Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Hitman Pro for virus now computer won't boot


  • This topic is locked This topic is locked
12 replies to this topic

#1 hikkari

hikkari

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 05 December 2012 - 04:34 AM

I had the Win 7 Antivirus 2013 virus tonight so I followed a guide to uninstall it and all was going fine until I ran Hitman Pro and restarted my computer. My computer won't boot, it goes straight to the system recovery but it isn't able to fix the problems. I can't run safe mode as well.

I ran FRST and here is what I got:






Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 01:23:33
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Messenger Plus! Live\PlusService.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKU\ginee\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2012-07-02] (Microsoft Corporation)
HKU\ginee\...\Run: [uTorrent] "C:\Users\ginee\Downloads\uTorrent.exe" /MINIMIZED [1022352 2012-07-02] (BitTorrent, Inc.)
HKU\ginee\...\Run: [Google Update] "C:\Users\ginee\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-09] (Google Inc.)
Startup: C:\Users\ginee\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) ===================

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1236368 2012-09-20] (Lavasoft Limited)
3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2012-07-02] (Adobe Systems)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)
2 HitmanPro37CrusaderBoot; "C:\HitmanPro_x64.exe" /crusader:boot [x]

==================== Drivers (Whitelisted) =====================

0 86be475de11f1da2; C:\Windows\System32\Drivers\86be475de11f1da2.sys [78792 2012-12-04] () ATTENTION =====> Rootkit?
3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
3 hitmanpro37; C:\Windows\System32\Drivers\hitmanpro37.sys [31048 2012-12-05] ()
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)
3 uqk; \??\C:\koramgame\STOnline\avital\wyqku64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-05 01:23 - 2012-12-05 01:23 - 00000000 ____D C:\FRST
2012-12-05 00:41 - 2012-12-05 00:41 - 00000400 ____A C:\Windows\System32\.crusader
2012-12-05 00:34 - 2012-12-05 00:42 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-05 00:34 - 2012-12-05 00:41 - 00031048 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2012-12-04 23:58 - 2012-12-04 23:58 - 00000000 ____D C:\Users\ginee\AppData\Roaming\Malwarebytes
2012-12-04 23:58 - 2012-12-04 23:58 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-04 23:58 - 2012-12-04 23:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-04 23:58 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-04 23:53 - 2012-12-04 23:53 - 00003642 ____A C:\Users\ginee\Desktop\Rkill.txt
2012-12-04 23:53 - 2012-12-04 23:53 - 00000000 ____D C:\Users\ginee\Desktop\rkill
2012-12-04 23:31 - 2012-12-04 23:31 - 00078792 ____A C:\Windows\System32\Drivers\86be475de11f1da2.sys
2012-12-04 23:28 - 2012-12-04 23:50 - 00009018 __ASH C:\Users\ginee\AppData\Local\6o4v7yr6ikfw18072u
2012-12-04 23:28 - 2012-12-04 23:50 - 00009018 __ASH C:\Users\All Users\6o4v7yr6ikfw18072u
2012-12-04 16:06 - 2012-12-04 16:06 - 00784592 ____A C:\Users\ginee\Desktop\meow.rar
2012-12-01 20:36 - 2012-12-01 20:36 - 00000000 ____D C:\Users\ginee\AppData\Roaming\JAM Software
2012-12-01 20:35 - 2012-12-01 20:35 - 00000000 ____D C:\Program Files (x86)\JAM Software
2012-12-01 20:33 - 2012-12-01 20:33 - 03350608 ____A (JAM Software ) C:\Users\ginee\Desktop\TreeSizeFreeSetup.exe
2012-11-29 17:43 - 2012-11-29 17:43 - 00000000 ____D C:\Users\ginee\AppData\Roaming\ATI
2012-11-29 17:43 - 2012-11-29 17:43 - 00000000 ____D C:\Users\ginee\AppData\Local\ATI
2012-11-29 17:43 - 2012-11-29 17:43 - 00000000 ____D C:\Users\All Users\ATI
2012-11-29 17:38 - 2012-11-29 17:38 - 00000000 ____D C:\Program Files\ATI
2012-11-29 17:35 - 2012-11-29 17:42 - 00000000 ____D C:\Program Files (x86)\ATI
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 ____D C:\ATI
2012-11-27 22:08 - 2012-11-27 22:08 - 00000000 ____D C:\Users\ginee\Desktop\stret
2012-11-23 19:42 - 2012-11-23 19:42 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-23 17:28 - 2012-11-29 18:27 - 01426411 ____N C:\Users\ginee\AppData\Local\Tempmusic.ogg
2012-11-20 21:48 - 2012-11-20 21:51 - 00000039 ____A C:\Windows\spwdrp.INI
2012-11-20 21:48 - 2012-11-20 21:48 - 03397576 ____A (Stellar Information Systems Ltd ) C:\Users\ginee\Desktop\StellarPhoenixWindowsDataRecovery-Professional.exe
2012-11-20 21:48 - 2012-11-20 21:48 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
2012-11-20 21:48 - 2012-11-20 21:48 - 00000000 ____D C:\Log
2012-11-20 21:44 - 2012-11-20 21:44 - 02906880 ____A (Piriform Ltd) C:\Users\ginee\Desktop\rcsetup143.exe
2012-11-20 21:44 - 2012-11-20 21:44 - 00000000 ____D C:\Program Files\Recuva
2012-11-20 21:40 - 2012-11-20 21:40 - 00000000 ____D C:\Users\ginee\licman
2012-11-20 21:40 - 2012-11-20 21:40 - 00000000 ____D C:\Users\ginee\EREnt
2012-11-20 21:40 - 2012-11-20 21:40 - 00000000 ____D C:\Program Files (x86)\Kroll Ontrack
2012-11-20 21:37 - 2012-11-20 21:37 - 10744128 ____A (Kroll Ontrack Inc. ) C:\Users\ginee\Desktop\ER_WIN_ENT.exe
2012-11-20 21:34 - 2012-11-20 21:34 - 00000000 ____D C:\Program Files (x86)\Avira
2012-11-20 21:34 - 2012-11-20 21:34 - 00000000 ____A C:\Users\ginee\Desktop\1.ini
2012-11-20 21:33 - 2012-11-20 21:33 - 00412384 ____A C:\Users\ginee\Desktop\unerase_en_h.exe
2012-11-20 19:37 - 2012-11-20 19:37 - 00000000 ____D C:\Users\ginee\AppData\Local\Disk Savvy
2012-11-20 19:37 - 2012-11-20 19:37 - 00000000 ____D C:\Program Files (x86)\Disk Savvy
2012-11-20 19:36 - 2012-11-20 19:37 - 04871920 ____A C:\Users\ginee\Desktop\disksavvy_setup_v4.5.26.exe
2012-11-20 19:03 - 2012-11-25 15:01 - 00024190 ____H C:\Users\ginee\Documents\~WRL2812.tmp
2012-11-20 19:03 - 2012-11-21 21:54 - 00018738 ____H C:\Users\ginee\Documents\~WRL0003.tmp
2012-11-20 15:58 - 2006-07-26 20:34 - 00000000 ____D C:\Users\ginee\Desktop\
2012-11-19 23:21 - 2012-12-05 00:33 - 00000000 ____D C:\Users\ginee\AppData\Local\LogMeIn Hamachi
2012-11-19 23:19 - 2012-11-19 23:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-19 22:38 - 2012-11-19 22:39 - 00000000 ____D C:\Users\ginee\Desktop\Survivor
2012-11-19 19:51 - 2012-11-19 21:05 - 00000000 ____D C:\Users\ginee\D-Fend Reloaded
2012-11-19 19:51 - 2012-11-19 19:52 - 00000000 ____D C:\Program Files (x86)\D-Fend Reloaded
2012-11-18 23:20 - 2006-07-26 20:34 - 00000000 ____D C:\Users\ginee\Documents\
2012-11-14 21:45 - 2012-11-14 21:45 - 00000000 ____D C:\Program Files (x86)\iExplorer
2012-11-10 21:56 - 2012-11-10 22:17 - 340447518 ____A C:\Users\ginee\Desktop\57.avi
2012-11-07 18:18 - 2012-11-23 18:32 - 00000000 ____D C:\Program Files (x86)\Pando Networks

