Win7 Defender

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Win7 Defender20th December 2012, 8:26 pm

Please see log below....Please know I still can not access the internet from the infected unit; so I will need to use the flash drive to transfer what ever is required to remove the virus...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2012
Ran by SYSTEM at 20-12-2012 15:10:17
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9292392 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488 2010-06-01] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-27] (LG Electronics)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM\...\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [32032 2012-11-14] (Panda Security, S.L.)
HKU\angelgirldebra@yahoo\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-06] (Google Inc.)
HKU\angelgirldebra@yahoo\...\Run: [Facebook Update] "C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\angelgirldebra@yahoo\...\Run: [pcdfsvc] C:\ProgramData\pcdfdata\wgsdgsdgdsgsd.exe /min [79808 2012-12-18] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.)
2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
2 NanoServiceMain; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140064 2012-11-12] (Panda Security, S.L.)
2 NOBU; "C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2057560 2010-06-01] (Symantec Corporation)
2 PSUAService; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [36640 2012-11-14] (Panda Security, S.L.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe [x]

==================== Drivers (Whitelisted) ====================

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-07] (LG Electronics Inc.)
3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-16] (ENE Technology Inc.)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [119208 2012-11-09] (Panda Security, S.L.)
1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [139176 2012-11-09] (Panda Security, S.L.)
1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [163112 2012-11-09] (Panda Security, S.L.)
1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [29224 2012-10-22] (Panda Security, S.L.)
1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [133544 2012-11-09] (Panda Security, S.L.)
4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [74792 2012-11-09] (Panda Security, S.L.)
1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125480 2012-11-09] (Panda Security, S.L.)
1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [370216 2012-11-09] (Panda Security, S.L.)
1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [191528 2012-11-09] (Panda Security, S.L.)
1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [128040 2012-11-09] (Panda Security, S.L.)
1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [276520 2012-11-09] (Panda Security, S.L.)
1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [133928 2012-11-09] (Panda Security, S.L.)
2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [149544 2012-11-09] (Panda Security, S.L.)
2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [104488 2012-11-09] (Panda Security, S.L.)
1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-11-09] (Panda Security, S.L.)
2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-11-09] (Panda Security, S.L.)
2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [123944 2012-11-09] (Panda Security, S.L.)
3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46672 2012-11-07] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-12-20 15:10 - 2012-12-20 15:10 - 00000000 ____D C:\FRST
2012-12-20 07:22 - 2012-11-07 06:00 - 00046672 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2012-12-18 15:23 - 2012-12-18 17:17 - 00006080 ____A C:\Users\All Users\NanoRepository.bin
2012-12-18 15:23 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin.bak
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
2012-12-18 09:19 - 2012-12-18 16:07 - 00000000 ____D C:\Users\All Users\pcdfdata
2012-12-13 11:13 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 11:13 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 11:13 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 11:13 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 11:13 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 11:13 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 11:13 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 11:13 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 11:13 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 11:13 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 11:13 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 11:13 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 11:13 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 11:13 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 11:13 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 11:13 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 03:18 - 2012-11-21 23:43 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 03:17 - 2012-10-04 08:53 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 03:17 - 2012-10-04 08:49 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 03:17 - 2012-10-04 08:49 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 07:00 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 03:17 - 2012-10-04 06:44 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 03:15 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 03:07 - 2012-11-05 06:03 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 03:07 - 2012-11-05 06:03 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 03:07 - 2012-09-06 08:48 - 00245616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-12-13 03:06 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 03:32 - 2012-12-11 03:32 - 00003288 ____N C:\bootsqm.dat
2012-12-05 16:29 - 2012-12-05 16:30 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih.exe
2012-12-05 16:29 - 2012-12-05 16:30 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih (1).exe
2012-11-28 09:16 - 2012-05-31 09:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-22 04:44 - 2012-11-22 04:44 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 04:38 - 2012-11-22 04:38 - 00000000 ____A C:\Users\All Users\0x0304A000.sfl
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Users\All Users\Panda Security
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Program Files\Panda Security
2012-11-22 04:20 - 2012-11-22 04:20 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus (1).exe
2012-11-22 04:18 - 2012-11-22 04:18 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus.exe

==================== One Month Modified Files and Folders ========

2012-12-20 11:48 - 2010-09-26 07:11 - 01059475 ____A C:\Windows\WindowsUpdate.log
2012-12-20 11:48 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 11:48 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 11:39 - 2011-05-09 18:03 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-20 11:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 11:39 - 2009-07-13 20:39 - 00092171 ____A C:\Windows\setupact.log
2012-12-18 17:17 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin
2012-12-18 17:10 - 2011-05-09 18:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-18 17:08 - 2009-07-13 20:53 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-18 16:07 - 2012-12-18 09:19 - 00000000 ____D C:\Users\All Users\pcdfdata
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-12-18 15:23 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin.bak
2012-12-18 15:23 - 2012-06-06 02:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-18 13:08 - 2011-05-06 09:28 - 00000000 ____D C:\users\angelgirldebra@yahoo
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
2012-12-18 02:59 - 2011-09-16 14:37 - 00002413 ____A C:\Windows\System32\lgAxconfig.ini
2012-12-17 12:34 - 2010-07-06 06:27 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-16 14:47 - 2011-09-05 07:20 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\SoftGrid Client
2012-12-13 11:26 - 2009-07-13 20:33 - 00298088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-11 15:45 - 2010-09-26 07:08 - 00034250 ____A C:\Windows\PFRO.log
2012-12-11 11:33 - 2012-06-06 02:04 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-11 11:33 - 2011-09-19 14:34 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-11 03:32 - 2012-12-11 03:32 - 00003288 ____N C:\bootsqm.dat
2012-12-07 15:06 - 2011-05-06 09:28 - 00058400 ____A C:\Users\angelgirldebra@yahoo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-06 18:18 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\GroupPolicy
2012-12-05 16:30 - 2012-12-05 16:29 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih.exe
2012-12-05 16:30 - 2012-12-05 16:29 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih (1).exe
2012-12-04 06:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-11-28 12:06 - 2010-07-06 07:20 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-28 12:06 - 2010-07-06 07:20 - 00000000 ____D C:\Program Files\McAfee
2012-11-28 11:22 - 2010-07-06 07:20 - 00000000 ____D C:\Program Files\Common Files\mcafee
2012-11-28 08:56 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-11-28 02:45 - 2011-10-15 05:19 - 00001988 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-11-22 04:44 - 2012-11-22 04:44 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 04:38 - 2012-11-22 04:38 - 00000000 ____A C:\Users\All Users\0x0304A000.sfl
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Users\All Users\Panda Security
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Program Files\Panda Security
2012-11-22 04:20 - 2012-11-22 04:20 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus (1).exe
2012-11-22 04:18 - 2012-11-22 04:18 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus.exe
2012-11-21 23:43 - 2012-12-13 03:18 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

ZeroAccess:
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\@
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\L
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\U

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-13 03:07] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-16 09:02:27
Restore point made on: 2012-11-28 06:08:16
Restore point made on: 2012-12-04 06:29:32
Restore point made on: 2012-12-07 14:39:33
Restore point made on: 2012-12-11 03:14:35
Restore point made on: 2012-12-13 11:12:08
Restore point made on: 2012-12-18 09:59:14
Restore point made on: 2012-12-20 11:47:08

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1013.09 MB
Available physical RAM: 524.35 MB
Total Pagefile: 1013.09 MB
Available Pagefile: 520.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:135.95 GB) (Free:100.85 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.16 GB) NTFS
3 Drive f: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 135 GB 13 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Acer NTFS Partition 135 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3818 MB Healthy

=========================================================

Last Boot: 2012-12-07 15:35

==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 15:12:23
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Re: Win7 Defender20th December 2012, 9:47 pm

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Re: Win7 Defender20th December 2012, 10:04 pm

The desk top icon was removed, but still received all the Win7 defender alerts and still can not access the internet.

Please see the Fix log below

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 17:00:12 Run:1
Running from F:\

==============================================

C:\Users\Public\Desktop\Win7 Defender.lnk moved successfully.
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf} moved successfully.

==== End of Fixlog ====

Re: Win7 Defender20th December 2012, 10:22 pm

ComboFix scan

Please download ComboFix Win7 Defender - Page 1 Combofix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Re: Win7 Defender21st December 2012, 2:01 am

It appears to have been corrected, please let me know if there are addtional steps to be taken; below is the log that was created.

Thank you

ComboFix 12-12-20.02 - angelgirldebra@yahoo 12/20/2012 20:10:13.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.261 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 01:35 . 2012-12-21 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 01:13 . 2012-12-21 01:13 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BE88B1-EFF0-43F6-B23D-CB050BF63EF2}\offreg.dll
2012-12-21 00:59 . 2012-10-19 16:47 36736 ----a-w- c:\windows\system32\drivers\PsBoot.sys
2012-12-20 23:10 . 2012-12-20 23:10 -------- d-----w- C:\FRST
2012-12-20 22:01 . 2012-11-07 14:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-12-20 19:48 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BE88B1-EFF0-43F6-B23D-CB050BF63EF2}\mpengine.dll
2012-12-18 23:23 . 2012-12-19 01:17 6080 ----a-w- c:\programdata\NanoRepository.bin
2012-12-18 17:19 . 2012-12-21 00:59 -------- d-----w- c:\programdata\pcdfdata
2012-12-18 11:01 . 2012-12-18 11:01 -------- d-----w- c:\users\angelgirldebra@yahoo\AppData\Roaming\HPAppData
2012-12-13 11:18 . 2012-11-22 07:43 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 11:15 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 11:07 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 11:07 . 2012-11-05 14:03 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 11:07 . 2012-11-05 14:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 11:06 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-28 17:16 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-22 12:44 . 2012-11-22 12:44 -------- d-----w- c:\users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 12:32 . 2012-11-22 12:32 -------- d-----w- c:\programdata\Panda Security
2012-11-22 12:32 . 2012-11-22 12:32 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:33 . 2012-06-06 10:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 19:33 . 2011-09-19 22:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 00:01 . 2012-11-10 00:01 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-11-10 00:01 . 2012-11-10 00:01 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-11-10 00:01 . 2012-11-10 00:01 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-11-10 00:00 . 2012-11-10 00:00 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-11-10 00:00 . 2012-11-10 00:00 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-11-09 16:23 . 2012-11-09 16:23 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-11-09 16:23 . 2012-11-09 16:23 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-11-09 16:23 . 2012-11-09 16:23 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-11-09 16:23 . 2012-11-09 16:23 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-11-09 16:23 . 2012-11-09 16:23 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-11-09 16:23 . 2012-11-09 16:23 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-11-09 16:23 . 2012-11-09 16:23 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-11-09 16:23 . 2012-11-09 16:23 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-11-09 16:23 . 2012-11-09 16:23 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-11-09 16:23 . 2012-11-09 16:23 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-11-09 16:23 . 2012-11-09 16:23 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-10-22 17:08 . 2012-10-22 17:08 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-10-16 20:34 . 2012-11-28 11:59 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-25 21:55 . 2012-11-15 06:10 78336 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Facebook Update"="c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-6 704032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 19:34]
.
2012-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936878951-3151552269-1752876509-1000Core.job
- c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 01:12]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936878951-3151552269-1752876509-1000Core1cd5fcb8a54c80c.job
- c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 01:12]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:02]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=27b50511k065l0484ww95w57m2u808
uInternet Settings,ProxyOverride = ;*.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3036)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
Completion time: 2012-12-20 20:46:44
ComboFix-quarantined-files.txt 2012-12-21 01:46
.
Pre-Run: 108,134,445,056 bytes free
Post-Run: 109,274,136,576 bytes free
.
- - End Of File - - F76E92CC9CF06C1DF05F93492A2DB824

Re: Win7 Defender21st December 2012, 10:22 am

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Quick Scan button and let the program run uninterrupted.
It will produce a log for you called OTL.txt, please post it in your next reply.
You may need to use two posts to get it all.

