sceeter32 Posted October 24, 2009 Report Share Posted October 24, 2009 Hello all I just installed Win 7 Home 64bit on my laptop and just ran malawarebytes and it found this: Malwarebytes' Anti-Malware 1.41Database version: 3027Windows 6.1.760024/10/2009 2:02:06 PMmbam-log-2009-10-24 (14-02-06).txtScan type: Quick ScanObjects scanned: 80566Time elapsed: 2 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:09:42 PM, on 24/10/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Shaw Secure\Common\FSM32.EXEC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dllO3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Shaw Secure\NRS\iescript\baselitmus.dllO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Shaw Secure\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O13 - Gopher Prefix: O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Shaw Secure\FWES\Program\fsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXEO23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)--End of file - 6908 bytes Link to post Share on other sites
Extremeboy Posted October 24, 2009 Report Share Posted October 24, 2009 Hello and welcome to BT!There are not much tools that are 100% compatible with Windows 7 but there we haven't seen much major infections regarding Windows 7 as of now being so recent of its release. What Malwarebytes found was just simply a restriction that it changed back to default not really "malicious" so I wouldn't worry about it.However, if you really want to make sure it's clean we can. The HIjackthis log looks fine.~Extremeboy Link to post Share on other sites
sceeter32 Posted October 24, 2009 Author Report Share Posted October 24, 2009 Hello and welcome to BT!There are not much tools that are 100% compatible with Windows 7 but there we haven't seen much major infections regarding Windows 7 as of now being so recent of its release. What Malwarebytes found was just simply a restriction that it changed back to default not really "malicious" so I wouldn't worry about it.However, if you really want to make sure it's clean we can. The HIjackthis log looks fine.~ExtremeboyThanks Extremeboy for your help! I kinda figured that it wasn't a big thing to worry about, but thought I'd be safe anyways. Link to post Share on other sites
Extremeboy Posted October 25, 2009 Report Share Posted October 25, 2009 Yup. It's fine. Do you still wish to make sure your computer is clean to do a more thorough look of your system and do some scans?If not, then let me now and I'll close this topic. Link to post Share on other sites
sceeter32 Posted October 25, 2009 Author Report Share Posted October 25, 2009 Yup. It's fine. Do you still wish to make sure your computer is clean to do a more thorough look of your system and do some scans?If not, then let me now and I'll close this topic.Thats fine you can close this topicThanks again. Link to post Share on other sites
Extremeboy Posted October 25, 2009 Report Share Posted October 25, 2009 Okay.Thanks for letting me know. Good luck in the future!~Extremeboy Link to post Share on other sites
Extremeboy Posted October 25, 2009 Report Share Posted October 25, 2009 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts