Jump to content

Recommended Posts

Posted

All programs ran clean except MBAM.  I also have 6 users on this machine.  Will I need to do this 5 more times?

 

HiJackThis.log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:13 AM, on 3/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17123)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesMicrosoft Security ClientMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Documents and Settingskelly smithMy DocumentsDownloadsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.katu.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: TranslatorBar 1 - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:Program FilesTranslatorBar_1prxtbTra0.dll
O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:Program FilesHewlett-PackardSmartPrintQuickPrintBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:Program FilesGoogleAFEGoogleAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:Program FilesTranslatorBar_1prxtbTra0.dll
O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [APSDaemon] "C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://mygp.gp.com/includes/,DanaInfo=ess.srv.gapac.com,SSL+ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140041711728
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - https://mygp.gp.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - https://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1ca16e527d787de) (gupdate1ca16e527d787de) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program FilesSkypeUpdaterUpdater.exe

--
End of file - 8606 bytes

 

MBAM.log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 2:59:19 AM
MBAM-log-2013-03-21 (03-38-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330889
Time elapsed: 33 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWeather Services (Adware.Hotbar) -> No action taken.

Registry Values Detected: 2
HKCUSOFTWAREMicrosoftInternet ExplorerMenuExt&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt487QZUS -> No action taken.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionControl PanelCpls|wxfw.dll (Adware.Hotbar) -> Data: C:Program FilesThe Weather Channel FWFrameworkwxfw.cpl -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:Documents and Settingsarianne smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsres1 (Adware.ShopperReports) -> No action taken.
C:WINDOWSsystem32AdCache (AdWare.Cydoor) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.

Files Detected: 44
C:Documents and Settingsamberly smithDesktopReal Music Ringtones!.lnk (Rogue.Link) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsres1WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_0_0_106800.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_1_0_449200.gif (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_2_0_106800.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_3_0_106800.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_111600.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_152400.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_155300.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_164100.htm (AdWare.Cydoor) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsplaysushi.js (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.

(end)
 

 

  • Administrator
Posted

I see a lot of No Action Taken in the Malwarebytes Log. I'd recommend doing one full computer scan and then a quick scan on each user account. Remove all malicious items found.

Posted

Yes, the mbam log was a pre-check.  It asked me to remove checked and it removed everything, but things are still super slow.

 

I am runing mbam again, but with full scan and I'm at 4+hours with almost 150k objects scanned and still going.

 

I think I should have ran ccleaner on each account first as it's stuck in profile's temp folders.

 

I'll report back with new log.

-=Mark=-

Posted

here is the mbam log from today:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 11:42:32 PM
MBAM-log-2013-03-22 (08-38-57).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460881
Time elapsed: 4 hour(s), 57 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCRTypeLib{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> No action taken.

Registry Values Detected: 1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs|C:PROGRAM FILESCOMMON FILESINSTALLSHIELDENGINE6INTEL 32IKERNEL.EXE (Trojan.Vilsel) -> Data: 7 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe (Trojan.Vilsel) -> No action taken.

(end)

 

Here is yesterday afternoon's log file:

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 11:19:37 AM
MBAM-log-2013-03-21 (18-08-24).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460422
Time elapsed: 6 hour(s), 49 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.

Files Detected: 11
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsplaysushi.js (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.

(end)


 

Posted

Like I said before, they are removed.  This is just the way the report comes up.  I'm afraid if I remove them first the report won't generate properly.

 

-=Mark=-

Posted

OK, I went into the logs sections instead of creating a report myseklf.  I found this one.

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 11:42:32 PM
mbam-log-2013-03-21 (23-42-32).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460881
Time elapsed: 4 hour(s), 57 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCRTypeLib{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs|C:PROGRAM FILESCOMMON FILESINSTALLSHIELDENGINE6INTEL 32IKERNEL.EXE (Trojan.Vilsel) -> Data: 7 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.

(end)
 

  • Administrator
Posted

Thank you. Are you still seeing symptoms of infection?

  • Administrator
Posted

Clean all user profiles and once you've done so, log into an administrator account and do a full scan once more with both Malwarebytes and SUPERAntiSpyware. Then get an updated HijackThis log. If the two scanners find anything, post the logs.

  • 2 weeks later...
  • Administrator
Posted

Due to lack of response this topic is now closed.

If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup

Guest
This topic is now closed to further replies.
×
×
  • Create New...