GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Win7 Defender

View previous topic View next topic Go down

Solved Win7 Defender

Post by xqme4asking on Tue Dec 18, 2012 9:37 pm

My Acer Aspire notebook has become infected with a virus or something stating Win7 Deferener. This has added an icon to my desktop screen, and is not allowing any program to run including Internet Explorer. I did run Panda which indicated virus removed etc, but on the re-start all programs are blocked and there are screens poping up asking me to either Activate Win7 Deferer or Stay unprotected.

I have tried running in safe mode & still I receive these messages etc from Win7 Defender; any ideas?

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Tue Dec 18, 2012 10:21 pm

Hi there!

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.


ComboFix scan

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Tue Dec 18, 2012 11:31 pm

The issue is i am unable to access the internet; when I click on the Internet explore icon (even in safe mode) I receive a pop up that state " ieplore.exe is infected with Trojan-downloader JS Agent ftu" I have the option to activate this so called Win7 defender or stay unprotected. Should I click activate and then work backwards to remove this virus. I have reported this & I am replying via another Notebook that I own.

Thank you

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Wed Dec 19, 2012 12:52 am

Try in Safe Mode with Networking, please...

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Wed Dec 19, 2012 1:14 am

I have attempted to reboot in Safe Mode and encounter the exact same issue; it is almost like this has impacted all files in all opportations. When in safe mode I still receive all errors and I am unable to access the internet.

This is why I asked should I completely infect the system by accepting (Activating) this error message and attempt to clean the unit.

Thanks

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Wed Dec 19, 2012 7:44 pm

Let's do the following, which would be a lot easier...

OTLPE + Farbar Recovery Scan Tool


  • Download [You must be registered and logged in to see this link.] to your desktop
  • Download [You must be registered and logged in to see this link.] and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]

  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  • Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.



  • When the tool opens click Yes to disclaimer.
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Wed Dec 19, 2012 8:42 pm

These notebooks do not have a CD rom; is there a way to run everything from a flash drive; and I do not have an external CD rom.

Thank you

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Wed Dec 19, 2012 10:05 pm

I'm sorry, I'm confused...do you have XP or Windows 7?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Wed Dec 19, 2012 11:56 pm

I apologize the unit infected has a Windows 7 Starter operating system; it is an Acer Aspire One

The error is in my profile it represents an old operatiing system from a unit I no longer own.

I do apologize

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Thu Dec 20, 2012 9:14 am

That's fine...This can be done on your flash drive...

Farbar Recovery Scan Tool

Download [You must be registered and logged in to see this link.] and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. [You must be registered and logged in to see this link.]

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Thu Dec 20, 2012 8:26 pm

Please see log below....Please know I still can not access the internet from the infected unit; so I will need to use the flash drive to transfer what ever is required to remove the virus...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2012
Ran by SYSTEM at 20-12-2012 15:10:17
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9292392 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488 2010-06-01] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-27] (LG Electronics)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM\...\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [32032 2012-11-14] (Panda Security, S.L.)
HKU\angelgirldebra@yahoo\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-06] (Google Inc.)
HKU\angelgirldebra@yahoo\...\Run: [Facebook Update] "C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\angelgirldebra@yahoo\...\Run: [pcdfsvc] C:\ProgramData\pcdfdata\wgsdgsdgdsgsd.exe /min [79808 2012-12-18] (Microsoft Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [154144 2010-01-14] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.)
2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
2 NanoServiceMain; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140064 2012-11-12] (Panda Security, S.L.)
2 NOBU; "C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2057560 2010-06-01] (Symantec Corporation)
2 PSUAService; "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [36640 2012-11-14] (Panda Security, S.L.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe [x]

==================== Drivers (Whitelisted) ====================

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-07] (LG Electronics Inc.)
3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-16] (ENE Technology Inc.)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [119208 2012-11-09] (Panda Security, S.L.)
1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [139176 2012-11-09] (Panda Security, S.L.)
1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [163112 2012-11-09] (Panda Security, S.L.)
1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [29224 2012-10-22] (Panda Security, S.L.)
1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [133544 2012-11-09] (Panda Security, S.L.)
4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [74792 2012-11-09] (Panda Security, S.L.)
1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125480 2012-11-09] (Panda Security, S.L.)
1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [370216 2012-11-09] (Panda Security, S.L.)
1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [191528 2012-11-09] (Panda Security, S.L.)
1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [128040 2012-11-09] (Panda Security, S.L.)
1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [276520 2012-11-09] (Panda Security, S.L.)
1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [133928 2012-11-09] (Panda Security, S.L.)
2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [149544 2012-11-09] (Panda Security, S.L.)
2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [104488 2012-11-09] (Panda Security, S.L.)
1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-11-09] (Panda Security, S.L.)
2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-11-09] (Panda Security, S.L.)
2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [123944 2012-11-09] (Panda Security, S.L.)
3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46672 2012-11-07] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-20 15:10 - 2012-12-20 15:10 - 00000000 ____D C:\FRST
2012-12-20 07:22 - 2012-11-07 06:00 - 00046672 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2012-12-18 15:23 - 2012-12-18 17:17 - 00006080 ____A C:\Users\All Users\NanoRepository.bin
2012-12-18 15:23 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin.bak
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
2012-12-18 09:19 - 2012-12-18 16:07 - 00000000 ____D C:\Users\All Users\pcdfdata
2012-12-13 11:13 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 11:13 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 11:13 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 11:13 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 11:13 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 11:13 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 11:13 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 11:13 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 11:13 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 11:13 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 11:13 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 11:13 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 11:13 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 11:13 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 11:13 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 11:13 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 03:18 - 2012-11-21 23:43 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 03:17 - 2012-10-04 08:53 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 03:17 - 2012-10-04 08:49 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 03:17 - 2012-10-04 08:49 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 07:00 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 03:17 - 2012-10-04 06:44 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 03:17 - 2012-10-04 06:44 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 03:15 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 03:07 - 2012-11-05 06:03 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 03:07 - 2012-11-05 06:03 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 03:07 - 2012-09-06 08:48 - 00245616 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-12-13 03:06 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 03:32 - 2012-12-11 03:32 - 00003288 ____N C:\bootsqm.dat
2012-12-05 16:29 - 2012-12-05 16:30 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih.exe
2012-12-05 16:29 - 2012-12-05 16:30 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih (1).exe
2012-11-28 09:16 - 2012-05-31 09:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-22 04:44 - 2012-11-22 04:44 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 04:38 - 2012-11-22 04:38 - 00000000 ____A C:\Users\All Users\0x0304A000.sfl
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Users\All Users\Panda Security
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Program Files\Panda Security
2012-11-22 04:20 - 2012-11-22 04:20 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus (1).exe
2012-11-22 04:18 - 2012-11-22 04:18 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus.exe

==================== One Month Modified Files and Folders ========

2012-12-20 11:48 - 2010-09-26 07:11 - 01059475 ____A C:\Windows\WindowsUpdate.log
2012-12-20 11:48 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 11:48 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 11:39 - 2011-05-09 18:03 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-20 11:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 11:39 - 2009-07-13 20:39 - 00092171 ____A C:\Windows\setupact.log
2012-12-18 17:17 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin
2012-12-18 17:10 - 2011-05-09 18:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-18 17:08 - 2009-07-13 20:53 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-18 16:07 - 2012-12-18 09:19 - 00000000 ____D C:\Users\All Users\pcdfdata
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-18 16:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-12-18 15:23 - 2012-12-18 15:23 - 00006080 ____A C:\Users\All Users\NanoRepository.bin.bak
2012-12-18 15:23 - 2012-06-06 02:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-18 13:08 - 2011-05-06 09:28 - 00000000 ____D C:\users\angelgirldebra@yahoo
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
2012-12-18 02:59 - 2011-09-16 14:37 - 00002413 ____A C:\Windows\System32\lgAxconfig.ini
2012-12-17 12:34 - 2010-07-06 06:27 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-16 14:47 - 2011-09-05 07:20 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\SoftGrid Client
2012-12-13 11:26 - 2009-07-13 20:33 - 00298088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-11 15:45 - 2010-09-26 07:08 - 00034250 ____A C:\Windows\PFRO.log
2012-12-11 11:33 - 2012-06-06 02:04 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-11 11:33 - 2011-09-19 14:34 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-11 03:32 - 2012-12-11 03:32 - 00003288 ____N C:\bootsqm.dat
2012-12-07 15:06 - 2011-05-06 09:28 - 00058400 ____A C:\Users\angelgirldebra@yahoo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-06 18:18 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\GroupPolicy
2012-12-05 16:30 - 2012-12-05 16:29 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih.exe
2012-12-05 16:30 - 2012-12-05 16:29 - 00999888 ____A (Solid State Networks) C:\Users\angelgirldebra@yahoo\Downloads\install_flashplayer11x32axau_gtbp_chra_aih (1).exe
2012-12-04 06:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-11-28 12:06 - 2010-07-06 07:20 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-28 12:06 - 2010-07-06 07:20 - 00000000 ____D C:\Program Files\McAfee
2012-11-28 11:22 - 2010-07-06 07:20 - 00000000 ____D C:\Program Files\Common Files\mcafee
2012-11-28 08:56 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-11-28 02:45 - 2011-10-15 05:19 - 00001988 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-11-22 04:44 - 2012-11-22 04:44 - 00000000 ____D C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 04:38 - 2012-11-22 04:38 - 00000000 ____A C:\Users\All Users\0x0304A000.sfl
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Users\All Users\Panda Security
2012-11-22 04:32 - 2012-11-22 04:32 - 00000000 ____D C:\Program Files\Panda Security
2012-11-22 04:20 - 2012-11-22 04:20 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus (1).exe
2012-11-22 04:18 - 2012-11-22 04:18 - 00808224 ____A C:\Users\angelgirldebra@yahoo\Downloads\PandaCloudAntivirus.exe
2012-11-21 23:43 - 2012-12-13 03:18 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


ZeroAccess:
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\@
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\L
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-13 03:07] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-16 09:02:27
Restore point made on: 2012-11-28 06:08:16
Restore point made on: 2012-12-04 06:29:32
Restore point made on: 2012-12-07 14:39:33
Restore point made on: 2012-12-11 03:14:35
Restore point made on: 2012-12-13 11:12:08
Restore point made on: 2012-12-18 09:59:14
Restore point made on: 2012-12-20 11:47:08

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1013.09 MB
Available physical RAM: 524.35 MB
Total Pagefile: 1013.09 MB
Available Pagefile: 520.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:135.95 GB) (Free:100.85 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.16 GB) NTFS
3 Drive f: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 135 GB 13 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Acer NTFS Partition 135 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3818 MB Healthy

=========================================================

Last Boot: 2012-12-07 15:35

==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 15:12:23
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Thu Dec 20, 2012 9:47 pm

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-12-18 09:30 - 2012-12-18 09:30 - 00001667 ____A C:\Users\Public\Desktop\Win7 Defender.lnk
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Thu Dec 20, 2012 10:04 pm

The desk top icon was removed, but still received all the Win7 defender alerts and still can not access the internet.

Please see the Fix log below

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-12-2012
Ran by SYSTEM at 2012-12-20 17:00:12 Run:1
Running from F:\

==============================================

C:\Users\Public\Desktop\Win7 Defender.lnk moved successfully.
C:\Users\angelgirldebra@yahoo\AppData\Local\{d28b2dd4-9a70-d43c-1397-e9e518f5aacf} moved successfully.

==== End of Fixlog ====

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Thu Dec 20, 2012 10:22 pm

ComboFix scan

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri Dec 21, 2012 2:01 am

It appears to have been corrected, please let me know if there are addtional steps to be taken; below is the log that was created.

Thank you

ComboFix 12-12-20.02 - angelgirldebra@yahoo 12/20/2012 20:10:13.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.261 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 01:35 . 2012-12-21 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 01:13 . 2012-12-21 01:13 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BE88B1-EFF0-43F6-B23D-CB050BF63EF2}\offreg.dll
2012-12-21 00:59 . 2012-10-19 16:47 36736 ----a-w- c:\windows\system32\drivers\PsBoot.sys
2012-12-20 23:10 . 2012-12-20 23:10 -------- d-----w- C:\FRST
2012-12-20 22:01 . 2012-11-07 14:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-12-20 19:48 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10BE88B1-EFF0-43F6-B23D-CB050BF63EF2}\mpengine.dll
2012-12-18 23:23 . 2012-12-19 01:17 6080 ----a-w- c:\programdata\NanoRepository.bin
2012-12-18 17:19 . 2012-12-21 00:59 -------- d-----w- c:\programdata\pcdfdata
2012-12-18 11:01 . 2012-12-18 11:01 -------- d-----w- c:\users\angelgirldebra@yahoo\AppData\Roaming\HPAppData
2012-12-13 11:18 . 2012-11-22 07:43 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 11:15 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 11:07 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 11:07 . 2012-11-05 14:03 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 11:07 . 2012-11-05 14:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 11:06 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-28 17:16 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-22 12:44 . 2012-11-22 12:44 -------- d-----w- c:\users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
2012-11-22 12:32 . 2012-11-22 12:32 -------- d-----w- c:\programdata\Panda Security
2012-11-22 12:32 . 2012-11-22 12:32 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 19:33 . 2012-06-06 10:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 19:33 . 2011-09-19 22:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 00:01 . 2012-11-10 00:01 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-11-10 00:01 . 2012-11-10 00:01 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-11-10 00:01 . 2012-11-10 00:01 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-11-10 00:00 . 2012-11-10 00:00 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-11-10 00:00 . 2012-11-10 00:00 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-11-09 16:23 . 2012-11-09 16:23 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-11-09 16:23 . 2012-11-09 16:23 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-11-09 16:23 . 2012-11-09 16:23 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-11-09 16:23 . 2012-11-09 16:23 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-11-09 16:23 . 2012-11-09 16:23 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-11-09 16:23 . 2012-11-09 16:23 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-11-09 16:23 . 2012-11-09 16:23 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-11-09 16:23 . 2012-11-09 16:23 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-11-09 16:23 . 2012-11-09 16:23 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-11-09 16:23 . 2012-11-09 16:23 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-11-09 16:23 . 2012-11-09 16:23 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-10-22 17:08 . 2012-10-22 17:08 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-10-16 20:34 . 2012-11-28 11:59 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-25 21:55 . 2012-11-15 06:10 78336 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Facebook Update"="c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-6 704032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 19:34]
.
2012-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936878951-3151552269-1752876509-1000Core.job
- c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 01:12]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936878951-3151552269-1752876509-1000Core1cd5fcb8a54c80c.job
- c:\users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 01:12]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:02]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3036)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
Completion time: 2012-12-20 20:46:44
ComboFix-quarantined-files.txt 2012-12-21 01:46
.
Pre-Run: 108,134,445,056 bytes free
Post-Run: 109,274,136,576 bytes free
.
- - End Of File - - F76E92CC9CF06C1DF05F93492A2DB824

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Fri Dec 21, 2012 10:22 am

OTL Quick Scan

Please download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri Dec 21, 2012 3:32 pm

OTL logfile created on: 12/21/2012 9:56:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\angelgirldebra@yahoo\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 272.45 Mb Available Physical Memory | 26.89% Memory free
1.99 Gb Paging File | 1.15 Gb Available in Paging File | 57.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.95 Gb Total Space | 103.43 Gb Free Space | 76.08% Space Free | Partition Type: NTFS

Computer Name: ANGELGIRLDEBRAY | User Name: angelgirldebra@yahoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 09:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
PRC - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/11/14 22:04:15 | 000,032,032 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/07/11 20:12:43 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 01:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/22 01:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/06/11 16:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/06/11 16:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/05/26 21:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2010/02/09 13:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/10/13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV - [2012/12/11 14:34:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 16:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/01 17:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ANGELG~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/09 19:01:19 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/11/09 19:01:19 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/11/09 19:01:18 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/11/09 19:00:37 | 000,149,544 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/11/09 19:00:37 | 000,104,488 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/11/09 11:23:58 | 000,276,520 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/11/09 11:23:58 | 000,133,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/11/09 11:23:57 | 000,370,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/11/09 11:23:57 | 000,191,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/11/09 11:23:57 | 000,128,040 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/11/09 11:23:56 | 000,125,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/11/09 11:23:56 | 000,074,792 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012/11/09 11:23:55 | 000,163,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/11/09 11:23:55 | 000,139,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/11/09 11:23:55 | 000,133,544 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/11/09 11:23:54 | 000,119,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/11/07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2012/10/22 12:08:35 | 000,029,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/06/17 01:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010/05/20 01:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri Dec 21, 2012 3:33 pm

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/05 12:55:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/03 15:35:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/05 12:55:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\angelgirldebra@yahoo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E04B8720-9C44-40E2-A2C5-35C2D11447D2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/21 09:54:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
[2012/12/21 09:53:49 | 000,000,000 | ---D | C] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\HPAppData
[2012/12/20 20:45:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/20 20:06:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/20 20:06:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/20 20:06:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/20 20:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/20 20:02:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/20 18:10:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/20 17:01:43 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2012/12/18 12:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7 Defender
[2012/12/18 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdfdata
[2012/12/07 18:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012/11/22 07:44:52 | 000,000,000 | ---D | C] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
[2012/11/22 07:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/11/22 07:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 09:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelgirldebra@yahoo\Desktop\OTL.exe
[2012/12/21 09:48:44 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 09:48:44 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 09:42:08 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/12/21 09:41:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/21 09:40:43 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/21 09:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 09:39:05 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 20:51:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 20:51:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 20:04:17 | 000,624,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/20 20:04:17 | 000,106,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/18 20:17:02 | 000,006,080 | ---- | M] () -- C:\ProgramData\NanoRepository.bin
[2012/12/18 18:23:47 | 000,006,080 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/12/11 06:32:19 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/11/28 05:45:58 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/11/22 07:38:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 20:06:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/20 20:06:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/20 20:06:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/20 20:06:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/20 20:06:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/18 18:23:47 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/12/18 18:23:47 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/12/11 06:32:19 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/11/22 07:38:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2011/12/03 22:30:43 | 000,003,584 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 13:42:35 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/10/25 18:22:34 | 000,000,040 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_cl_runescape_LIVE.dat
[2011/10/12 19:50:29 | 000,000,000 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\{7F436BDE-4957-488B-9C36-839E0F9F4498}
[2011/10/12 19:48:36 | 000,000,000 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\AppData\Local\{C924E2FB-1735-453C-8E4B-30D455B0FF06}
[2011/10/01 15:18:33 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/10/01 14:35:59 | 000,000,129 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_runescape_preferences2.dat
[2011/10/01 14:33:32 | 000,000,035 | ---- | C] () -- C:\Users\angelgirldebra@yahoo\jagex_runescape_preferences.dat
[2011/09/16 17:37:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/09/16 17:37:06 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/05 12:37:26 | 000,205,764 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/09/05 12:37:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/04 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Liteon
[2012/11/22 07:44:52 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Panda Security
[2012/12/16 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\SoftGrid Client
[2011/05/10 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\TeamViewer
[2011/09/05 10:21:39 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\TP
[2011/05/06 12:38:57 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\WildTangent
[2011/05/10 02:40:23 | 000,000,000 | ---D | M] -- C:\Users\angelgirldebra@yahoo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Fri Dec 21, 2012 4:01 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri Dec 21, 2012 5:52 pm

I will run scan and report back, but currently I am recieivng a message about transmitting info over the internet. I also have two icons on my desk top labled as desktop.ini

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri Dec 21, 2012 7:21 pm

I have attempted 3 times to load the scanner; all 3 times have resulted in an error showing 2002. I attempted to down load this with my panda cloud disabled as well and still recieve the same error

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Fri Dec 21, 2012 9:12 pm

Please run [You must be registered and logged in to see this link.] online scan.

  • Choose Quick Scan then click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Fri Dec 21, 2012 11:03 pm

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-12-21 18:00:49
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Panda Cloud Antivirus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\bhib50ob.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\fktozt1z.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\w02951yd.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\btcsnbk8.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\angelgirldebra@yahoo\appdata\roaming\microsoft\windows\cookies\x3ip9zwp.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Sat Dec 22, 2012 9:32 am

Good job!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat Dec 22, 2012 4:07 pm

I am not receiving any types of messages at this time; does any of the reports I provided indicate the virus has been removed

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Sat Dec 22, 2012 4:12 pm

Looks to be gone. Smile

It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:

  • Select the More Options tab

  • In the System Restore and Shadow Backups select Clean up

  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop - [You must be registered and logged in to see this link.]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).


Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat Dec 22, 2012 5:22 pm

Please see log below

Results of screen317's Security Check version 0.99.56
Windows 7 x86 (UAC is disabled!)
[You must be registered and logged in to see this link.]
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
CCleaner
Java(TM) 6 Update 27
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
Google GoogleUpdateSetup_latest.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Sat Dec 22, 2012 5:25 pm

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Java Update!

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

[You must be registered and logged in to see this link.]


Personal Tips on Preventing Malware

See [You must be registered and logged in to see this link.] for more info about malware and prevention.


Any other questions before I mark this topic solved?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat Dec 22, 2012 7:16 pm

I have removed & downloaded the programs as advised; knowing what you know from the logs posted, do I need to download any other programs to prevent this in the future

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat Dec 22, 2012 7:38 pm

I've noticed in my new programs I have a program that states Win7 Defender; this is the same pop up I was receiving over & over. What is this program?

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Sat Dec 22, 2012 9:41 pm

It is a rogue antivirus program.

Go into CCleaner, hit the Tools > Uninstall...search for the program, select it, and then hit the "Delete Entry" button on the right. It'll make it disappear. Otherwise, all the components of that are removed. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by xqme4asking on Sat Dec 22, 2012 10:22 pm

Could not find it via CClean; I just deleted it via right clicking on it; based on what you see, we are now clean or virus free? What are tracking cookies how can I stop/prevent them, I noticed in a recent Panda scan tracking cookies were neutralized.

Thank you again for all of your assistance

xqme4asking
Intermediate
Intermediate

Status :
Online
Offline

Posts : 70
Joined : 2010-07-04
OS : Windows 7 Starter 32

View user profile

Back to top Go down

Solved Re: Win7 Defender

Post by Dr Jay on Sun Dec 23, 2012 12:40 am

Should be fine. You're welcome. Smile

Topic solved. Big Grin


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum