keyboard with PlayStation 3
RP94: 9/20/2011 1:40:51 PM - Removed Remote Keyboard with PlayStation 3
RP95: 9/20/2011 1:41:25 PM - Installed Remote Keyboard with PlayStation 3
RP96: 9/20/2011 2:26:40 PM - Removed Java(TM) 6 Update 20
RP97: 9/20/2011 2:27:26 PM - Removed Java(TM) 6 Update 20 (64-bit)
RP98: 9/20/2011 2:32:41 PM - Installed Java(TM) 6 Update 27
RP99: 9/20/2011 2:36:34 PM - Installed Java(TM) 6 Update 27 (64-bit)
.
==== Installed Programs ======================
.
.
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Application Manager for VAIO
ArcSoft WebCam Companion 3
calibre
Corel WinDVD
Desktop Icon Position Saver (64-bit)
FreeBar 0.9.2.7
Google Chrome
Google Talk Plugin
Google Update Helper
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 27
Junk Mail filter update
MakeMKV v1.6.3
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Gallery
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobiKindle
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Norton AntiVirus
Oasis2Service 1.0
OOBE
OpenOffice.org 3.2
Opera 11.50
PlayOn
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
PrimoPDF -- brought to you by Nitro PDF Software
Realtek High Definition Audio Driver
Remote Keyboard
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
SmartWi Connection Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story Template Data
VAIO Quick Web Access
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
VLC media player 1.1.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinX DVD Ripper Platinum 6.0.0
XBMC
.
==== End Of File ===========================
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Spyware.Passwords.XGen
« Reply #3 on: September 26, 2011, 10:47:29 PM »
Hi, elsie2.

I noticed that you have two PDF readers, however, both are out of date.  Adobe Reader, in particular, has had critical security updates.  If you no longer use it, I suggest you uninstall it.  You can always download the latest version later if you change your mind. 

Adobe Reader 9.3.2 is at version 10.1.1.  Adobe Reader FTP Direct Download:  ftp://ftp.adobe.com/pub/adobe/reader/win/
Nitro PDF 1.0 is at version 2:  http://www.nitroreader.com/download/

Firefox 3.6.18 is (as of today) at version 6.0.2 but, according to the new "rapid release schedule", version 7 is expected to be released tomorrow (27Sep2011).  Although there is quite a change in the look and feel from version 3 to version 6, critical security updates have been included in the new version releases.  For that reason, I strongly encourage you to update to the latest version.

Similarly, you need to update Internet Explorer 8 to IE 9, which also includes security enhancements.

You have added netflix.com to the Trusted Zone.  Since any site can be compromised, personally, I would not place any site in the Trusted Zone.  Should you wish to remove to remove this entry, please do the following:

Launch Internet Explorer > Click the Tools button > Click Internet Options.
Click the Security tab > Click Trusted sites.
Click Sites > In Websites, click the website that you want to remove.
Click Remove > Click Close > Click OK

Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now or if you have any questoins.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline elsie2

  • Newbie
  • *
  • Posts: 4
Re: Spyware.Passwords.XGen
« Reply #4 on: September 26, 2011, 11:46:36 PM »
Before I run that file and add anything more to my computer (a new ActiveX control), can you please tell what you found regarding Spyware.Passwords.GenX based on the first files I sent you?  I am only concerned at this point about whether I removed everything related to Spyware.Passwords.GenX with Malwarebytes.  I do appreciate the help but I'm not worried about outdated pdf readers or firefox.  I don't use netflix or internet explorer and I haven't updated that for a very specific reason.  Again, I do appreciate the suggestions but do I need to worry about Spyware.Passwords.GenX anymore?  Thank you.
Logged

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Spyware.Passwords.XGen
« Reply #5 on: September 27, 2011, 12:51:40 AM »
Hi, elsie2.

I did not see anything in the logs, which was why I suggested the online scan as a precaution.  Your choice.

Since you don't use Netflix, that makes it more important to remove it from the trusted zone.  The default security level of a site in the Trusted Zone is low.  Your choice.

You may not be worried about the outdated software, but it could well be how your computer became infected in the first place.  Again, your choice.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline elsie2

  • Newbie
  • *
  • Posts: 4
Re: Spyware.Passwords.XGen
« Reply #6 on: September 27, 2011, 01:35:57 AM »
I'm pretty sure I know when and where I got this--that's why I ran Malwarebytes ASAP.  I'm just not familiar with Spyware.Passwords.GenX--where it might go and how quickly. 

Thanks for the help to this point.  I do appreciate it.  I can't run the other scan until tomorrow.  I will post back then with the results. 
Logged
Pages: [1]   Go Up
« previous next »