Jump to content

Windows PC Defender


Recommended Posts

http://www.malwarebytes.org/forums/index.php?showtopic=27851

Following the instructions from above thread please see below for logs from Malwarebytes and Hijack. Would really appreciate any assistance.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:50:14 PM, on 15/10/2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Dfssvc.exe

C:\WINDOWS\System32\dns.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\ismserv.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ntfrs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\wins.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\bin\Apache.exe

C:\Program Files\McAfee\ePolicy Orchestrator\EventParser.exe

C:\PROGRA~1\McAfee\EPOLIC~1\Apache2\bin\rotatelogs.exe

C:\Program Files\McAfee\ePolicy Orchestrator\Apache2\bin\Apache.exe

C:\PROGRA~1\McAfee\EPOLIC~1\Server\bin\tomcat5.exe

C:\Program Files\McAfee\ePolicy Orchestrator\srvmon.exe

C:\PROGRA~1\McAfee\EPOLIC~1\Apache2\bin\rotatelogs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Documents and Settings\All Users\Application Data\98fd2aa\WP98fd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://203.111.95.212

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://203.111.95.212

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://203.111.95.212

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

and also see attached file for malwarebytes (too long)

mbam_log_2009_10_15__13_16_19_.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.