Virus on laptop?

wolfeking

wolfeking

banned
ok, so sister has been using my acer for a few and I think she has got a virus on it. I have ran Malewarebytes, and got View attachment 4497.
I have also ran the hijackthis, but cant seem to get it to save the results. it will open notepad, and ask if i want to create the file, since it dont exist, but once I click yes, it just sits there doing nothing.

Can someone (I suspect Johnb) help figure this out?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6576

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/14/2011 10:15:05 AM
mbam-log-2011-05-14 (10-14-55).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 288910
Time elapsed: 36 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 93

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan (Adware.QuestScan) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube (Adware.Mp3Tube) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\mp3tube toolbar (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected] (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome (Adware.QuestScan) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> No action taken.

Files Infected:
c:\program files (x86)\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mp3tube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\questscan\questscan.dll (Adware.Agent.Gen) -> No action taken.
c:\program files (x86)\questscan\uninstall.exe (Adware.QuestScan) -> No action taken.
c:\Users\user\AppData\Local\Google\Chrome\user data\Default\Cache\f_000910 (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\flvblaster (1).exe (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\flvblaster (2).exe (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\flvblaster (3).exe (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\flvblaster.exe (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\retrogamer.exe (Adware.FunWeb) -> No action taken.
c:\Users\user\downloads\xvidsetup (1).exe (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\xvidsetup.exe (Adware.Hotbar) -> No action taken.
c:\Users\user\downloads\yontooclientsetup.exe (Adware.Agent) -> No action taken.
c:\program files (x86)\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mp3tube toolbar\ShowMsg.exe (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mp3tube toolbar\uninstall.exe (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome.manifest (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\install.rdf (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\constants.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\convertvideo.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\convertvideodlg.xul (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\events.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\savetomp3popup.xul (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\tbcore.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\toolbar.xul (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\weather.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\weatherloc.js (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\content\weatherloc.xul (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\arrow-grey.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\arrow_partner.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\arrow_small.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\bg.jpg (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\feeditem.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\logo.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\news_refresh.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\popupsearchmp3.css (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\popupwindow.css (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\savemp3_bg_hover.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\savemp3_bg_normal.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\savetomp3popup.css (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\Thumbs.db (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\toolbar.css (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\arrow.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\arrow_big.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\btn_close.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\dailyhotdeals.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\divider.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\facebook.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\games.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\icon-RSS.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\news.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\plainbutton.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3popup-musicicon.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3popup.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3_disabled.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\saveyoutubevideos.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\screensaver.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\search.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\searchbar-grey-250.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\searchbox.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\separator_line.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\shopping.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\Thumbs.db (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\watermark.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\youtube.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_rain.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_snow.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_storm.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_tstorm.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\cloudy.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\flurries.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\hazy.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\mist.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\mostly_cloudy.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\mostly_sunny.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\rain.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\sleet.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\snow.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\storm.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\sunny.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\Thumbs.db (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\thunderstorm.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\weatherbug.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\[email protected]\chrome\skin\weather\windy.png (Adware.Mp3Tube) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\install.rdf (Adware.QuestScan) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome\questscan.jar (Adware.QuestScan) -> No action taken.
c:\program files (x86)\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> No action taken.
 
Last edited:
I've heard of this happening a few times. I have never experienced it myself though.

If running vista or 7 try this. Right click on hijackthis and click on run as admin. If the option doesn't appear then press and hold the shift key while right clicking on hijackthis to get the option to appear. See if you are able to save the log.

However, on the malwarebytes log did you click on remove selected to have malwarebytes delete those infections?
 
it doesnt have a option of run as admin. Im on Win 7 64 bit.
2.jpg
 
Then press and hold the shift key while right clicking on hijackthis. The option will appear.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:18 PM, on 5/14/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton AntiVirus\Engine\19.0.0.110\ccSvcHst.exe
C:\Program Files (x86)\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe
C:\Program Files (x86)\OOo-dev 3\program\soffice.exe
C:\Program Files (x86)\OOo-dev 3\program\soffice.bin
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mp3tubetoolbar.com/?tmp=tool...our04ie&clid=7fcbef39b21d41989a170aefe63c143b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Norton IPS 2.0 - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.0.0.110\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O3 - Toolbar: Mp3Tube Toolbar - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL" (file missing)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe"
O4 - HKCU\..\Run: [California Fonts Loader] "C:\Program Files (x86)\California Font Manager\CaliforniaFonts.exe" /scanfolder
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OOo-dev 3.4.lnk = C:\Program Files (x86)\OOo-dev 3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.0.0.110\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11625 bytes
 
As long as you clicked on remove selected in malwarebytes then all you need to do is have hijackthis fix these entries.

Place checks next to the following entries.

R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Mp3Tube Toolbar - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL" (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

Then click on fix checked. You only had adware infections nothing major but still could cause issues.
 
Yeah, it should be good. Providing you had malwarebytes remove those infections. :) Cause it said "no action taken"
 
I've never seen malwarebytes find an entry that wasn't an infection. You can trust malwarebytes 100 percent to remove only infections.
 
You must log in or register to reply here.
Back
Top