BleepingComputer.com: Windows & Firewall error code 0x80070424

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Windows & Firewall error code 0x80070424 do not know how to fix

#31 User is offline   Jack&Jill 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 330
  • Joined: 28-May 09
  • Gender:Male
  • Location:South East Asia

Posted 16 January 2012 - 10:19 AM

Hello stevepark309 :),

Are you still with me?
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

#32 User is offline   stevepark309 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 19
  • Joined: 19-December 11

Posted 16 January 2012 - 02:01 PM

O sorry. I thought I posted. I believe everything is up and running. Windows update was working.

#33 User is offline   Jack&Jill 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 330
  • Joined: 28-May 09
  • Gender:Male
  • Location:South East Asia

Posted 16 January 2012 - 07:05 PM

Hello stevepark309 :),

I will take one final look at the OTL logs, and if all is well, will provide some security recommendations after that.

Scan with OTL
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (selected). There are five of them.
  • Under the Modules section, please select No Company Name.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the OTL logs
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

#34 User is offline   stevepark309 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 19
  • Joined: 19-December 11

Posted 16 January 2012 - 11:11 PM

OTL

OTL logfile created on: 1/16/2012 11:06:47 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.99% Memory free
7.89 Gb Paging File | 5.76 Gb Available in Paging File | 72.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 332.51 Gb Free Space | 78.83% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.55 Gb Free Space | 91.56% Space Free | Partition Type: NTFS
Drive E: | 810.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 23:05:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2012/01/03 19:22:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/19 22:02:38 | 003,714,728 | ---- | M] (Gretech Corp.) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
PRC - [2011/12/13 11:56:15 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files (x86)\Stickies\stickies.exe
PRC - [2011/12/01 10:44:32 | 000,642,424 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Steve\Downloads\utorrent.exe
PRC - [2011/11/10 04:16:50 | 002,169,664 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/10/07 08:35:41 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 03:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/28 18:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 13:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/11/20 22:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 03:03:06 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/07 03:03:00 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012/01/03 19:22:29 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/13 11:56:15 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Stickies\shook70.dll
MOD - [2011/12/08 09:34:20 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/12/08 09:34:20 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f5b20bc8295049616a9f954a2a2c15b6\IAStorCommon.ni.dll
MOD - [2011/12/08 09:34:17 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4d82c54c4da5e14ddf5ee58cce2a5327\IAStorUtil.ni.dll
MOD - [2011/12/08 09:34:12 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/12/08 09:34:05 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/12/08 09:33:51 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/12/08 09:33:48 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/12/08 09:33:45 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/08 09:33:37 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/01 11:55:03 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/28 03:00:00 | 003,578,880 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011/10/07 08:35:40 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 04:03:56 | 000,594,944 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GVF.ax
MOD - [2011/08/02 23:31:02 | 003,373,568 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\libavcodec.dll
MOD - [2011/08/02 23:31:02 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GRFU.ax
MOD - [2011/05/16 19:49:30 | 000,421,520 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GomTVStrm.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/10/15 04:35:54 | 001,433,600 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GAF.ax


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/14 13:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/18 03:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/12/20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/20 11:45:27 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/07 08:44:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/10/07 08:44:33 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/07 08:42:03 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/10/07 08:42:03 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/10/06 23:54:21 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/06 23:54:21 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/07 20:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/18 03:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/13 23:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 18:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/14 22:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 22:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 22:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 22:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 22:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 05:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 01:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/30 03:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 19:22:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/19 16:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/01/05 00:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/03 19:22:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/03 19:22:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/01/03 19:22:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/14 18:01:37 | 000,436,459 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15020 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3132240425-3588946064-1196597558-1001..\Run: [uTorrent] C:\Users\Steve\Downloads\utorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E89EBAB-869B-4E29-BE0A-5C571A7DBBE4}: DhcpNameServer = 199.117.164.3 66.174.92.14 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4923798F-B383-4BAA-85ED-07350B16FE82}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/21 23:24:09 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d438df49-2a8f-11e1-82fd-60d819eb4b6a}\Shell - "" = AutoRun
O33 - MountPoints2\{d438df49-2a8f-11e1-82fd-60d819eb4b6a}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/11 22:45:10 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d438df49-2a8f-11e1-82fd-60d819eb4b6a}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/11 22:45:10 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d438df49-2a8f-11e1-82fd-60d819eb4b6a}\Shell\install\command - "" = E:\setup.exe -- [2010/03/11 22:45:10 | 001,377,656 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\.shsh
[2012/01/13 16:40:25 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/13 16:40:25 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/13 16:40:25 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/13 16:40:25 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/13 16:40:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/13 16:40:24 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/12 21:22:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/12 02:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2012/01/10 18:59:08 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/10 18:59:08 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/10 18:59:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/10 18:59:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/10 18:59:07 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/10 18:59:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/10 18:59:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/01/10 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\redsn0w_win_0.9.10b3
[2012/01/10 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\redsn0w
[2012/01/10 09:18:26 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2012/01/09 01:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/09 01:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/09 01:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/09 01:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/08 23:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/05 22:21:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/20 12:05:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\OneNote Notebooks
[2011/12/20 11:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/12/20 11:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/20 11:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/20 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/12/20 11:57:41 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/12/20 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/12/20 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/12/20 11:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/12/20 11:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/20 11:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/20 11:55:37 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Microsoft Help
[2011/12/20 11:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/20 11:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/12/20 11:55:12 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/20 11:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/20 11:45:27 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2011/12/20 11:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/12/20 11:44:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2011/12/20 11:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/19 16:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011/12/19 16:54:34 | 000,000,000 | ---D | C] -- C:\rsit
[2011/12/19 16:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/19 16:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2011/12/19 16:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/19 15:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/19 15:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/19 00:05:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/19 00:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/19 00:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

========== Files - Modified Within 30 Days ==========

[2012/01/16 21:02:44 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/16 21:02:44 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/16 21:02:44 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/16 21:01:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/15 18:20:28 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 18:20:28 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 18:13:44 | 000,439,191 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/01/15 18:12:55 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 18:01:37 | 000,436,459 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/01/14 18:01:37 | 000,436,459 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.umbrella
[2012/01/14 17:55:34 | 836,999,205 | ---- | M] () -- C:\Users\Steve\Desktop\iPhone3,3_5.0.1_9A405_Restore.ipsw
[2012/01/12 02:16:44 | 522,924,552 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/09 22:31:21 | 000,001,183 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/01/09 22:31:21 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/01/09 01:02:19 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/05 00:26:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 16:42:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011/12/21 00:26:55 | 000,427,816 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/20 12:05:11 | 000,001,266 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/12/20 11:45:59 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/20 11:45:27 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2011/12/19 16:26:58 | 000,434,097 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20111222-115610.backup
[2011/12/19 15:07:53 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/12/19 15:07:46 | 000,744,400 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/01/14 17:47:22 | 836,999,205 | ---- | C] () -- C:\Users\Steve\Desktop\iPhone3,3_5.0.1_9A405_Restore.ipsw
[2012/01/09 22:31:21 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/01/09 01:02:19 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/05 00:26:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 16:42:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011/12/20 12:05:11 | 000,001,266 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/12/20 11:45:59 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/19 15:07:53 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/12/19 15:07:44 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/06 15:13:55 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/12/03 23:34:50 | 000,744,400 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/07 08:50:11 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/10/07 08:50:11 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/10/07 08:35:43 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/10/07 08:35:43 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/10/07 08:35:43 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/10/07 08:35:43 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/10/07 08:35:39 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/10/07 08:26:30 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2011/10/07 08:26:30 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2011/10/07 08:26:30 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2011/10/07 08:26:30 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2011/10/07 08:26:30 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2011/10/07 08:26:30 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2011/10/07 08:21:36 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/10/07 08:09:47 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/10/07 08:09:45 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/08/31 19:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 19:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/20 11:46:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2011/12/06 15:14:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leawo
[2012/01/10 10:42:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\redsn0w
[2011/12/20 11:49:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SoftGrid Client
[2011/12/14 00:19:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Spotify
[2012/01/15 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\stickies
[2011/12/06 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\tiger-k
[2011/12/03 23:35:42 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TP
[2012/01/16 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,015,944 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#35 User is offline   stevepark309 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 19
  • Joined: 19-December 11

Posted 16 January 2012 - 11:18 PM

there was only one log that opened.

#36 User is offline   Jack&Jill 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 330
  • Joined: 28-May 09
  • Gender:Male
  • Location:South East Asia

Posted 17 January 2012 - 08:02 PM

Hello stevepark309 :),

Things are looking good.

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
  • Delete the RogueKiller, aswMBR, FSS and any tool files on your desktop.
  • Delete any logs on the desktop.


Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows 7 to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows 7 System Restore Guide for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

8. Protect your computer from removable or USB drive infections with MCShield, an effective method to prevent malware from spreading.

9. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

10. Make full use of Windows 7 firewall to step up the defense against internet dangers.

11. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

And remember what I said about reg cleaners and P2Ps.

Stay safe.
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

#37 User is offline   Jack&Jill 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 330
  • Joined: 28-May 09
  • Gender:Male
  • Location:South East Asia

Posted 22 January 2012 - 12:03 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users