==================== One Month Modified Files and Folders =======

2012-12-05 00:42 - 2012-12-05 00:34 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-05 00:41 - 2012-12-05 00:41 - 00000400 ____A C:\Windows\System32\.crusader
2012-12-05 00:41 - 2012-12-05 00:34 - 00031048 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2012-12-05 00:39 - 2009-07-13 20:45 - 00014208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 00:39 - 2009-07-13 20:45 - 00014208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 00:37 - 2009-07-13 21:13 - 00717324 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-05 00:33 - 2012-11-19 23:21 - 00000000 ____D C:\Users\ginee\AppData\Local\LogMeIn Hamachi
2012-12-05 00:32 - 2012-07-03 02:16 - 00003718 ____A C:\Windows\PFRO.log
2012-12-05 00:32 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 00:32 - 2009-07-13 20:51 - 00024953 ____A C:\Windows\setupact.log
2012-12-04 23:58 - 2012-12-04 23:58 - 00000000 ____D C:\Users\ginee\AppData\Roaming\Malwarebytes
2012-12-04 23:58 - 2012-12-04 23:58 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-04 23:58 - 2012-12-04 23:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-04 23:53 - 2012-12-04 23:53 - 00003642 ____A C:\Users\ginee\Desktop\Rkill.txt
2012-12-04 23:53 - 2012-12-04 23:53 - 00000000 ____D C:\Users\ginee\Desktop\rkill
2012-12-04 23:50 - 2012-12-04 23:28 - 00009018 __ASH C:\Users\ginee\AppData\Local\6o4v7yr6ikfw18072u
2012-12-04 23:50 - 2012-12-04 23:28 - 00009018 __ASH C:\Users\All Users\6o4v7yr6ikfw18072u
2012-12-04 23:49 - 2012-10-26 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-04 23:34 - 2012-07-02 13:51 - 00000000 ____D C:\Users\ginee\Tracing
2012-12-04 23:31 - 2012-12-04 23:31 - 00078792 ____A C:\Windows\System32\Drivers\86be475de11f1da2.sys
2012-12-04 23:31 - 2012-07-02 10:22 - 01411839 ____A C:\Windows\WindowsUpdate.log
2012-12-04 23:30 - 2012-07-02 16:28 - 00000000 ____D C:\Users\ginee\AppData\Roaming\uTorrent
2012-12-04 23:30 - 2012-07-02 13:55 - 00000000 ____D C:\Users\ginee\AppData\Roaming\Skype
2012-12-04 22:46 - 2012-07-09 16:31 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1439454407-3333857761-1928369794-1000UA.job
2012-12-04 16:06 - 2012-12-04 16:06 - 00784592 ____A C:\Users\ginee\Desktop\meow.rar
2012-12-04 00:58 - 2012-07-09 16:31 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1439454407-3333857761-1928369794-1000Core.job
2012-12-01 20:36 - 2012-12-01 20:36 - 00000000 ____D C:\Users\ginee\AppData\Roaming\JAM Software
2012-12-01 20:35 - 2012-12-01 20:35 - 00000000 ____D C:\Program Files (x86)\JAM Software
2012-12-01 20:33 - 2012-12-01 20:33 - 03350608 ____A (JAM Software ) C:\Users\ginee\Desktop\TreeSizeFreeSetup.exe
2012-11-29 18:27 - 2012-11-23 17:28 - 01426411 ____N C:\Users\ginee\AppData\Local\Tempmusic.ogg
2012-11-29 17:43 - 2012-11-29 17:43 - 00000000 ____D C:\Users\ginee\AppData\Roaming\ATI
2012-11-29 17:43 - 2012-11-29 17:43 - 00000000 ____D C:\Users\ginee\AppData\Local\ATI
2012-11-29 17:43 - 2012-11-29 17:43 - 00000000 ____D C:\Users\All Users\ATI
2012-11-29 17:42 - 2012-11-29 17:35 - 00000000 ____D C:\Program Files (x86)\ATI
2012-11-29 17:38 - 2012-11-29 17:38 - 00000000 ____D C:\Program Files\ATI
