[Closed] Multiple adware on Son's system

By glhglh
Oct 16, 2011
Topic Status:
Not open for further replies.
  1. an 18 year old is always going where he should not.

    mbam log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7955

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    10/15/2011 4:25:48 PM
    mbam-log-2011-10-15 (16-25-25).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 269750
    Time elapsed: 1 hour(s), 18 minute(s), 8 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 12
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 16

    Memory Processes Infected:
    c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> 452 -> No action taken.
    c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> 4928 -> No action taken.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mp3Tube Toolbar Service (Adware.Mp3Tube) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar (PUP.Zugo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\FREEZEFROGSA (Adware.FreezeFrog) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FREEzeFrogSA (Adware.FreezeFrog) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar (Adware.Mp3Tube) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HOMEPAGE PROTECTION SERVICE (Adware.Mp3Tube) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> No action taken.
    HKEY_CURRENT_USER\Software\freezefrogsa\actionurl_current_version (Adware.FreezeFrog) -> Value: actionurl_current_version -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FREEzeFrogSA (Adware.FreezeFrog) -> Value: FREEzeFrogSA -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service\UninstallString (Adware.Mp3Tube) -> Value: UninstallString -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
    c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> No action taken.
    c:\programdata\freezefrogsa (Adware.FreezeFrog) -> No action taken.
    c:\program files\freezefrog\bin\2.0.15.0 (Adware.FreezeFrog) -> No action taken.

    Files Infected:
    c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> No action taken.
    c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> No action taken.
    c:\program files\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> No action taken.
    c:\program files\mp3tube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> No action taken.
    c:\program files\questscan\questscan.exe (Adware.Agent.Gen) -> No action taken.
    c:\program files\startnow toolbar\startnowtoolbaruninstall.exe (PUP.Zugo) -> No action taken.
    c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> No action taken.
    c:\program files\mp3tube toolbar\ShowMsg.exe (Adware.Mp3Tube) -> No action taken.
    c:\program files\mp3tube toolbar\uninstall.exe (Adware.Mp3Tube) -> No action taken.
    c:\programdata\freezefrogsa\freezefrogsa.dat (Adware.FreezeFrog) -> No action taken.
    c:\programdata\freezefrogsa\freezefrogsaau.dat (Adware.FreezeFrog) -> No action taken.
    c:\programdata\freezefrogsa\freezefrogsa_kyf.dat (Adware.FreezeFrog) -> No action taken.
    c:\program files\freezefrog\bin\2.0.15.0\copyright.txt (Adware.FreezeFrog) -> No action taken.
    c:\program files\freezefrog\bin\2.0.15.0\freezefrogsacb.exe (Adware.FreezeFrog) -> No action taken.
    c:\program files\freezefrog\bin\2.0.15.0\freezefrogsahook.dll (Adware.FreezeFrog) -> No action taken.
    c:\program files\freezefrog\bin\2.0.15.0\freezefroguninstaller.exe (Adware.FreezeFrog) -> No action taken.


    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-15 18:20:28
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1665GSX rev.GJ002D
    Running: v9hxckes.exe; Driver: C:\Users\Benjamin\AppData\Local\Temp\pwldqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 93EF31F0 ZwAlertResumeThread
    SSDT 93EF3478 ZwAlertThread
    SSDT 93F246C0 ZwAllocateVirtualMemory
    SSDT 87AB58F0 ZwAlpcConnectPort
    SSDT 94317710 ZwAssignProcessToJobObject
    SSDT 94317620 ZwCreateMutant
    SSDT 93EF33C8 ZwCreateSymbolicLinkObject
    SSDT 93F02A98 ZwCreateThread
    SSDT 94360B78 ZwDebugActiveProcess
    SSDT 93F24890 ZwDuplicateObject
    SSDT 93F244E0 ZwFreeVirtualMemory
    SSDT 94317960 ZwImpersonateAnonymousToken
    SSDT 94317D08 ZwImpersonateThread
    SSDT 87AB5878 ZwLoadDriver
    SSDT 93F243E0 ZwMapViewOfSection
    SSDT 943173D8 ZwOpenEvent
    SSDT 93F02960 ZwOpenProcess
    SSDT 93F247B0 ZwOpenProcessToken
    SSDT 94317218 ZwOpenSection
    SSDT 93F02870 ZwOpenThread
    SSDT 943178B0 ZwProtectVirtualMemory
    SSDT 93EF3820 ZwResumeThread
    SSDT 93F24130 ZwSetContextThread
    SSDT 93F24210 ZwSetInformationProcess
    SSDT 943170D0 ZwSetSystemInformation
    SSDT 943172F8 ZwSuspendProcess
    SSDT 93EF3D08 ZwSuspendThread
    SSDT 93F02B78 ZwTerminateProcess
    SSDT 93F24050 ZwTerminateThread
    SSDT 93F24300 ZwUnmapViewOfSection
    SSDT 93F245D0 ZwWriteVirtualMemory
    SSDT 943175C8 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 81CAF8A0 8 Bytes [F0, 31, EF, 93, 78, 34, EF, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 81CAF8B4 4 Bytes [C0, 46, F2, 93] {ROL BYTE [ESI-0xe], 0x93}
    .text ntkrnlpa.exe!KeSetEvent + 13D 81CAF8C0 4 Bytes [F0, 58, AB, 87]
    .text ntkrnlpa.exe!KeSetEvent + 191 81CAF914 4 Bytes CALL B342099A
    .text ntkrnlpa.exe!KeSetEvent + 1F5 81CAF978 4 Bytes [20, 76, 31, 94] {AND [ESI+0x31], DH; XCHG ESP, EAX}
    .text ...
    ? System32\drivers\fnwuvhcd.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CE05340, 0x28B977, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[160] USER32.dll!EndPaint 772BA28F 5 Bytes JMP 104A7D10 C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
    .text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[160] USER32.dll!BeginPaint 772BA2A3 5 Bytes JMP 104A7CA0 C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74227817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7427A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7422BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7421F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7421E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74258395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7422DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7421FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7421FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7424C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7421D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74216853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7421687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74222AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    Attach Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/30/2011 3:32:53 PM
    System Uptime: 10/15/2011 5:22:40 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 89.663 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP149: 10/4/2011 9:46:35 AM - Device Driver Package Install: Xerox Printers
    RP150: 10/8/2011 5:38:31 AM - Scheduled Checkpoint
    RP151: 10/9/2011 2:54:50 AM - Scheduled Checkpoint
    RP152: 10/10/2011 5:51:34 AM - Scheduled Checkpoint
    RP153: 10/11/2011 12:00:09 AM - Scheduled Checkpoint
    RP154: 10/12/2011 12:00:04 AM - Scheduled Checkpoint
    RP155: 10/13/2011 7:14:47 AM - Scheduled Checkpoint
    RP156: 10/14/2011 2:00:26 AM - Scheduled Checkpoint
    RP157: 10/14/2011 3:00:28 AM - Windows Update
    RP158: 10/15/2011 5:30:54 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Amazon Kindle
    BFlix Toolbar
    Crossrider Web Apps
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IspAssistant-Mp3Tube
    Java Auto Updater
    Java(TM) 6 Update 26
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Mozilla Firefox 6.0.2 (x86 en-US)
    RuneScape Launcher 1.0.4
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SwiftKit
    Symantec Endpoint Protection
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Veoh Giraffic Video Accelerator
    Veoh Web Player
    VLC media player 1.0.1
    Xerox Support Centre
    Xvid Video Codec
    Yontoo Layers Runtime 1.10.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2011 6:39:30 PM, Error: EventLog [6008] - The previous system shutdown at 6:33:53 PM on 10/9/2011 was unexpected.
    10/15/2011 5:30:40 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\hedrick.local\sysvol\hedrick.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
    10/15/2011 5:30:36 PM, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
    10/15/2011 5:23:59 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    10/15/2011 5:23:34 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain HEDRICK due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    10/15/2011 4:26:45 PM, Error: Service Control Manager [7034] - The Mp3Tube Toolbar Updater Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================

    DSS Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/1/2011 6:52:25 PM
    System Uptime: 10/15/2011 12:46:48 PM (2 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Phenom(tm) II X4 830 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 919 GiB total, 741.801 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.585 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is FIXED (NTFS) - 466 GiB total, 75.073 GiB free.
    J: is Removable
    M: is NetworkDisk (NTFS) - 466 GiB total, 119.012 GiB free.
    N: is Removable
    S: is NetworkDisk (NTFS) - 466 GiB total, 119.012 GiB free.
    Y: is NetworkDisk (NTFS) - 466 GiB total, 119.012 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C6100 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C6100 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 7300 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Officejet 7300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP105: 9/28/2011 11:52:01 AM - Windows Update
    RP106: 10/6/2011 12:05:19 AM - Scheduled Checkpoint
    RP107: 10/13/2011 5:56:10 PM - Scheduled Checkpoint
    RP108: 10/14/2011 10:03:56 AM - Windows Update
    RP109: 10/14/2011 10:38:44 AM - Removed Java 2 Runtime Environment, SE v1.4.1_07
    RP110: 10/14/2011 11:05:00 AM - Installed Java(TM) 6 Update 27
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7300
    7300_Help
    7300Trb
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Agatha Christie - Peril at End House
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Amazon Kindle
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Blio
    BookHound 7ce 7.09
    Bounce Symphony
    BufferChm
    Build-a-lot 2
    C6100
    c6100_Help
    Cake Mania
    CarMD
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Copy
    CyberLink DVD Suite Deluxe
    D3DX10
    Destinations
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    DocProc
    Dora's World Adventure
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    Family Tree Maker 2010
    Farm Frenzy
    FATE
    Fax
    Final Drive Nitro
    Google Chrome
    Google Earth Plug-in
    Google SketchUp 8
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    GPL Ghostscript 8.64
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    HydraVision
    InstaRate
    Java Auto Updater
    Java(TM) 6 Update 27
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kobo
    LabelPrint
    LightScribe System Software
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microlife BPA 3.2 English
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Suite 2006
    Microsoft Digital Image Suite 2006 Editor
    Microsoft Digital Image Suite 2006 Library
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Gadgets for Windows SideShow
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft WSE 3.0
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Mystery P.I. - The London Caper
    Norton Online Backup
    OLYMPUS CAMEDIA Master 4.1
    Online Hold'em Inspector 3.19d2
    PDF Complete Special Edition
    Penguins!
    PictureMover
    PixiePack Codec Pack
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    PokerTracker 3 (remove only)
    Polar Bowler
    Polar Golfer
    PostgreSQL 8.3
    PowerDirector
    PressReader
    QuickBooks
    QuickBooks Pro 2009
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Recovery Manager
    RoboForm 7-5-5 (All Users)
    Roxio BackOnTrack
    Roxio Burn
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2011
    Roxio PhotoShow
    Roxio Video Capture USB
    Scan
    ScanToPDF 4.1
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartFTP Client Setup Files 4.0 (x64) (remove only)
    SmartSound Common Data
    SmartSound Quicktracks 5
    SmartWebPrinting
    SolutionCenter
    Status
    SupportSoft Assisted Service
    SureThing CD Labeler Deluxe 5
    SureThing CD Labeler SE - Sonic
    TiVo Desktop 2.8.2
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2005 Tools for Office Second Edition Runtime
    WebReg
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/15/2011 12:48:56 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.
    10/15/2011 12:48:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    10/14/2011 10:54:22 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/14/2011 10:54:22 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    To clarify: this is for son's system. The other active thread Broni is helping you with is your system- is that correct?
    ===================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please give me some description of what is happening with his system. Then I will edit your first post and make the subject appropriate to the problem. Then I can look up to remind me as I help you. "My son's logs" don't tell me much except to verify that he's done what most 18 year olds do> gone some place he shouldn't.
    ==================================
    Please go back to Malwarebytes and update the program and rescan. This time, be sure to check this:
    There were many entries but all say 'No action taken.'
    ==========================================
    Please do that while I check the other logs. And add a description of problems.
    Do not use this program while I'm helping IspAssistant-Mp3Tube. It appears to be a rich source of adware
    ==================================
    After doing the above, you can go ahead with the following:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  3. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 398

    Yes this is my son's computer.

    This is my son's computer. the other one is mine. why i care about his is that he is on our home network, and as such can wreck my wife's and my computer.

    I will not be able to get to his till tomorrow morning, he is out now.

    thank you.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please note: I have changed the subject to: Multiple adware on Son's system

    This will not change your subscription to the thread.
    Untill you run Mbam again and remove those entries, we can't go on.

    What I had hope for was some description of what the system is doing-or not doing.

    I will review the logs when posted.
  5. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 398

    I rescanned, and there was nothing.

    I rescanned and there was nothing found. Please close the request.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Member did not want to continue and requested that thread be closed.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.