Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:28:21 PM, on 3/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Conversions Plus\FormatM.exe C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Notes\ntmulti.exe C:\PROGRA~1\Marimba\CASTAN~1\lib\jre\bin\java.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Upromise_Remind_U\UpromiseRemindU.exe C:\Program Files\Adobe\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\DNA\btdna.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Upromise_Remind_U\u11050.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O23 - Service: MacFormatService - DataViz Inc. - C:\Program Files\Conversions Plus\FormatM.exe O23 - Service: MarimbaClient - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 2393 bytes
Hey baddassb, Please read the entire instructions before commencing and ask any questions you may have before you proceed to follow the instructions. Please also print a copy so that you can read it without connecting to the net. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** [*]If you are using Firefox, make sure that your download settings are as follows: [*]Tools->Options->Main tab [*]Set to "Always ask me where to Save the files". [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- [*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- [*]Close any open browsers. [*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts [*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. [*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combo-Fix.exe & follow the prompts. [*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review. **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Go! ~Ltangel~
combofix will not download? any suggestions, I have PC cillin and Reg Cure on my PC, OH yeah, I have the MicroAv problem I am trying to remove
Task manager disabled.. that's a sign of a win32-p@rite variant.. do a search for h*de.exe.. then boot to dos and navigate to the location. Delete hide.exe (or it's variant h?de.exe) and all it's subfolders, then things should download and run in a more normal manner. Currently the hidden apache and ftp processes have control of your network connection.
Hi caudjs Hope you can benefit from this page: http://forums.afterdawn.com/thread_view.cfm/700486 Best Regards