2012-11-29 17:34 - 2012-11-29 17:34 - 00000000 ____D C:\ATI
2012-11-27 22:08 - 2012-11-27 22:08 - 00000000 ____D C:\Users\ginee\Desktop\stret
2012-11-25 15:01 - 2012-11-20 19:03 - 00024190 ____H C:\Users\ginee\Documents\~WRL2812.tmp
2012-11-25 00:09 - 2012-07-14 23:25 - 00000000 ____D C:\Users\ginee\Desktop\New folder
2012-11-23 19:42 - 2012-11-23 19:42 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-23 19:42 - 2012-07-02 13:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-23 19:42 - 2012-07-02 13:55 - 00000000 ____D C:\Users\All Users\Skype
2012-11-23 18:33 - 2012-10-06 11:43 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-11-23 18:32 - 2012-11-07 18:18 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-11-21 21:54 - 2012-11-20 19:03 - 00018738 ____H C:\Users\ginee\Documents\~WRL0003.tmp
2012-11-20 21:51 - 2012-11-20 21:48 - 00000039 ____A C:\Windows\spwdrp.INI
2012-11-20 21:48 - 2012-11-20 21:48 - 03397576 ____A (Stellar Information Systems Ltd ) C:\Users\ginee\Desktop\StellarPhoenixWindowsDataRecovery-Professional.exe
2012-11-20 21:48 - 2012-11-20 21:48 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
2012-11-20 21:48 - 2012-11-20 21:48 - 00000000 ____D C:\Log
2012-11-20 21:44 - 2012-11-20 21:44 - 02906880 ____A (Piriform Ltd) C:\Users\ginee\Desktop\rcsetup143.exe
2012-11-20 21:44 - 2012-11-20 21:44 - 00000000 ____D C:\Program Files\Recuva
2012-11-20 21:40 - 2012-11-20 21:40 - 00000000 ____D C:\Users\ginee\licman
2012-11-20 21:40 - 2012-11-20 21:40 - 00000000 ____D C:\Users\ginee\EREnt
2012-11-20 21:40 - 2012-11-20 21:40 - 00000000 ____D C:\Program Files (x86)\Kroll Ontrack
2012-11-20 21:40 - 2012-07-02 13:24 - 00000000 ____D C:\users\ginee
2012-11-20 21:37 - 2012-11-20 21:37 - 10744128 ____A (Kroll Ontrack Inc. ) C:\Users\ginee\Desktop\ER_WIN_ENT.exe
2012-11-20 21:34 - 2012-11-20 21:34 - 00000000 ____D C:\Program Files (x86)\Avira
2012-11-20 21:34 - 2012-11-20 21:34 - 00000000 ____A C:\Users\ginee\Desktop\1.ini
2012-11-20 21:33 - 2012-11-20 21:33 - 00412384 ____A C:\Users\ginee\Desktop\unerase_en_h.exe
2012-11-20 19:37 - 2012-11-20 19:37 - 00000000 ____D C:\Users\ginee\AppData\Local\Disk Savvy
2012-11-20 19:37 - 2012-11-20 19:37 - 00000000 ____D C:\Program Files (x86)\Disk Savvy
2012-11-20 19:37 - 2012-11-20 19:36 - 04871920 ____A C:\Users\ginee\Desktop\disksavvy_setup_v4.5.26.exe
2012-11-19 23:19 - 2012-11-19 23:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-19 22:39 - 2012-11-19 22:38 - 00000000 ____D C:\Users\ginee\Desktop\Survivor
2012-11-19 21:05 - 2012-11-19 19:51 - 00000000 ____D C:\Users\ginee\D-Fend Reloaded
2012-11-19 19:52 - 2012-11-19 19:51 - 00000000 ____D C:\Program Files (x86)\D-Fend Reloaded
2012-11-14 21:45 - 2012-11-14 21:45 - 00000000 ____D C:\Program Files (x86)\iExplorer
2012-11-14 21:19 - 2012-07-02 14:08 - 00000000 ____D C:\Users\ginee\AppData\Roaming\Apple Computer
2012-11-10 22:17 - 2012-11-10 21:56 - 340447518 ____A C:\Users\ginee\Desktop\57_ellen.2012.02.15.ellen.pompeo.pdtv.tellymad_ffe23.avi
2012-11-08 22:55 - 2012-07-02 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-08 16:31 - 2012-07-02 14:06 - 00000000 ____D C:\Users\ginee\Documents\My Received Files


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 2942.49 MB
Available physical RAM: 2453.39 MB
Total Pagefile: 2940.64 MB
Available Pagefile: 2433.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

2 Drive c: (System Reserved) (Fixed) (Total:40 GB) (Free:12.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (Media) (Fixed) (Total:425.76 GB) (Free:343.54 GB) NTFS
4 Drive e: (Window Seven) (CDROM) (Total:3.14 GB) (Free:0 GB) UDF
5 Drive f: (KINGSTON) (Removable) (Total:3.65 GB) (Free:0.17 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 40 GB 1024 KB
Partition 2 Primary 425 GB 40 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System Rese NTFS Partition 40 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Media NTFS Partition 425 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3741 MB Healthy

=========================================================

Last Boot: 2012-11-25 02:39

==================== End Of Log =============================






I'm completely lost as to how I should approach this...

Any help with this is appreciated, thanks!

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 05 December 2012 - 07:25 AM

Hello hikkari and welcome to the forum.

We will remove the infection, boot normally and bring the system back to full functionality. Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
0 86be475de11f1da2; C:\Windows\System32\Drivers\86be475de11f1da2.sys [78792 2012-12-04] () ATTENTION =====> Rootkit?
C:\Windows\System32\Drivers\86be475de11f1da2.sys
2012-12-04 23:31 - 2012-12-04 23:31 - 00078792 ____A C:\Windows\System32\Drivers\86be475de11f1da2.sys
2012-12-04 23:28 - 2012-12-04 23:50 - 00009018 __ASH C:\Users\ginee\AppData\Local\6o4v7yr6ikfw18072u
2012-12-04 23:28 - 2012-12-04 23:50 - 00009018 __ASH C:\Users\All Users\6o4v7yr6ikfw18072u
end

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#3 hikkari

hikkari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 05 December 2012 - 03:10 PM

I did exactly what you said, here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-05 12:07:22 Run:1
Running from F:\

==============================================

86be475de11f1da2 service deleted successfully.
C:\Windows\System32\Drivers\86be475de11f1da2.sys moved successfully.
C:\Windows\System32\Drivers\86be475de11f1da2.sys not found.
C:\Users\ginee\AppData\Local\6o4v7yr6ikfw18072u moved successfully.
C:\Users\All Users\6o4v7yr6ikfw18072u moved successfully.

==== End of Fixlog ====


I proceeded to restart afterwards and it actually booted up! Is there anything else I should do at this point? Thank you

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 05 December 2012 - 04:18 PM

Great. :thumbup2:

We need to check a few things.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#5 hikkari

hikkari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 05 December 2012 - 04:55 PM

I ran Malwares bytes successfully and then proceeded to run the Farbar scanner and got this:

FSS.txt

Farbar Service Scanner Version: 04-12-2012
Ran by ginee (administrator) on 05-12-2012 at 13:42:06
Running from "C:\Users\ginee\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll
[2009-07-13 16:09] - [2009-07-13 17:41] - 0565760 ____A (Microsoft Corporation) F8E058D17363EC580E4B7232778B6CB5

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Then minitoolbox gave me:



MiniToolBox by Farbar Version: 25-11-2012
Ran by ginee (administrator) on 05-12-2012 at 13:51:20
Running from "C:\Users\ginee\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/04/2012 11:43:50 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription

Error: (12/01/2012 08:19:34 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1179648 (0x0000000000120000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 08:19:34 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1179648 (0x0000000000120000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 08:19:34 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1179648 (0x0000000000120000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 08:18:58 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1179648 (0x0000000000120000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 07:52:52 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1572864 (0x0000000000180000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 07:51:34 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1572864 (0x0000000000180000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 07:36:54 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1966080 (0x00000000001e0000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 07:35:02 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 1966080 (0x00000000001e0000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/01/2012 07:20:34 PM) (Source: ESENT) (User: )
Description: wlcomm (4676) C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\: An attempt to write to the file "C:\Users\ginee\AppData\Local\Microsoft\Windows Live Contacts\{7bc73c14-b500-43f1-9a0f-704cfeff4ad4}\DBStore\LogFiles\edbres0000A.jrs" at offset 2359296 (0x0000000000240000) for 393216 (0x00060000) bytes failed after wlcomm0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.


System errors:
=============
Error: (12/05/2012 00:08:13 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (12/05/2012 00:32:53 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (12/05/2012 00:32:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x8007001f

Error description: A device attached to the system is not functioning.

Reason: %%837

Error: (12/05/2012 00:32:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%834

Error Code: 0x8007001f

Error description: A device attached to the system is not functioning.

Reason: %%837

Error: (12/05/2012 00:32:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x8007001f

Error description: A device attached to the system is not functioning.

Reason: %%842

Error: (12/05/2012 00:32:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%834

Error Code: 0x8007001f

Error description: A device attached to the system is not functioning.

Reason: %%842

Error: (12/04/2012 11:47:15 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (12/04/2012 11:47:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/04/2012 11:47:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/04/2012 11:47:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-12-04 23:29:44.828
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\1ae23d5a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-04 23:29:44.765
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\1ae23d5a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Ad-Aware Antivirus (Version: 10.3.45.3935)
Ad-Aware Browsing Protection (Version: 1.0.1.41)
Adobe AIR (Version: 3.4.0.2710)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Aegisub 3.0.2 (Version: 3.0.2)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.715.0)
µTorrent (Version: 3.1.3)
Avira UnErase Personal
Bamboo (Version: 5.2.5-5)
Bonjour (Version: 3.0.0.10)
Canon MP Navigator EX 4.0
CanoScan LiDE 110 Scanner Driver
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility64 (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
Cool Edit Pro 2.1
D-Fend Reloaded 1.3.2 (deinstall) (Version: 1.3.2)
Disk Savvy 4.5.26 (Version: 4.5.26)
Doomi (Version: 3.3)
Dropbox (Version: 1.4.9)
Free Screen Video Capture by Topviewsoft 4.1.7
Google Talk Plugin (Version: 3.10.2.10212)
iExplorer 3.2.0.1
iTunes (Version: 10.6.3.25)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Logitech Unifying Software 2.00 (Version: 2.00.43)
LogMeIn Hamachi (Version: 2.1.0.284)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Messenger Plus! Live (Version: 4.90.0.392)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
mIRC (Version: 7.25)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 14.0.1468.721)
Ontrack EasyRecovery Enterprise (Version: 10.0.5.6)
PaintTool SAI Ver.1
Recuva (Version: 1.43)
Skins (Version: 2010.0210.2339.42455)
Skype™ 6.0 (Version: 6.0.126)
SMPlayer 0.8.0 (Version: 0.8.0)
Stellar Phoenix Windows Data Recovery - Professional (Version: 5.0.0.0)
The KMPlayer (remove only)
TreeSize Free V2.7 (Version: 2.7)
VLC media player 2.0.1 (Version: 2.0.1)
WBFS Manager 3.0 (Version: 3.0)
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Movie Maker (Version: 6.0.6002.18005)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Zip Motion Block Video codec (Remove Only)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


**** End of log ****

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 05 December 2012 - 05:09 PM

  • You may download both x32 and x64 versions of Java from http://www.java.com/en/download/manual.jsp

    Uninstall the following older Java:

    Java 7 Update 6

    Then install the downloaded Java versions.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  • Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.


#7 hikkari

hikkari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 06 December 2012 - 03:13 PM

Done and done!

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 11:50:27
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : ginee - GINEEPC
# Boot Mode : Normal
# Running from : C:\Users\ginee\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\blekko toolbars

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [769 octets] - [06/12/2012 11:50:27]

########## EOF - C:\AdwCleaner[S1].txt - [828 octets] ##########

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 06 December 2012 - 03:19 PM

Let's have a final check.

  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click Run Scan button.
    • Two reports will open:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Copy and paste OTL.txt to your reply, we don't need the Extra.txt.
  • Also tell me how is the computer running.


#9 hikkari

hikkari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 07 December 2012 - 05:45 AM

Actually, my computer is running pretty slow. Response time in general is slow; it takes a few seconds sometimes to maximize a window, open a file, etc. The cursor just keeps loading and loading...

Flash sites that used to be no problem for my computer are now also incredibly laggy to the point where I can't go on them anymore without getting frustrated. It even lags as I type (lagging right now as we speak)

I'm not sure what's wrong, it didn't use to be like this

but here is the OTL.txt:

OTL logfile created on: 06/12/2012 12:31:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ginee\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 52.62% Memory free
5.75 Gb Paging File | 4.04 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40.00 Gb Total Space | 13.55 Gb Free Space | 33.88% Space Free | Partition Type: NTFS
Drive D: | 3.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 425.76 Gb Total Space | 343.54 Gb Free Space | 80.69% Space Free | Partition Type: NTFS

Computer Name: GINEEPC | User Name: ginee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/06 12:30:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ginee\Desktop\OTL.exe
PRC - [2012/12/05 12:33:13 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/10/26 12:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\ginee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/10/18 13:49:23 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/20 14:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 14:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/08/08 00:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/06/28 07:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2009/07/13 17:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 12:32:49 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/18 13:49:22 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2006/08/24 12:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Messenger Plus! Live\Detoured.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 17:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 17:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/08 16:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 16:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/02/10 21:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/05 12:33:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/20 14:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/05 00:41:42 | 000,031,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/20 19:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/12/19 11:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 05:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 13:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/08 16:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 16:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/02/10 23:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 12 B6 DB BB D2 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledAddons: rikaichan-jpen@polarcloud.com:2.01.120729
FF - prefs.js..extensions.enabledAddons: {F632A5EA-F825-4AE7-94B5-233CFBA9F423}:0.3.7.9
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2f17f610-5e97-4fed-828f-9940b7b577a4}:16.0.1
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\ginee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\ginee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ginee\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ginee\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 12:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 12:32:42 | 000,000,000 | ---D | M]

