Jump to content

Recommended Posts

Within the last 24 hours I have been really terrible issue that has forced me to uninstall Malwarebytes... Upon powerup of the computer Malwarebytes memory resident protection says it found a few files (namely misc.exe accicons.exe xlicons.exe and inficon.exe that were infected). THEN I get the same error as others that the service was terminated and my system completely locks tight.

I have to hard power down and had to reboot, and uninstall the software. I have already uploaded the files in question to virustotal and they are all completely clean... Also an on-demand scan of my computer (full scan) comes up with NOTHING.

Nothing has really changed in the last 24 hours with my computer. I really like the software but have been forced to uninstall it. If needed I can run EITHER Hijackthis or COMBOFIX and post the results. I just really want my Malwarebytes back :)

Thanks!

Link to post
Share on other sites

Greetings :)

There are others having the same issue at the moment and the developers are looking into it. Several topics in the False Positives area of the forum have been created by users with this issue including this one which sounds very similar to your own. According to one poster there those files are related to Microsoft Office so they should be safe.

I'm sure the developers are working diligently to resolve the problem so that the protection module will function correctly again.

Link to post
Share on other sites

Sounds good... and this error/bug/fp could be causing the service crash too? Thanks for your help!!!

Greetings :)

There are others having the same issue at the moment and the developers are looking into it. Several topics in the False Positives area of the forum have been created by users with this issue including this one which sounds very similar to your own. According to one poster there those files are related to Microsoft Office so they should be safe.

I'm sure the developers are working diligently to resolve the problem so that the protection module will function correctly again.

Link to post
Share on other sites

I am still having issues, to the point where I had to uninstall Malwarebytes and install a competitor's product IOBit Security 360... Plus I did manual scans with SuperAntiSpyware, and a full scan with Avira and also ESET online... NOTHING comes up... I have attached my Hijack This log file....

Anybody have any ideas if I am infected or is it just a Malwarebytes BUG? Thanks!!! <_<

Most likely, yes, since it's hitting on multiple files at once, but only the developers can determin that for certain.
Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:56:43 PM, on 10/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\USB Safely Remove\USBSRService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Gizmo\gservice.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\volumouse\volumouse.exe

C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\powerclick\PowerClick.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\CoreTemp32\Core Temp.exe

C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Gizmo\gizmo.exe

C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe

C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe

C:\Program Files\X1\X1Systray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Defraggler\Defraggler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKCU\..\Run: [$Volumouse$] "C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\volumouse\volumouse.exe" /nodlg

O4 - HKCU\..\Run: [PowerClick] "C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\powerclick\PowerClick.exe"

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [Core Temp] "C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\CoreTemp32\Core Temp.exe"

O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images

O4 - S-1-5-18 Startup: Shortcut to KnockOut.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Update Notifier.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Shortcut to KnockOut.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe (User 'Default user')

O4 - .DEFAULT Startup: Update Notifier.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe (User 'Default user')

O4 - .DEFAULT Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe (User 'Default user')

O4 - Startup: Shortcut to KnockOut.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\KnockOut-1.3\KnockOut.exe

O4 - Startup: Update Notifier.lnk = C:\Documents and Settings\fredw.AGCOMPANIES\Desktop\updatenotifier.exe

O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe

O4 - Global Startup: Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228848761578

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sologig.webex.com/client/T26L/sales/ieatgpc.cab

O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} (Accurad Image Control) - file:///E:/viewer/accuradimage.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agcompanies.employs.com

O17 - HKLM\Software\..\Telephony: DomainName = agcompanies.employs.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agcompanies.employs.com

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe

O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe

--

End of file - 11267 bytes

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.