Jump to content
Sign in to follow this  
MarkJohnson

MarkJohnson-HiJackThis

Recommended Posts

All programs ran clean except MBAM.  I also have 6 users on this machine.  Will I need to do this 5 more times?

 

HiJackThis.log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:13 AM, on 3/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17123)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
c:Program FilesMicrosoft Security ClientMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wuauclt.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Documents and Settingskelly smithMy DocumentsDownloadsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.katu.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: TranslatorBar 1 - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:Program FilesTranslatorBar_1prxtbTra0.dll
O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:Program FilesHewlett-PackardSmartPrintQuickPrintBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:Program FilesGoogleAFEGoogleAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:Program FilesTranslatorBar_1prxtbTra0.dll
O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [APSDaemon] "C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://mygp.gp.com/includes/,DanaInfo=ess.srv.gapac.com,SSL+ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140041711728
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - https://mygp.gp.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - https://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1ca16e527d787de) (gupdate1ca16e527d787de) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program FilesSkypeUpdaterUpdater.exe

--
End of file - 8606 bytes

 

MBAM.log

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 2:59:19 AM
MBAM-log-2013-03-21 (03-38-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330889
Time elapsed: 33 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWeather Services (Adware.Hotbar) -> No action taken.

Registry Values Detected: 2
HKCUSOFTWAREMicrosoftInternet ExplorerMenuExt&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt487QZUS -> No action taken.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionControl PanelCpls|wxfw.dll (Adware.Hotbar) -> Data: C:Program FilesThe Weather Channel FWFrameworkwxfw.cpl -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:Documents and Settingsarianne smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdb (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsreport (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsres2 (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReport (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcs (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsdwld (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsres1 (Adware.ShopperReports) -> No action taken.
C:WINDOWSsystem32AdCache (AdWare.Cydoor) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.

Files Detected: 44
C:Documents and Settingsamberly smithDesktopReal Music Ringtones!.lnk (Rogue.Link) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsarianne smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingsbrendan smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdbAliases.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdbSites.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsreportaggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsreportsend_storage.xml (Adware.ShopperReports) -> No action taken.
C:Documents and Settingslisa smithApplication DataShoppingReportcsres2WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsConfig.xml (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsdwldWhiteList.xip (Adware.ShopperReports) -> No action taken.
C:Documents and SettingsNetworkServiceApplication DataShoppingReportcsres1WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_0_0_106800.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_1_0_449200.gif (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_2_0_106800.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_3_0_106800.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_111600.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_152400.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_155300.htm (AdWare.Cydoor) -> No action taken.
C:WINDOWSsystem32AdCacheB_329_4_0_164100.htm (AdWare.Cydoor) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsplaysushi.js (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.

(end)
 

 

Share this post


Link to post
Share on other sites

I see a lot of No Action Taken in the Malwarebytes Log. I'd recommend doing one full computer scan and then a quick scan on each user account. Remove all malicious items found.

Share this post


Link to post
Share on other sites

Yes, the mbam log was a pre-check.  It asked me to remove checked and it removed everything, but things are still super slow.

 

I am runing mbam again, but with full scan and I'm at 4+hours with almost 150k objects scanned and still going.

 

I think I should have ran ccleaner on each account first as it's stuck in profile's temp folders.

 

I'll report back with new log.

-=Mark=-

Share this post


Link to post
Share on other sites

here is the mbam log from today:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 11:42:32 PM
MBAM-log-2013-03-22 (08-38-57).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460881
Time elapsed: 4 hour(s), 57 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCRTypeLib{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> No action taken.

Registry Values Detected: 1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs|C:PROGRAM FILESCOMMON FILESINSTALLSHIELDENGINE6INTEL 32IKERNEL.EXE (Trojan.Vilsel) -> Data: 7 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe (Trojan.Vilsel) -> No action taken.

(end)

 

Here is yesterday afternoon's log file:

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 11:19:37 AM
MBAM-log-2013-03-21 (18-08-24).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460422
Time elapsed: 6 hour(s), 49 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.com (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponents (PUP.PlaySushi) -> No action taken.

Files Detected: 11
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingsamberly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchrome.manifest (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.cominstall.rdf (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comchromepstextlinks.jar (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsplaysushi.js (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.dll (PUP.PlaySushi) -> No action taken.
C:Documents and Settingskelly smithApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@playsushi.comcomponentsPlaySushiFF.xpt (PUP.PlaySushi) -> No action taken.

(end)


 

Share this post


Link to post
Share on other sites

OK, I went into the logs sections instead of creating a report myseklf.  I found this one.

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.21.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
kelly smith :: SMITH [administrator]

Protection: Enabled

3/21/2013 11:42:32 PM
mbam-log-2013-03-21 (23-42-32).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460881
Time elapsed: 4 hour(s), 57 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCRTypeLib{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs|C:PROGRAM FILESCOMMON FILESINSTALLSHIELDENGINE6INTEL 32IKERNEL.EXE (Trojan.Vilsel) -> Data: 7 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:Program FilesCommon FilesInstallShieldengine6Intel 32IKernel.exe (Trojan.Vilsel) -> Quarantined and deleted successfully.

(end)
 

Share this post


Link to post
Share on other sites

Clean all user profiles and once you've done so, log into an administrator account and do a full scan once more with both Malwarebytes and SUPERAntiSpyware. Then get an updated HijackThis log. If the two scanners find anything, post the logs.

Share this post


Link to post
Share on other sites

Due to lack of response this topic is now closed.

If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...