Win7 Defender

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Win7 Defender

Post by xqme4asking on Wed 19 Dec 2012, 8:37 am

My Acer Aspire notebook has become infected with a virus or something stating Win7 Deferener. This has added an icon to my desktop screen, and is not allowing any program to run including Internet Explorer. I did run Panda which indicated virus removed etc, but on the re-start all programs are blocked and there are screens poping up asking me to either Activate Win7 Deferer or Stay unprotected.

I have tried running in safe mode & still I receive these messages etc from Win7 Defender; any ideas?

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Wed 19 Dec 2012, 9:21 am

Hi there!

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.


ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Wed 19 Dec 2012, 10:31 am

The issue is i am unable to access the internet; when I click on the Internet explore icon (even in safe mode) I receive a pop up that state " ieplore.exe is infected with Trojan-downloader JS Agent ftu" I have the option to activate this so called Win7 defender or stay unprotected. Should I click activate and then work backwards to remove this virus. I have reported this & I am replying via another Notebook that I own.

Thank you

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Wed 19 Dec 2012, 11:52 am

Try in Safe Mode with Networking, please...

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Wed 19 Dec 2012, 12:14 pm

I have attempted to reboot in Safe Mode and encounter the exact same issue; it is almost like this has impacted all files in all opportations. When in safe mode I still receive all errors and I am unable to access the internet.

This is why I asked should I completely infect the system by accepting (Activating) this error message and attempt to clean the unit.

Thanks

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Thu 20 Dec 2012, 6:44 am

Let's do the following, which would be a lot easier...

OTLPE + Farbar Recovery Scan Tool


  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  • Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.



  • When the tool opens click Yes to disclaimer.
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Thu 20 Dec 2012, 7:42 am

These notebooks do not have a CD rom; is there a way to run everything from a flash drive; and I do not have an external CD rom.

Thank you

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Thu 20 Dec 2012, 9:05 am

I'm sorry, I'm confused...do you have XP or Windows 7?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Thu 20 Dec 2012, 10:56 am

I apologize the unit infected has a Windows 7 Starter operating system; it is an Acer Aspire One

The error is in my profile it represents an old operatiing system from a unit I no longer own.

I do apologize

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Thu 20 Dec 2012, 8:14 pm

That's fine...This can be done on your flash drive...

Farbar Recovery Scan Tool

Download Farbar Recovery Scan Tool and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri 21 Dec 2012, 7:26 am

Please see log below....Please know I still can not access the internet from the infected unit; so I will need to use the flash drive to transfer what ever is required to remove the virus...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2012
Ran by SYSTEM at 20-12-2012 15:10:17
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9292392 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488 2010-06-01] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-27] (LG Electronics)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM\...\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [32032 2012-11-14] (Panda Security, S.L.)
HKU\angelgirldebra@yahoo\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-06] (Google Inc.)
HKU\angelgirldebra@yahoo\...\Run: [Facebook Update] "C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\angelgirldebra@yahoo\...\Run: [pcdfsvc] C:\ProgramData\pcdfdata\wgsdgsdgdsgsd.exe /min [79808 2012-12-18] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.)
2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
2 NanoServiceMain; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140064 2012-11-12] (Panda Security, S.L.)
2 NOBU; "C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2057560 2010-06-01] (Symantec Corporation)
2 PSUAService; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [36640 2012-11-14] (Panda Security, S.L.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe [x]

==================== Drivers (Whitelisted) ====================

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-07] (LG Electronics Inc.)
3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-16] (ENE Technology Inc.)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [119208 2012-11-09] (Panda Security, S.L.)
1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [139176 2012-11-09] (Panda Security, S.L.)
1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [163112 2012-11-09] (Panda Security, S.L.)
1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [29224 2012-10-22] (Panda Security, S.L.)
1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [133544 2012-11-09] (Panda Security, S.L.)
4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [74792 2012-11-09] (Panda Security, S.L.)
1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125480 2012-11-09] (Panda Security, S.L.)
1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [370216 2012-11-09] (Panda Security, S.L.)
1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [191528 2012-11-09] (Panda Security, S.L.)
1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [128040 2012-11-09] (Panda Security, S.L.)
1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [276520 2012-11-09] (Panda Security, S.L.)
1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [133928 2012-11-09] (Panda Security, S.L.)
2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [149544 2012-11-09] (Panda Security, S.L.)
2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [104488 2012-11-09] (Panda Security, S.L.)
1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-11-09] (Panda Security, S.L.)
2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-11-09] (Panda Security, S.L.)
2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [123944 2012-11-09] (Panda Security, S.L.)
3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46672 2012-11-07] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-20 15:10 - 2012-12-20 15:10 - 00000000 ____D C:\FRST
2012-12-20 07:22 - 2012-11-07 06:00 - 00046672 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2012-12-18 15:23 - 2012-12-18 17:17 - 00006080 ____A C:\Users\All Users\NanoRepository.bin
2012-12-18 15:23 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin.bak
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
2012-12-18 09:19 - 2012-12-18 16:07 - 00000000 ____D C:\Users\All Users\pcdfdata
2012-12-13 11:13 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 11:13 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 11:13 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 11:13 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 11:13 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 11:13 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 11:13 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 11:13 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 11:13 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 11:13 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 11:13 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 11:13 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 11:13 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 11:13 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 11:13 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 11:13 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 03:18 - 2012-11-21 23:43 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 03:17 - 2012-10-04 08:53 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 03:17 - 2012-10-04 08:49 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 03:17 - 2012-10-04 08:49 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 07:00 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 03:17 - 2012-10-04 06:44 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 03:15 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 03:07 - 2012-11-05 06:03 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 03:07 - 2012-11-05 06:03 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 03:07 - 2012-09-06 08:48 - 00245616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-12-13 03:06 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 03:32 - 2012-12-11 03:32 - 00003288 ____N C:\bootsqm.dat
2012-12-05 16:29 - 2012-12-05 16:30 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih.exe
2012-12-05 16:29 - 2012-12-05 16:30 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih (1).exe
2012-11-28 09:16 - 2012-05-31 09:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-22 04:44 - 2012-11-22 04:44 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 04:38 - 2012-11-22 04:38 - 00000000 ____A C:\Users\All Users\0x0304A000.sfl
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Users\All Users\Panda Security
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Program Files\Panda Security
2012-11-22 04:20 - 2012-11-22 04:20 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus (1).exe
2012-11-22 04:18 - 2012-11-22 04:18 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus.exe

==================== One Month Modified Files and Folders ========

2012-12-20 11:48 - 2010-09-26 07:11 - 01059475 ____A C:\Windows\WindowsUpdate.log
2012-12-20 11:48 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 11:48 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 11:39 - 2011-05-09 18:03 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-20 11:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 11:39 - 2009-07-13 20:39 - 00092171 ____A C:\Windows\setupact.log
2012-12-18 17:17 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin
2012-12-18 17:10 - 2011-05-09 18:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-18 17:08 - 2009-07-13 20:53 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-18 16:07 - 2012-12-18 09:19 - 00000000 ____D C:\Users\All Users\pcdfdata
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-12-18 15:23 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin.bak
2012-12-18 15:23 - 2012-06-06 02:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-18 13:08 - 2011-05-06 09:28 - 00000000 ____D C:\users\angelgirldebra@yahoo
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
2012-12-18 02:59 - 2011-09-16 14:37 - 00002413 ____A C:\Windows\System32\lgAxconfig.ini
2012-12-17 12:34 - 2010-07-06 06:27 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-16 14:47 - 2011-09-05 07:20 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\SoftGrid Client
2012-12-13 11:26 - 2009-07-13 20:33 - 00298088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-11 15:45 - 2010-09-26 07:08 - 00034250 ____A C:\Windows\PFRO.log
2012-12-11 11:33 - 2012-06-06 02:04 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-11 11:33 - 2011-09-19 14:34 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-11 03:32 - 2012-12-11 03:32 - 00003288 ____N C:\bootsqm.dat
2012-12-07 15:06 - 2011-05-06 09:28 - 00058400 ____A C:\Users\angelgirldebra@yahoo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-06 18:18 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\GroupPolicy
2012-12-05 16:30 - 2012-12-05 16:29 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih.exe
2012-12-05 16:30 - 2012-12-05 16:29 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih (1).exe
2012-12-04 06:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-11-28 12:06 - 2010-07-06 07:20 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-28 12:06 - 2010-07-06 07:20 - 00000000 ____D C:\Program Files\McAfee
2012-11-28 11:22 - 2010-07-06 07:20 - 00000000 ____D C:\Program Files\Common Files\mcafee
2012-11-28 08:56 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-11-28 02:45 - 2011-10-15 05:19 - 00001988 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-11-22 04:44 - 2012-11-22 04:44 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 04:38 - 2012-11-22 04:38 - 00000000 ____A C:\Users\All Users\0x0304A000.sfl
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Users\All Users\Panda Security
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Program Files\Panda Security
2012-11-22 04:20 - 2012-11-22 04:20 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus (1).exe
2012-11-22 04:18 - 2012-11-22 04:18 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus.exe
2012-11-21 23:43 - 2012-12-13 03:18 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


ZeroAccess:
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\@
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\L
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-13 03:07] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-16 09:02:27
Restore point made on: 2012-11-28 06:08:16
Restore point made on: 2012-12-04 06:29:32
Restore point made on: 2012-12-07 14:39:33
Restore point made on: 2012-12-11 03:14:35
Restore point made on: 2012-12-13 11:12:08
Restore point made on: 2012-12-18 09:59:14
Restore point made on: 2012-12-20 11:47:08

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1013.09 MB
Available physical RAM: 524.35 MB
Total Pagefile: 1013.09 MB
Available Pagefile: 520.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:135.95 GB) (Free:100.85 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.16 GB) NTFS
3 Drive f: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 135 GB 13 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Acer NTFS Partition 135 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3818 MB Healthy

=========================================================

Last Boot: 2012-12-07 15:35

==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 15:12:23
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Fri 21 Dec 2012, 8:47 am

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri 21 Dec 2012, 9:04 am

The desk top icon was removed, but still received all the Win7 defender alerts and still can not access the internet.

Please see the Fix log below

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 17:00:12 Run:1
Running from F:\

==============================================

C:\Users\Public\Desktop\Win7 Defender.lnk moved successfully.
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf} moved successfully.

==== End of Fixlog ====

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Fri 21 Dec 2012, 9:22 am

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri 21 Dec 2012, 1:01 pm

It appears to have been corrected, please let me know if there are addtional steps to be taken; below is the log that was created.

Thank you

ComboFix 12-12-20.02 - angelgirldebra@yahoo 12/20/2012 20:10:13.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.261 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 01:35 . 2012-12-21 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 01:13 . 2012-12-21 01:13 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BE88B1-EFF0-43F6-B23D-CB050BF63EF2}\offreg.dll
2012-12-21 00:59 . 2012-10-19 16:47 36736 ----a-w- c:\windows\system32\drivers\PsBoot.sys
2012-12-20 23:10 . 2012-12-20 23:10 -------- d-----w- C:\FRST
2012-12-20 22:01 . 2012-11-07 14:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-12-20 19:48 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BE88B1-EFF0-43F6-B23D-CB050BF63EF2}\mpengine.dll
2012-12-18 23:23 . 2012-12-19 01:17 6080 ----a-w- c:\programdata\NanoRepository.bin
2012-12-18 17:19 . 2012-12-21 00:59 -------- d-----w- c:\programdata\pcdfdata
2012-12-18 11:01 . 2012-12-18 11:01 -------- d-----w- c:\users\angelgirldebra@yahoo\AppData\Roaming\HPAppData
2012-12-13 11:18 . 2012-11-22 07:43 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 11:15 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 11:07 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 11:07 . 2012-11-05 14:03 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 11:07 . 2012-11-05 14:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 11:06 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-28 17:16 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-22 12:44 . 2012-11-22 12:44 -------- d-----w- c:\users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 12:32 . 2012-11-22 12:32 -------- d-----w- c:\programdata\Panda Security
2012-11-22 12:32 . 2012-11-22 12:32 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:33 . 2012-06-06 10:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 19:33 . 2011-09-19 22:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 00:01 . 2012-11-10 00:01 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-11-10 00:01 . 2012-11-10 00:01 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-11-10 00:01 . 2012-11-10 00:01 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-11-10 00:00 . 2012-11-10 00:00 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-11-10 00:00 . 2012-11-10 00:00 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-11-09 16:23 . 2012-11-09 16:23 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-11-09 16:23 . 2012-11-09 16:23 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-11-09 16:23 . 2012-11-09 16:23 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-11-09 16:23 . 2012-11-09 16:23 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-11-09 16:23 . 2012-11-09 16:23 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-11-09 16:23 . 2012-11-09 16:23 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-11-09 16:23 . 2012-11-09 16:23 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-11-09 16:23 . 2012-11-09 16:23 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-11-09 16:23 . 2012-11-09 16:23 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-11-09 16:23 . 2012-11-09 16:23 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-11-09 16:23 . 2012-11-09 16:23 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-10-22 17:08 . 2012-10-22 17:08 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-10-16 20:34 . 2012-11-28 11:59 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-25 21:55 . 2012-11-15 06:10 78336 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Facebook Update"="c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-6 704032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 19:34]
.
2012-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936878951-3151552269-1752876509-1000Core.job
- c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 01:12]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936878951-3151552269-1752876509-1000Core1cd5fcb8a54c80c.job
- c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 01:12]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:02]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3036)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
Completion time: 2012-12-20 20:46:44
ComboFix-quarantined-files.txt 2012-12-21 01:46
.
Pre-Run: 108,134,445,056 bytes free
Post-Run: 109,274,136,576 bytes free
.
- - End Of File - - F76E92CC9CF06C1DF05F93492A2DB824

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Fri 21 Dec 2012, 9:22 pm

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat 22 Dec 2012, 2:32 am

OTL logfile created on: 12/21/2012 9:56:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\angelgirldebra@yahoo\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 272.45 Mb Available Physical Memory | 26.89% Memory free
1.99 Gb Paging File | 1.15 Gb Available in Paging File | 57.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.95 Gb Total Space | 103.43 Gb Free Space | 76.08% Space Free | Partition Type: NTFS

Computer Name: ANGELGIRLDEBRAY | User Name: angelgirldebra@yahoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 09:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
PRC - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/11/14 22:04:15 | 000,032,032 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/07/11 20:12:43 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 01:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/22 01:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/05/26 21:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2010/02/09 13:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/10/13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV - [2012/12/11 14:34:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ANGELG~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/09 19:01:19 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/11/09 19:01:19 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/11/09 19:01:18 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/11/09 19:00:37 | 000,149,544 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/11/09 19:00:37 | 000,104,488 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/11/09 11:23:58 | 000,276,520 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/11/09 11:23:58 | 000,133,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/11/09 11:23:57 | 000,370,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/11/09 11:23:57 | 000,191,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/11/09 11:23:57 | 000,128,040 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/11/09 11:23:56 | 000,125,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/11/09 11:23:56 | 000,074,792 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012/11/09 11:23:55 | 000,163,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/11/09 11:23:55 | 000,139,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/11/09 11:23:55 | 000,133,544 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/11/09 11:23:54 | 000,119,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/11/07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2012/10/22 12:08:35 | 000,029,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/06/17 01:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010/05/20 01:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat 22 Dec 2012, 2:33 am

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/05 12:55:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/03 15:35:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/05 12:55:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E04B8720-9C44-40E2-A2C5-35C2D11447D2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/21 09:54:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
[2012/12/21 09:53:49 | 000,000,000 | ---D | C] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\HPAppData
[2012/12/20 20:45:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/20 20:06:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/20 20:06:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/20 20:06:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/20 20:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/20 20:02:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/20 18:10:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/20 17:01:43 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2012/12/18 12:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7 Defender
[2012/12/18 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdfdata
[2012/12/07 18:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012/11/22 07:44:52 | 000,000,000 | ---D | C] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
[2012/11/22 07:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/11/22 07:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 09:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
[2012/12/21 09:48:44 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 09:48:44 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 09:42:08 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/12/21 09:41:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/21 09:40:43 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/21 09:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 09:39:05 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 20:51:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 20:51:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 20:04:17 | 000,624,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/20 20:04:17 | 000,106,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/18 20:17:02 | 000,006,080 | ---- | M] () -- C:\ProgramData\NanoRepository.bin
[2012/12/18 18:23:47 | 000,006,080 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/12/11 06:32:19 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/11/28 05:45:58 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/11/22 07:38:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 20:06:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/20 20:06:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/20 20:06:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/20 20:06:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/20 20:06:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/18 18:23:47 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/12/18 18:23:47 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/12/11 06:32:19 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/11/22 07:38:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2011/12/03 22:30:43 | 000,003,584 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 13:42:35 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/10/25 18:22:34 | 000,000,040 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_cl_runescape_LIVE.dat
[2011/10/12 19:50:29 | 000,000,000 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\{7F436BDE-4957-488B-9C36-839E0F9F4498}
[2011/10/12 19:48:36 | 000,000,000 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\{C924E2FB-1735-453C-8E4B-30D455B0FF06}
[2011/10/01 15:18:33 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/10/01 14:35:59 | 000,000,129 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_runescape_preferences2.dat
[2011/10/01 14:33:32 | 000,000,035 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_runescape_preferences.dat
[2011/09/16 17:37:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/09/16 17:37:06 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/05 12:37:26 | 000,205,764 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/09/05 12:37:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/04 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Liteon
[2012/11/22 07:44:52 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
[2012/12/16 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\SoftGrid Client
[2011/05/10 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\TeamViewer
[2011/09/05 10:21:39 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\TP
[2011/05/06 12:38:57 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\WildTangent
[2011/05/10 02:40:23 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Sat 22 Dec 2012, 3:01 am

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat 22 Dec 2012, 4:52 am

I will run scan and report back, but currently I am recieivng a message about transmitting info over the internet. I also have two icons on my desk top labled as desktop.ini

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat 22 Dec 2012, 6:21 am

I have attempted 3 times to load the scanner; all 3 times have resulted in an error showing 2002. I attempted to down load this with my panda cloud disabled as well and still recieve the same error

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Sat 22 Dec 2012, 8:12 am

Please run Panda ActiveScan online scan.

  • Choose Quick Scan then click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat 22 Dec 2012, 10:03 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-12-21 18:00:49
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Panda Cloud Antivirus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\bhib50ob.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\fktozt1z.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\w02951yd.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\btcsnbk8.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\x3ip9zwp.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by DragonMaster Jay on Sat 22 Dec 2012, 8:32 pm

Good job!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sun 23 Dec 2012, 3:07 am

I am not receiving any types of messages at this time; does any of the reports I provided indicate the virus has been removed

xqme4asking

Rookie Surfer
Rookie Surfer

Posts : 70
Joined : 2010-07-04
Operating System : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Sponsored content Today at 1:09 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum