kmorschauser Posted March 17, 2009 ID:65148 Share Posted March 17, 2009 Downloaded OK, but won't launch. Here is my log. Any ideas?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:28:10 AM, on 3/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Apple\iPhone Configuration Web Utility\ruby\bin\ruby.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\ScanSoft\PaperPort\PPScheduler.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\ntvdm.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.travelers.comO15 - Trusted Zone: http://*.travelerspc.comO15 - Trusted Zone: http://*.travelers.com (HKLM)O15 - Trusted Zone: http://*.travelerspc.com (HKLM)O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - http://aqs.capitolindemnity.com/system/cab/sstree.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124482833233O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://aqs.capitolindemnity.com/system/CAB/iemenu.cabO16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Edit Control) - http://aqs.capitolindemnity.com/System/CAB/pvdatecal.cabO16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://agents.generalcasualty.com/ddrint/work/iedpwenu.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ademino.localO17 - HKLM\Software\..\Telephony: DomainName = ademino.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ademino.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ademino.localO23 - Service: Apple iPhone Configuration Web Utility - Apple, Inc. - C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeO23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeO24 - Desktop Component 1: (no name) - https://www.wbconnect.com/MYWBC/App_Themes/.../logo_login.gif--End of file - 9119 bytes Link to post Share on other sites More sharing options...
Staff miekiemoes Posted March 20, 2009 Staff ID:66127 Share Posted March 20, 2009 Hi,Please read the following tutorial and perform the steps:http://www.malwarebytes.org/forums/index.php?showtopic=12709Then you should be able to run MBAM afterwards. Also, make sure you update MBAM (Update tab > check for updates), before you run the scan.Then, once the scan has finished, reboot!After reboot,Post the log from MBAM in your next reply. Link to post Share on other sites More sharing options...
kmorschauser Posted March 20, 2009 Author ID:66129 Share Posted March 20, 2009 Hi,Please read the following tutorial and perform the steps:http://www.malwarebytes.org/forums/index.php?showtopic=12709Then you should be able to run MBAM afterwards. Also, make sure you update MBAM (Update tab > check for updates), before you run the scan.Then, once the scan has finished, reboot!After reboot,Post the log from MBAM in your next reply.Thanks I did find this link later the same day and it did work. Thanks again. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted March 20, 2009 Staff ID:66134 Share Posted March 20, 2009 Hi,Can you also post the logs as requested? This is really important, because 1 leftover may cause a reinfection.So post the log from an UP TO DATE Mbam and a new HijackThislog (without spaces between the lines) Link to post Share on other sites More sharing options...
Staff miekiemoes Posted March 27, 2009 Staff ID:67960 Share Posted March 27, 2009 Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.Everyone else please begin a New Topic. Link to post Share on other sites More sharing options...
Recommended Posts