# defender.exe malware



## afb (Dec 18, 2010)

Greetings helpful people!

I've read through numerous threads with people in similar situations, and I've taken some actions, but I want to be sure that I'm through with this pest...

This morning I was innocently computing (isn't that always how it starts?) when somehow or other a program installed itself on my computer and kept telling me I had trojans and such. It also wouldn't let me open any AV programs, or even Task Manager. (Btw I'm running Windows Vista SP2 on an HP Pavillion dv6000 laptop.)

In the start menu it was called 'Malware Protection' or some such thing, with an icon of the familiar four-colour shield thing from windows, which also showed up on the taskbar. The exe I found in C:/Users/[...]/AppData/Roaming/, called defender.exe.

I shut down, booted into safe mode, renamed the defender.exe file to defender1.exe, then deleted some other files that had been created at the very same time with cryptic alphanumeric names (possibly foolish, I know, but I was annoyed). I ran a full scan with AVG (free version) and found nothing.

Then I rebooted in normal mode, and everything seemed back to normal. Then, following advice from this site, downloaded malwarebytes and ran a quick scan, which found 34 infections, one of them being the defender1 file, the rest being associated with something called 'MyWebSearch', which I thought I had gotten rid of about a year ago. I saved the log.
Then I downloaded the latest HJT (v2.0.4) and ran that. Here is the log from that:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:16, on 18/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

= 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

= 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-

A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-

4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no

file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program

Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick

Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program

Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP

Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Spyware Protection]

C:\Users\Andrew\AppData\Roaming\defender.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}

- C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32

\browseui.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc)

- Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown

owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program

Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program

Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. -

C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6940 bytes

Have I done the right thing? Is it gone? and, since you're looking, do you see any other problems??

Thanks very much in advance!

afb


----------



## Blade81 (Oct 27, 2006)

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.

Make sure notepad doesn't have word wrap enabled.

Download DDS and save it to your desktop from *here* or *here* or *here*.
Disable any script blocker, and then double click *dds file *to run the tool. 
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop. Post them back to your topic.


----------



## afb (Dec 18, 2010)

No problem about the delay.
Things have been running smoothly as far as I can tell, I just wanted to be sure that there aren't any lingering traces, or other issues.

Here are the contents of the DDS file:

DDS (Ver_10-12-12.02) - NTFSx86 
Run by Andrew at 10:59:17.26 on 29/12/2010
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.1013.203 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Andrew\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\lhbanyzs.default\
FF - prefs.js: browser.startup.homepage - about.blank
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\users\andrew\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-11 42392]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-11 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2008-3-6 27784]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-30 297752]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\Rdwm1046.sys [2009-3-21 139008]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2010-4-7 23288]
S4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-12-28 20:32:56 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b3d58a28-15d3-4852-9afd-3395e30f82cb}\mpengine.dll
2010-12-28 17:13:30 -------- d-----w- C:\Intel
2010-12-18 22:28:56 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-18 22:28:56 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-18 22:28:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-18 22:28:56 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-18 22:28:56 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-18 22:28:53 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-18 20:46:48 388096 ----a-r- c:\users\andrew\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-18 20:46:47 -------- d-----w- c:\program files\Trend Micro
2010-12-18 20:23:54 -------- d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
2010-12-18 20:23:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 20:23:42 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-18 20:23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 20:23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 03:07:38 -------- d-----w- c:\program files\Bethesda Softworks
2010-12-08 17:05:44 -------- d-----w- c:\windows\pss
2010-12-05 21:35:45 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-05 21:35:45 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-05 21:34:33 -------- d-----w- c:\program files\iTunes
2010-12-05 21:34:33 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-05 21:26:10 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 11:06:28.01 ===============

And a zip of the 'Attach.txt':

Thanks!

afb


----------



## Blade81 (Oct 27, 2006)

Hi,

Some programs need updating but otherwise looks good. Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


----------



## afb (Dec 18, 2010)

Hello again,

Thanks Blade81, I needed an expert's opinion. 
I ran PSI and updated a few of the things that it suggested. 

Your help has been much appreciated, so again - thank you!

afb

ps - do I mark this as 'closed/solved', or will you do that?


----------



## Blade81 (Oct 27, 2006)

You're welcome 



> ps - do I mark this as 'closed/solved', or will you do that?


Both can do it (I marked it as 'solved' now).


----------