Re: Win7 Defender21st December 2012, 3:32 pm

OTL logfile created on: 12/21/2012 9:56:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\angelgirldebra@yahoo\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 272.45 Mb Available Physical Memory | 26.89% Memory free
1.99 Gb Paging File | 1.15 Gb Available in Paging File | 57.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.95 Gb Total Space | 103.43 Gb Free Space | 76.08% Space Free | Partition Type: NTFS

Computer Name: ANGELGIRLDEBRAY | User Name: angelgirldebra@yahoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 09:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
PRC - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/11/14 22:04:15 | 000,032,032 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/07/11 20:12:43 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 01:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/22 01:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/05/26 21:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2010/02/09 13:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/10/13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll

========== Services (SafeList) ==========

SRV - [2012/12/11 14:34:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ANGELG~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/09 19:01:19 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/11/09 19:01:19 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/11/09 19:01:18 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/11/09 19:00:37 | 000,149,544 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/11/09 19:00:37 | 000,104,488 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/11/09 11:23:58 | 000,276,520 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/11/09 11:23:58 | 000,133,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/11/09 11:23:57 | 000,370,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/11/09 11:23:57 | 000,191,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/11/09 11:23:57 | 000,128,040 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/11/09 11:23:56 | 000,125,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/11/09 11:23:56 | 000,074,792 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012/11/09 11:23:55 | 000,163,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/11/09 11:23:55 | 000,139,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/11/09 11:23:55 | 000,133,544 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/11/09 11:23:54 | 000,119,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/11/07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2012/10/22 12:08:35 | 000,029,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/06/17 01:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010/05/20 01:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

Re: Win7 Defender21st December 2012, 3:33 pm

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=27b50511k065l0484ww95w57m2u808
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20111022202456899&tb_oid=22-10-2011&tb_mrud=22-10-2011
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?ncid=customie9
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20111022202456899&tb_oid=22-10-2011&tb_mrud=22-10-2011
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS431US431
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_enUS431US431
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/05 12:55:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/03 15:35:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/05 12:55:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E04B8720-9C44-40E2-A2C5-35C2D11447D2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/21 09:54:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
[2012/12/21 09:53:49 | 000,000,000 | ---D | C] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\HPAppData
[2012/12/20 20:45:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/20 20:06:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/20 20:06:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/20 20:06:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/20 20:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/20 20:02:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/20 18:10:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/20 17:01:43 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2012/12/18 12:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7 Defender
[2012/12/18 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdfdata
[2012/12/07 18:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012/11/22 07:44:52 | 000,000,000 | ---D | C] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
[2012/11/22 07:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/11/22 07:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 09:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
[2012/12/21 09:48:44 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 09:48:44 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 09:42:08 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/12/21 09:41:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/21 09:40:43 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/21 09:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 09:39:05 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 20:51:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 20:51:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 20:04:17 | 000,624,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/20 20:04:17 | 000,106,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/18 20:17:02 | 000,006,080 | ---- | M] () -- C:\ProgramData\NanoRepository.bin
[2012/12/18 18:23:47 | 000,006,080 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/12/11 06:32:19 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/11/28 05:45:58 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/11/22 07:38:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 20:06:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/20 20:06:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/20 20:06:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/20 20:06:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/20 20:06:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/18 18:23:47 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/12/18 18:23:47 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/12/11 06:32:19 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/11/22 07:38:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2011/12/03 22:30:43 | 000,003,584 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 13:42:35 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/10/25 18:22:34 | 000,000,040 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_cl_runescape_LIVE.dat
[2011/10/12 19:50:29 | 000,000,000 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\{7F436BDE-4957-488B-9C36-839E0F9F4498}
[2011/10/12 19:48:36 | 000,000,000 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\{C924E2FB-1735-453C-8E4B-30D455B0FF06}
[2011/10/01 15:18:33 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/10/01 14:35:59 | 000,000,129 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_runescape_preferences2.dat
[2011/10/01 14:33:32 | 000,000,035 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_runescape_preferences.dat
[2011/09/16 17:37:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/09/16 17:37:06 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/05 12:37:26 | 000,205,764 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/09/05 12:37:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/04 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Liteon
[2012/11/22 07:44:52 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
[2012/12/16 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\SoftGrid Client
[2011/05/10 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\TeamViewer
[2011/09/05 10:21:39 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\TP
[2011/05/06 12:38:57 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\WildTangent
[2011/05/10 02:40:23 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

Re: Win7 Defender21st December 2012, 4:01 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

Re: Win7 Defender21st December 2012, 5:52 pm

I will run scan and report back, but currently I am recieivng a message about transmitting info over the internet. I also have two icons on my desk top labled as desktop.ini

Re: Win7 Defender21st December 2012, 7:21 pm

I have attempted 3 times to load the scanner; all 3 times have resulted in an error showing 2002. I attempted to down load this with my panda cloud disabled as well and still recieve the same error

Re: Win7 Defender21st December 2012, 9:12 pm

Please run Panda ActiveScan online scan.

Choose Quick Scan then click the big green Scan now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
Once the scan is completed, please hit the notepad icon next to the text Export to:
Save it to a convenient location such as your Desktop
Post the contents of the ActiveScan.txt in your next reply

Re: Win7 Defender21st December 2012, 11:03 pm

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-12-21 18:00:49
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Panda Cloud Antivirus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\bhib50ob.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\fktozt1z.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\w02951yd.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\btcsnbk8.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\x3ip9zwp.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Re: Win7 Defender22nd December 2012, 9:32 am

Good job!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

Re: Win7 Defender22nd December 2012, 4:07 pm

I am not receiving any types of messages at this time; does any of the reports I provided indicate the virus has been removed

Re: Win7 Defender22nd December 2012, 4:12 pm

Looks to be gone. Smile...

It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Re: Win7 Defender22nd December 2012, 5:22 pm

Please see log below

Results of screen317's Security Check version 0.99.56
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
CCleaner
Java(TM) 6 Update 27
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
Google GoogleUpdateSetup_latest.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Re: Win7 Defender22nd December 2012, 5:25 pm

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Re: Win7 Defender22nd December 2012, 7:16 pm

I have removed & downloaded the programs as advised; knowing what you know from the logs posted, do I need to download any other programs to prevent this in the future

Re: Win7 Defender22nd December 2012, 7:38 pm

I've noticed in my new programs I have a program that states Win7 Defender; this is the same pop up I was receiving over & over. What is this program?

Re: Win7 Defender22nd December 2012, 9:41 pm

It is a rogue antivirus program.

Go into CCleaner, hit the Tools > Uninstall...search for the program, select it, and then hit the "Delete Entry" button on the right. It'll make it disappear. Otherwise, all the components of that are removed. Smile...

Re: Win7 Defender22nd December 2012, 10:22 pm

Could not find it via CClean; I just deleted it via right clicking on it; based on what you see, we are now clean or virus free? What are tracking cookies how can I stop/prevent them, I noticed in a recent Panda scan tracking cookies were neutralized.

Thank you again for all of your assistance

Re: Win7 Defender23rd December 2012, 12:40 am

Should be fine. You're welcome. Smile...

Topic solved. Big Grin

Win7 Defender

descriptionRe: Win7 Defender20th December 2012, 8:26 pm

descriptionRe: Win7 Defender20th December 2012, 9:47 pm

descriptionRe: Win7 Defender20th December 2012, 10:04 pm

descriptionRe: Win7 Defender20th December 2012, 10:22 pm

descriptionRe: Win7 Defender21st December 2012, 2:01 am

descriptionRe: Win7 Defender21st December 2012, 10:22 am

descriptionRe: Win7 Defender21st December 2012, 3:32 pm

descriptionRe: Win7 Defender21st December 2012, 3:33 pm

descriptionRe: Win7 Defender21st December 2012, 4:01 pm

descriptionRe: Win7 Defender21st December 2012, 5:52 pm

descriptionRe: Win7 Defender21st December 2012, 7:21 pm

descriptionRe: Win7 Defender21st December 2012, 9:12 pm

descriptionRe: Win7 Defender21st December 2012, 11:03 pm

descriptionRe: Win7 Defender22nd December 2012, 9:32 am

descriptionRe: Win7 Defender22nd December 2012, 4:07 pm

descriptionRe: Win7 Defender22nd December 2012, 4:12 pm

descriptionRe: Win7 Defender22nd December 2012, 5:22 pm

descriptionRe: Win7 Defender22nd December 2012, 5:25 pm

descriptionRe: Win7 Defender22nd December 2012, 7:16 pm

descriptionRe: Win7 Defender22nd December 2012, 7:38 pm

descriptionRe: Win7 Defender22nd December 2012, 9:41 pm

descriptionRe: Win7 Defender22nd December 2012, 10:22 pm

descriptionRe: Win7 Defender23rd December 2012, 12:40 am

descriptionRe: Win7 Defender