password.stealer

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/13/2009 9:47:31 PM
mbam-log-2009-12-13 (21-47-31).txt

Scan type: Quick Scan
Objects scanned: 100384
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 65

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\Win.exe (IM.Worm) -> Delete on reboot.
C:\Windows\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot.
C:\Windows\repair\kasutio (Rootkit.Rustock) -> Delete on reboot.
C:\Windows\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot.
C:\Windows\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot.
C:\Windows\repair\sql.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\repair\whw.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Please, post MBAM log from after reboot.

When the scan ran after the reboot, it found no malicious items. Thanks so much for all of your help in getting rid of them. Here is the log.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/18/2009 9:14:41 PM
mbam-log-2009-12-18 (21-14-41).txt

Scan type: Quick Scan
Objects scanned: 100192
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Very good :)
Happy surfing :)