Jump to content

QWERTYWI

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:56:43 PM, on 10/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\USB Safely Remove\USBSRService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Gizmo\gservice.exe C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\IObit\IObit Security 360\IS360tray.exe C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\volumouse\volumouse.exe C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\powerclick\PowerClick.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\CoreTemp32\Core Temp.exe C:\Program Files\USB Safely Remove\USBSafelyRemove.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Gizmo\gizmo.exe C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe C:\Program Files\X1\X1Systray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\IObit\IObit Security 360\is360.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Defraggler\Defraggler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKCU\..\Run: [$Volumouse$] "C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\volumouse\volumouse.exe" /nodlg O4 - HKCU\..\Run: [PowerClick] "C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\powerclick\PowerClick.exe" O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\CoreTemp32\Core Temp.exe" O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images O4 - S-1-5-18 Startup: Shortcut to KnockOut.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Update Notifier.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Shortcut to KnockOut.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe (User 'Default user') O4 - .DEFAULT Startup: Update Notifier.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe (User 'Default user') O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'Default user') O4 - Startup: Shortcut to KnockOut.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe O4 - Startup: Update Notifier.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe O4 - Global Startup: Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228848761578 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sologig.webex.com/client/T26L/sales/ieatgpc.cab O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} (Accurad Image Control) - file:///E:/viewer/accuradimage.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agcompanies.employs.com O17 - HKLM\Software\..\Telephony: DomainName = agcompanies.employs.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agcompanies.employs.com O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe -- End of file - 11267 bytes
  2. I am still having issues, to the point where I had to uninstall Malwarebytes and install a competitor's product IOBit Security 360... Plus I did manual scans with SuperAntiSpyware, and a full scan with Avira and also ESET online... NOTHING comes up... I have attached my Hijack This log file.... Anybody have any ideas if I am infected or is it just a Malwarebytes BUG? Thanks!!!
  3. Sounds good... and this error/bug/fp could be causing the service crash too? Thanks for your help!!!
  4. Within the last 24 hours I have been really terrible issue that has forced me to uninstall Malwarebytes... Upon powerup of the computer Malwarebytes memory resident protection says it found a few files (namely misc.exe accicons.exe xlicons.exe and inficon.exe that were infected). THEN I get the same error as others that the service was terminated and my system completely locks tight. I have to hard power down and had to reboot, and uninstall the software. I have already uploaded the files in question to virustotal and they are all completely clean... Also an on-demand scan of my computer (full scan) comes up with NOTHING. Nothing has really changed in the last 24 hours with my computer. I really like the software but have been forced to uninstall it. If needed I can run EITHER Hijackthis or COMBOFIX and post the results. I just really want my Malwarebytes back Thanks!
  5. I HAD (months ago) SUPER installed, but have removed it almost 4 months ago... These files just showed up as malware by MBAM within the last 24-36 hours... Scanned them at VirusTotal.com and they appear to be relatively clean. So now I don't know if I should just Quarantine and be safe or wait... Scanned my system with a-squared, SuperAntiSpyWare, and Avira and none of them found these files to be hazardous. =================================================== Malwarebytes' Anti-Malware 1.37 Database version: 2263 Windows 5.1.2600 Service Pack 3 6/11/2009 3:06:53 PM mbam-log-2009-06-11 (15-06-50).txt Scan type: Quick Scan Objects scanned: 111840 Time elapsed: 2 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\MOTA113.exe (Trojan.Agent) -> No action taken. c:\WINDOWS\meta4.exe (Trojan.Agent) -> No action taken. ===================================================
  6. I looked at my registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoCDBurning"=dword:00000000 "NoResolveTrack"=dword:00000000 "NoPropertiesMyComputer"=dword:00000000 "NoViewContextMenu"=dword:00000000 "NoFileAssociate"=dword:00000000 "NoFind"=dword:00000000 "NoRun"=dword:00000000 "NoClose"=dword:00000000 "StartMenuLogoff"=dword:00000000 "NoSMHelp"=dword:00000000 "HonorAutoRunSetting"=dword:00000001 The NoPropertiesMyComputer is set for 0 so I CAN view the MYComputer Properties... When I change it to 1 I can longer view them. Shouldn't Malwarebytes detect it if it is set to 1 and not 0? For me it detected it as listed above. Thanks!
  7. But I can currently right-click on the MY COMPUTER icon and bring up the properties just fine now... So that is how it should be, right?
  8. I run a scan daily and this just showed up in my system... It appears that it just showed up based on the signature file update and online (first occurrence on Malwarebytes was 4/28) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer (Disable.MCProperties) -> No action taken. is this a false positive, or do I just IGNORE? Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.