1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

defender.exe malware

Discussion in 'Virus & Other Malware Removal' started by afb, Dec 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. afb

    afb Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    3
    Greetings helpful people!

    I've read through numerous threads with people in similar situations, and I've taken some actions, but I want to be sure that I'm through with this pest...

    This morning I was innocently computing (isn't that always how it starts?) when somehow or other a program installed itself on my computer and kept telling me I had trojans and such. It also wouldn't let me open any AV programs, or even Task Manager. (Btw I'm running Windows Vista SP2 on an HP Pavillion dv6000 laptop.)

    In the start menu it was called 'Malware Protection' or some such thing, with an icon of the familiar four-colour shield thing from windows, which also showed up on the taskbar. The exe I found in C:/Users/[...]/AppData/Roaming/, called defender.exe.

    I shut down, booted into safe mode, renamed the defender.exe file to defender1.exe, then deleted some other files that had been created at the very same time with cryptic alphanumeric names (possibly foolish, I know, but I was annoyed). I ran a full scan with AVG (free version) and found nothing.

    Then I rebooted in normal mode, and everything seemed back to normal. Then, following advice from this site, downloaded malwarebytes and ran a quick scan, which found 34 infections, one of them being the defender1 file, the rest being associated with something called 'MyWebSearch', which I thought I had gotten rid of about a year ago. I saved the log.
    Then I downloaded the latest HJT (v2.0.4) and ran that. Here is the log from that:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:53:16, on 18/12/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

    = http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

    LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

    =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

    =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-

    A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet

    Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-

    4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no

    file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

    D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

    5164760863C6} - C:\Program Files\Common Files\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

    9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

    Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program

    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program

    Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick

    Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program

    Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6

    \bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP

    Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

    Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Spyware Protection]

    C:\Users\Andrew\AppData\Roaming\defender.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

    Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

    oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

    Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

    Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

    C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

    - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}

    - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -

    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32

    \browseui.dll
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program

    Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc)

    - Unknown owner - C:\Program

    Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown

    owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. -

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program

    Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

    \Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service

    (LightScribeService) - Hewlett-Packard Company - C:\Program

    Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program

    Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program

    Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. -

    C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6940 bytes



    Have I done the right thing? Is it gone? and, since you're looking, do you see any other problems??

    Thanks very much in advance!

    afb
     
  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.

    Make sure notepad doesn't have word wrap enabled.

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds file to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
     
  3. afb

    afb Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    3
    No problem about the delay.
    Things have been running smoothly as far as I can tell, I just wanted to be sure that there aren't any lingering traces, or other issues.

    Here are the contents of the DDS file:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Andrew at 10:59:17.26 on 29/12/2010
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.203 [GMT -5:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Andrew\Desktop\dds.com
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\lhbanyzs.default\
    FF - prefs.js: browser.startup.homepage - about.blank
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - plugin: c:\users\andrew\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-11 42392]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-11 335240]
    R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2008-3-6 27784]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-30 297752]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\Rdwm1046.sys [2009-3-21 139008]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2010-4-7 23288]
    S4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

    =============== Created Last 30 ================

    2010-12-28 20:32:56 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b3d58a28-15d3-4852-9afd-3395e30f82cb}\mpengine.dll
    2010-12-28 17:13:30 -------- d-----w- C:\Intel
    2010-12-18 22:28:56 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-18 22:28:56 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-18 22:28:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-18 22:28:56 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-18 22:28:56 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-18 22:28:53 81920 ----a-w- c:\windows\system32\consent.exe
    2010-12-18 20:46:48 388096 ----a-r- c:\users\andrew\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-18 20:46:47 -------- d-----w- c:\program files\Trend Micro
    2010-12-18 20:23:54 -------- d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
    2010-12-18 20:23:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-18 20:23:42 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-18 20:23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-18 20:23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-13 03:07:38 -------- d-----w- c:\program files\Bethesda Softworks
    2010-12-08 17:05:44 -------- d-----w- c:\windows\pss
    2010-12-05 21:35:45 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-12-05 21:35:45 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-12-05 21:34:33 -------- d-----w- c:\program files\iTunes
    2010-12-05 21:34:33 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-12-05 21:26:10 -------- d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 11:06:28.01 ===============


    And a zip of the 'Attach.txt':


    Thanks!

    afb
     

    Attached Files:

  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
  5. afb

    afb Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    3
    Hello again,

    Thanks Blade81, I needed an expert's opinion.
    I ran PSI and updated a few of the things that it suggested.

    Your help has been much appreciated, so again - thank you!

    afb

    ps - do I mark this as 'closed/solved', or will you do that?
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    You're welcome :)

    Both can do it (I marked it as 'solved' now).
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969260

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice