malware and XP antivirus back [RESOLVED], won't run mbam runtime error 372 |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  Oct 21 2008, 11:48 AM
Post
#1
|
|
|
Member  Posts: 62 From: 55122 OS: XP  |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34, on 2008-10-21 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.3929.cn?tn=102720 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1292428093-1897051121-839522115-1139\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - S-1-5-21-1292428093-1897051121-839522115-1139 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: Linked&In Search - res://C:\Program Files\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://northstar.mlxchange.com/Control/Mul...ectComboBox.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210023468740 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149539437250 O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://northstar.mlxchange.com/Control/MLXClientUtils.cab O16 - DPF: {CBC78A67-D721-4644-9B44-DC93CB131549} - https://bos-uc2.unyte.net/components/WDATL81.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eagan2357.com O17 - HKLM\Software\..\Telephony: DomainName = eagan2357.com O17 - HKLM\System\CCS\Services\Tcpip\..\{18B0CF88-3064-4E6F-B6DF-F66A872F1940}: NameServer = 10.2.239.1 O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wired AutoConfig (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Extensible Authentication Protocol Service (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Health Key and Certificate Management Service (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Messenger - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Network Access Protection Agent (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote - Unknown owner - C:\WINDOWS\system32\dxdicg.exe O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) -- End of file - 10782 bytes |
 |
 
|
 |
Replies
|
Oct 24 2008, 04:07 AM
Post
#2
|
|
 GeekU Moderator  Posts: 22,800 From: Darkest Cornwall OS: Vista Ultimate & Windows 7 |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
Posts in this topic
rjhorn malware and XP antivirus back [RESOLVED] Oct 21 2008, 11:48 AM
Essexboy Hi there I notice you do not have an Antivirus, to... Oct 21 2008, 11:56 AM rjhorn Logfile of Trend Micro HijackThis v2.0.2
Scan save... Oct 21 2008, 02:00 PM rjhorn I ran the anitvirus too but I didn't see the p... Oct 21 2008, 02:01 PM Essexboy OK no problems, on you next post could you post th... Oct 21 2008, 02:06 PM rjhorn RE: malware and XP antivirus back [RESOLVED] Oct 21 2008, 02:27 PM rjhorn RE: malware and XP antivirus back [RESOLVED] Oct 21 2008, 02:34 PM Essexboy Not a great deal there, but the one thing that con... Oct 21 2008, 02:37 PM rjhorn ...won't allow me to cut and paste Oct 21 2008, 02:47 PM Essexboy Can you run MBAM and can you find svchost.exe Oct 21 2008, 02:51 PM rjhorn I can't cut and paste your fix...I just tried ... Oct 21 2008, 03:07 PM Essexboy Can you highlight the fix and press control+c and ... Oct 21 2008, 03:11 PM rjhorn I will try that... my typed version didn't run Oct 21 2008, 03:12 PM rjhorn ...still no luck Oct 21 2008, 03:14 PM Essexboy Do you have your windows cd as I would like to che... Oct 21 2008, 03:17 PM rjhorn I have a windows XP disk.
I am doing this in Mozi... Oct 21 2008, 03:26 PM Essexboy Ok lets check the state of your windows files
Fr... Oct 21 2008, 03:30 PM rjhorn ...taking along time Oct 21 2008, 03:39 PM Essexboy It will do as it verifies the integrity of your wi... Oct 21 2008, 03:43 PM rjhorn the scan completed but it just back to the desktop... Oct 22 2008, 07:29 AM Essexboy OK this does not appear too promising I will ask y... Oct 22 2008, 07:44 AM rjhorn ComboFix 08-10-21.04 - aedesk17 2008-10-22 9:12:2... Oct 22 2008, 09:12 AM Essexboy Hi I am afraid that confirmed my diagnosis of no m... Oct 22 2008, 09:43 AM rjhorn doing the repair now Oct 22 2008, 10:19 AM rjhorn I did the repair and now the anitvirus keeps telli... Oct 22 2008, 11:20 AM Essexboy OK could you now run OTScanit again. I would like... Oct 22 2008, 11:29 AM rjhorn okay, I am running the antimalware program right n... Oct 22 2008, 11:33 AM Essexboy Are things running better now ? with regards to MB... Oct 22 2008, 11:36 AM rjhorn Well the malware program ran but I am getting a lo... Oct 22 2008, 11:50 AM Essexboy OK I can now see more
Start OTScanit. Copy/Paste... Oct 22 2008, 12:02 PM rjhorn will do MBAM will run now and I ran it twice in th... Oct 22 2008, 12:07 PM Essexboy Don't forget the OTScanit fix Oct 22 2008, 12:10 PM rjhorn that fix just hangs although I can copy and paste ... Oct 22 2008, 12:25 PM Essexboy Continue with MBAM and I will reformat the fix
[... Oct 22 2008, 12:32 PM rjhorn Malwarebytes' Anti-Malware 1.29
Database versi... Oct 22 2008, 12:38 PM Essexboy Please download the OTMoveIt3 by OldTimer.
Save i... Oct 22 2008, 12:38 PM rjhorn downloaded the program, ran it and moved it but th... Oct 22 2008, 12:52 PM Essexboy Could you retry and if it hangs again I will refor... Oct 22 2008, 02:00 PM rjhorn I tired it three times...running a full ssytem sca... Oct 22 2008, 02:02 PM Essexboy No there is no need for the AV to be turned off.
... Oct 22 2008, 02:10 PM rjhorn yeah i did a boot scan with Avast
I am installing... Oct 22 2008, 02:19 PM Essexboy This is my strongest programme after you have fini... Oct 22 2008, 02:22 PM rjhorn Logfile of Trend Micro HijackThis v2.0.2
Scan save... Oct 22 2008, 02:39 PM Essexboy How is it running now ? Oct 22 2008, 02:45 PM rjhorn seems...okay...no virus warnings...still installin... Oct 22 2008, 02:48 PM Essexboy In that case it appears that OTMoveit did the tric... Oct 22 2008, 02:53 PM rjhorn okay...will give it a try Oct 22 2008, 02:56 PM rjhorn Looks like everything is working okay now...will t... Oct 22 2008, 03:31 PM Essexboy Lets put it this way - it's the one I use
... Oct 22 2008, 03:49 PM
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
17 / 1,477 | 2nd January 2008 - 08:15 AM Yhe1 started - last by Rorschach112 |
|||||
 |
8 / 764 | 19th July 2008 - 09:26 PM Number22Drew started - last by loophole |
|||||
|
12 / 610 | 9th September 2008 - 03:47 AM jschepers started - last by fenzodahl512 |
|||||
|
11 / 539 | 19th September 2008 - 11:55 AM Greg12 started - last by Essexboy |
|||||
|
Time is now: 12th March 2010 - 12:37 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising