MarkJohnson Posted March 21, 2013 Posted March 21, 2013 All programs ran clean except MBAM. I also have 6 users on this machine. Will I need to do this 5 more times? HiJackThis.log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:30:13 AM, on 3/21/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17123) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe c:Program FilesMicrosoft Security ClientMsMpEng.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesSUPERAntiSpywareSASCORE.EXE C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe C:WINDOWSsystem32svchost.exe C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32wuauclt.exe C:Program FilesQuickTimeQTTask.exe C:Program FilesiTunesiTunesHelper.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesMessengermsmsgs.exe C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe C:Program FilesiPodbiniPodService.exe C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe C:Documents and Settingskelly smithMy DocumentsDownloadsHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.katu.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local O2 - BHO: TranslatorBar 1 - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:Program FilesTranslatorBar_1prxtbTra0.dll O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:Program FilesHewlett-PackardSmartPrintQuickPrintBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:Program FilesGoogleAFEGoogleAE.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:Program FilesTranslatorBar_1prxtbTra0.dll O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun O4 - HKLM..Run: [APSDaemon] "C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe" O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:WINDOWSsystem32shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://mygp.gp.com/includes/,DanaInfo=ess.srv.gapac.com,SSL+ScriptX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140041711728 O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - https://mygp.gp.com/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - https://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Google Update Service (gupdate1ca16e527d787de) (gupdate1ca16e527d787de) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program FilesSkypeUpdaterUpdater.exe -- End of file - 8606 bytes MBAM.log Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.21.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 kelly smith :: SMITH [administrator] Protection: Enabled 3/21/2013 2:59:19 AM MBAM-log-2013-03-21 (03-38-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 330889 Time elapsed: 33 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken. HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWeather Services (Adware.Hotbar) -> No action taken. Registry Values Detected: 2 HKCUSOFTWAREMicrosoftInternet ExplorerMenuExt&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt487QZUS -> No action taken. HKLMSOFTWAREMicrosoftWindowsCurrentVersionControl PanelCpls|wxfw.dll (Adware.Hotbar) -> Data: C:Program FilesThe Weather Channel FWFrameworkwxfw.cpl -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 29 C:Documents and Settingsarianne smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReport (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsres1 (Adware.ShopperReports) -> No action taken. C:WINDOWSsystem32AdCache (AdWare.Cydoor) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken. Files Detected: 44 C:Documents and Settingsamberly smithDesktopReal Music Ringtones!.lnk (Rogue.Link) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingsarianne smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingsbrendan smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken. C:Documents and Settingslisa smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken. C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsres1WhiteList.dbs (Adware.ShopperReports) -> No action taken. C:WINDOWSsystem32AdCacheB_329_0_0_106800.htm (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_1_0_449200.gif (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_2_0_106800.htm (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_3_0_106800.htm (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_4_0_111600.htm (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_4_0_152400.htm (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_4_0_155300.htm (AdWare.Cydoor) -> No action taken. C:WINDOWSsystem32AdCacheB_329_4_0_164100.htm (AdWare.Cydoor) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsplaysushi.js (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken. (end)
Administrator Tarun Posted March 21, 2013 Administrator Posted March 21, 2013 I see a lot of No Action Taken in the Malwarebytes Log. I'd recommend doing one full computer scan and then a quick scan on each user account. Remove all malicious items found.
MarkJohnson Posted March 21, 2013 Author Posted March 21, 2013 Yes, the mbam log was a pre-check. It asked me to remove checked and it removed everything, but things are still super slow. I am runing mbam again, but with full scan and I'm at 4+hours with almost 150k objects scanned and still going. I think I should have ran ccleaner on each account first as it's stuck in profile's temp folders. I'll report back with new log. -=Mark=-
greenknight Posted March 22, 2013 Posted March 22, 2013 Always a good idea to run CCleaner before scanning. No point in wasting time scanning temp files.
MarkJohnson Posted March 22, 2013 Author Posted March 22, 2013 here is the mbam log from today: Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.21.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 kelly smith :: SMITH [administrator] Protection: Enabled 3/21/2013 11:42:32 PM MBAM-log-2013-03-22 (08-38-57).txt Scan type: Full scan (C:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 460881 Time elapsed: 4 hour(s), 57 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCRTypeLib{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> No action taken. Registry Values Detected: 1 HKLMSOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs|C:PROGRAM FILESCOMMON FILESINSTALLSHIELDENGINE6INTEL 32IKERNEL.EXE (Trojan.Vilsel) -> Data: 7 -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe (Trojan.Vilsel) -> No action taken. (end) Here is yesterday afternoon's log file: Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.21.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 kelly smith :: SMITH [administrator] Protection: Enabled 3/21/2013 11:19:37 AM MBAM-log-2013-03-21 (18-08-24).txt Scan type: Full scan (C:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 460422 Time elapsed: 6 hour(s), 49 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 6 C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken. Files Detected: 11 C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken. C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsplaysushi.js (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken. C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken. (end)
Administrator Tarun Posted March 22, 2013 Administrator Posted March 22, 2013 You still need to remove objects that are found.
MarkJohnson Posted March 22, 2013 Author Posted March 22, 2013 Like I said before, they are removed. This is just the way the report comes up. I'm afraid if I remove them first the report won't generate properly. -=Mark=-
MarkJohnson Posted March 22, 2013 Author Posted March 22, 2013 OK, I went into the logs sections instead of creating a report myseklf. I found this one. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.21.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 kelly smith :: SMITH [administrator] Protection: Enabled 3/21/2013 11:42:32 PM mbam-log-2013-03-21 (23-42-32).txt Scan type: Full scan (C:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 460881 Time elapsed: 4 hour(s), 57 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCRTypeLib{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLMSOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs|C:PROGRAM FILESCOMMON FILESINSTALLSHIELDENGINE6INTEL 32IKERNEL.EXE (Trojan.Vilsel) -> Data: 7 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe (Trojan.Vilsel) -> Quarantined and deleted successfully. (end)
Administrator Tarun Posted March 23, 2013 Administrator Posted March 23, 2013 Thank you. Are you still seeing symptoms of infection?
MarkJohnson Posted March 23, 2013 Author Posted March 23, 2013 No change at all, maybe even worse. Everything is so laggy and non-responsive. -=Mark=-
Administrator Tarun Posted March 23, 2013 Administrator Posted March 23, 2013 Clean all user profiles and once you've done so, log into an administrator account and do a full scan once more with both Malwarebytes and SUPERAntiSpyware. Then get an updated HijackThis log. If the two scanners find anything, post the logs.
Administrator Tarun Posted April 6, 2013 Administrator Posted April 6, 2013 Due to lack of response this topic is now closed. If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup
Recommended Posts