[2012/07/02 13:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Extensions
[2012/12/04 23:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions
[2012/10/18 13:26:03 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/11/08 22:57:13 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2012/10/06 11:43:18 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/09/27 18:35:55 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\rikaichan-jpen@polarcloud.com
[2012/11/19 23:44:02 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/12/04 23:35:15 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/11/04 02:10:53 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/11/23 21:43:48 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/04 01:56:07 | 000,091,646 | ---- | M] () (No name found) -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\extensions\{F632A5EA-F825-4AE7-94B5-233CFBA9F423}.xpi
[2012/07/02 13:47:33 | 000,002,057 | ---- | M] () -- C:\Users\ginee\AppData\Roaming\Mozilla\Firefox\Profiles\xy5y9cpx.default\searchplugins\youtube-video-search.xml
[2012/12/05 12:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 12:33:13 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 07:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/09/15 19:00:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/17 19:00:36 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Messenger Plus! Live\PlusService.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\ginee\Downloads\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\ginee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E08E7A40-E9CD-43F7-906D-181201904D26}: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29B703A-0925-45A9-994A-55C1898D7E7A}: DhcpNameServer = 64.71.255.198 64.71.255.253
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 12:30:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ginee\Desktop\OTL.exe
[2012/12/06 12:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2012/12/06 02:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/06 02:06:46 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/12/06 02:06:46 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/12/06 02:06:46 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/12/06 02:06:37 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/12/06 02:06:37 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/12/06 02:06:36 | 004,167,720 | ---- | C] (Piriform Ltd) -- C:\Users\ginee\Desktop\ccsetup325.exe
[2012/12/06 02:06:36 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/12/06 02:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/06 01:36:51 | 032,699,368 | ---- | C] (Oracle Corporation) -- C:\Users\ginee\Desktop\jre-7u9-windows-x64.exe
[2012/12/05 13:50:44 | 000,752,213 | ---- | C] (Farbar) -- C:\Users\ginee\Desktop\MiniToolBox.exe
[2012/12/05 13:41:35 | 000,696,153 | ---- | C] (Farbar) -- C:\Users\ginee\Desktop\FSS.exe
[2012/12/05 13:31:39 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ginee\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/05 12:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/05 12:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/12/05 12:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/12/05 12:55:05 | 013,085,120 | ---- | C] (Microsoft Corporation) -- C:\Users\ginee\Desktop\Silverlight_x64.exe
[2012/12/05 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/05 01:23:29 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/05 00:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/12/04 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Roaming\Malwarebytes
[2012/12/04 23:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/04 23:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/04 23:58:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/04 23:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/04 23:53:36 | 000,000,000 | ---D | C] -- C:\Users\ginee\Desktop\rkill
[2012/12/01 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Roaming\JAM Software
[2012/12/01 20:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2012/12/01 20:33:39 | 003,350,608 | ---- | C] (JAM Software ) -- C:\Users\ginee\Desktop\TreeSizeFreeSetup.exe
[2012/11/29 17:43:31 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Roaming\ATI
[2012/11/29 17:43:31 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Local\ATI
[2012/11/29 17:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/29 17:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/11/29 17:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/29 17:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2012/11/29 17:34:14 | 000,000,000 | ---D | C] -- C:\ATI
[2012/11/27 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\ginee\Desktop\stret
[2012/11/23 19:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/23 19:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/20 21:48:53 | 000,000,000 | ---D | C] -- C:\Log
[2012/11/20 21:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/20 21:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery - Professional
[2012/11/20 21:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
[2012/11/20 21:48:03 | 003,397,576 | ---- | C] (Stellar Information Systems Ltd ) -- C:\Users\ginee\Desktop\StellarPhoenixWindowsDataRecovery-Professional.exe
[2012/11/20 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/20 21:44:27 | 002,906,880 | ---- | C] (Piriform Ltd) -- C:\Users\ginee\Desktop\rcsetup143.exe
[2012/11/20 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\ginee\licman
[2012/11/20 21:40:21 | 000,000,000 | ---D | C] -- C:\Users\ginee\EREnt
[2012/11/20 21:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ontrack EasyRecovery Enterprise
[2012/11/20 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kroll Ontrack
[2012/11/20 21:37:25 | 010,744,128 | ---- | C] (Kroll Ontrack Inc. ) -- C:\Users\ginee\Desktop\ER_WIN_ENT.exe
[2012/11/20 21:34:02 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira UnErase Personal
[2012/11/20 21:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira UnErase Personal
[2012/11/20 21:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/11/20 19:37:19 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Local\Disk Savvy
[2012/11/20 19:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Savvy
[2012/11/20 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disk Savvy
[2012/11/20 15:58:12 | 000,000,000 | ---D | C] -- C:\Users\ginee\Desktop\Dinopark Tycoon
[2012/11/19 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\ginee\AppData\Local\LogMeIn Hamachi
[2012/11/19 23:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/19 23:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/19 22:38:50 | 000,000,000 | ---D | C] -- C:\Users\ginee\Desktop\Survivor
[2012/11/19 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2012/11/19 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\ginee\D-Fend Reloaded
[2012/11/19 19:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D-Fend Reloaded
[2012/11/18 23:20:00 | 000,000,000 | ---D | C] -- C:\Users\ginee\Documents\Dinopark Tycoon
[2012/11/14 21:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2012/11/14 21:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2012/11/07 18:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2 C:\Users\ginee\Documents\*.tmp files -> C:\Users\ginee\Documents\*.tmp -> ]
[1 C:\Users\ginee\Desktop\*.tmp files -> C:\Users\ginee\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\ginee\Desktop\;_ylt=AvkuuzzAMPDp8G9e1wQkr69r.Bd.
[2012/12/06 12:30:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ginee\Desktop\OTL.exe
[2012/12/06 12:26:49 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 12:26:49 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 12:18:48 | 000,002,107 | ---- | M] () -- C:\Users\ginee\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/06 12:18:48 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/12/06 12:18:33 | 003,354,896 | ---- | M] () -- C:\Users\ginee\Desktop\advisorinstaller.exe
[2012/12/06 12:15:33 | 000,717,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/06 12:15:33 | 000,621,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/06 12:15:33 | 000,108,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/06 12:11:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/06 12:11:07 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/06 11:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1439454407-3333857761-1928369794-1000UA.job
[2012/12/06 02:09:04 | 000,540,743 | ---- | M] () -- C:\Users\ginee\Desktop\adwcleaner.exe
[2012/12/06 02:06:53 | 004,167,720 | ---- | M] (Piriform Ltd) -- C:\Users\ginee\Desktop\ccsetup325.exe
[2012/12/06 02:06:26 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/12/06 02:06:21 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/12/06 02:06:21 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/12/06 02:06:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/12/06 02:06:19 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/12/06 02:06:19 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/12/06 01:37:42 | 032,699,368 | ---- | M] (Oracle Corporation) -- C:\Users\ginee\Desktop\jre-7u9-windows-x64.exe
[2012/12/06 00:46:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1439454407-3333857761-1928369794-1000Core.job
[2012/12/05 13:50:58 | 000,752,213 | ---- | M] (Farbar) -- C:\Users\ginee\Desktop\MiniToolBox.exe
[2012/12/05 13:41:49 | 000,696,153 | ---- | M] (Farbar) -- C:\Users\ginee\Desktop\FSS.exe
[2012/12/05 13:34:01 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 13:31:58 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ginee\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/05 12:55:31 | 013,085,120 | ---- | M] (Microsoft Corporation) -- C:\Users\ginee\Desktop\Silverlight_x64.exe
[2012/12/05 00:41:42 | 000,031,048 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2012/12/05 00:41:42 | 000,000,400 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/12/04 18:13:13 | 000,033,074 | ---- | M] () -- C:\Users\ginee\Desktop\iPhone Image E3EAC8.jpg
[2012/12/04 18:12:49 | 000,031,918 | ---- | M] () -- C:\Users\ginee\Desktop\iPhone Image E3EAC1.jpg
[2012/12/04 18:12:45 | 000,033,654 | ---- | M] () -- C:\Users\ginee\Desktop\iPhone Image E3EABB.jpg
[2012/12/04 18:12:41 | 000,033,638 | ---- | M] () -- C:\Users\ginee\Desktop\iPhone Image E3EAB5.jpg
[2012/12/04 16:06:17 | 000,784,592 | ---- | M] () -- C:\Users\ginee\Desktop\meow.rar
[2012/12/04 01:43:38 | 000,633,893 | ---- | M] () -- C:\Users\ginee\Desktop\20121204_013638.jpg
[2012/12/04 01:30:27 | 000,179,181 | ---- | M] () -- C:\Users\ginee\Desktop\a.jpg
[2012/12/04 01:29:46 | 000,167,376 | ---- | M] () -- C:\Users\ginee\Desktop\ali.jpg
[2012/12/03 02:07:58 | 000,160,332 | ---- | M] () -- C:\Users\ginee\Desktop\life.jpg
[2012/12/01 20:33:48 | 003,350,608 | ---- | M] (JAM Software ) -- C:\Users\ginee\Desktop\TreeSizeFreeSetup.exe
[2012/12/01 08:45:06 | 005,185,943 | ---- | M] () -- C:\Users\ginee\Desktop\aisanai.mp3
[2012/11/29 18:27:39 | 001,426,411 | ---- | M] () -- C:\Users\ginee\AppData\Local\Tempmusic.ogg
[2012/11/23 19:42:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/20 21:51:44 | 000,000,039 | ---- | M] () -- C:\Windows\spwdrp.INI
[2012/11/20 21:48:12 | 003,397,576 | ---- | M] (Stellar Information Systems Ltd ) -- C:\Users\ginee\Desktop\StellarPhoenixWindowsDataRecovery-Professional.exe
[2012/11/20 21:44:37 | 002,906,880 | ---- | M] (Piriform Ltd) -- C:\Users\ginee\Desktop\rcsetup143.exe
[2012/11/20 21:37:53 | 010,744,128 | ---- | M] (Kroll Ontrack Inc. ) -- C:\Users\ginee\Desktop\ER_WIN_ENT.exe
[2012/11/20 21:34:01 | 000,000,000 | ---- | M] () -- C:\Users\ginee\Desktop\1.ini
[2012/11/20 21:33:32 | 000,412,384 | ---- | M] () -- C:\Users\ginee\Desktop\unerase_en_h.exe
[2012/11/20 19:37:01 | 004,871,920 | ---- | M] () -- C:\Users\ginee\Desktop\disksavvy_setup_v4.5.26.exe
[2012/11/12 19:30:13 | 000,663,439 | ---- | M] () -- C:\Users\ginee\Desktop\kelvee.PNG
[2012/11/10 22:17:20 | 340,447,518 | ---- | M] () -- C:\Users\ginee\Desktop\57_ellen.2012.02.15.ellen.pompeo.pdtv.tellymad_ffe23.avi
[2 C:\Users\ginee\Documents\*.tmp files -> C:\Users\ginee\Documents\*.tmp -> ]
[1 C:\Users\ginee\Desktop\*.tmp files -> C:\Users\ginee\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Users\ginee\Desktop\;_ylt=AvkuuzzAMPDp8G9e1wQkr69r.Bd.
[2012/12/06 12:18:48 | 000,002,107 | ---- | C] () -- C:\Users\ginee\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/12/06 12:18:48 | 000,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/12/06 12:18:48 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/12/06 12:18:00 | 003,354,896 | ---- | C] () -- C:\Users\ginee\Desktop\advisorinstaller.exe
[2012/12/06 02:08:25 | 000,540,743 | ---- | C] () -- C:\Users\ginee\Desktop\adwcleaner.exe
[2012/12/05 13:34:01 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 00:41:42 | 000,000,400 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/12/05 00:34:37 | 000,031,048 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2012/12/04 18:13:12 | 000,033,074 | ---- | C] () -- C:\Users\ginee\Desktop\iPhone Image E3EAC8.jpg
[2012/12/04 18:12:48 | 000,031,918 | ---- | C] () -- C:\Users\ginee\Desktop\iPhone Image E3EAC1.jpg
[2012/12/04 18:12:44 | 000,033,654 | ---- | C] () -- C:\Users\ginee\Desktop\iPhone Image E3EABB.jpg
[2012/12/04 18:12:38 | 000,033,638 | ---- | C] () -- C:\Users\ginee\Desktop\iPhone Image E3EAB5.jpg
[2012/12/04 16:06:17 | 000,784,592 | ---- | C] () -- C:\Users\ginee\Desktop\meow.rar
[2012/12/04 01:42:31 | 000,633,893 | ---- | C] () -- C:\Users\ginee\Desktop\20121204_013638.jpg
[2012/12/04 01:30:26 | 000,179,181 | ---- | C] () -- C:\Users\ginee\Desktop\a.jpg
[2012/12/04 01:29:44 | 000,167,376 | ---- | C] () -- C:\Users\ginee\Desktop\ali.jpg
[2012/12/03 02:07:56 | 000,160,332 | ---- | C] () -- C:\Users\ginee\Desktop\life.jpg
[2012/12/01 08:44:47 | 005,185,943 | ---- | C] () -- C:\Users\ginee\Desktop\aisanai.mp3
[2012/11/23 19:42:01 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/23 17:28:50 | 001,426,411 | ---- | C] () -- C:\Users\ginee\AppData\Local\Tempmusic.ogg
[2012/11/20 21:48:53 | 000,000,039 | ---- | C] () -- C:\Windows\spwdrp.INI
[2012/11/20 21:34:01 | 000,000,000 | ---- | C] () -- C:\Users\ginee\Desktop\1.ini
[2012/11/20 21:33:29 | 000,412,384 | ---- | C] () -- C:\Users\ginee\Desktop\unerase_en_h.exe
[2012/11/20 19:36:52 | 004,871,920 | ---- | C] () -- C:\Users\ginee\Desktop\disksavvy_setup_v4.5.26.exe
[2012/11/12 19:30:11 | 000,663,439 | ---- | C] () -- C:\Users\ginee\Desktop\kelvee.PNG
[2012/11/10 21:56:48 | 340,447,518 | ---- | C] () -- C:\Users\ginee\Desktop\57_ellen.2012.02.15.ellen.pompeo.pdtv.tellymad_ffe23.avi
[2012/10/31 21:21:31 | 000,002,298 | ---- | C] () -- C:\Users\ginee\AppData\Roaming\ASSDraw3.cfg
[2012/07/03 11:42:19 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012/07/02 14:17:27 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/02 10:20:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/09/07 10:36:58 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/07 10:36:58 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/11/29 20:52:18 | 000,571,857 | ---- | M] ()(C:\Users\ginee\Desktop\????.jpg) -- C:\Users\ginee\Desktop\またたき.jpg
[2012/11/29 20:43:42 | 000,571,857 | ---- | C] ()(C:\Users\ginee\Desktop\????.jpg) -- C:\Users\ginee\Desktop\またたき.jpg
[2012/07/04 14:31:24 | 000,011,957 | ---- | M] ()(C:\Users\ginee\Documents\??????????.docx) -- C:\Users\ginee\Documents\本当に手紙を書くこと.docx
[2012/07/04 14:31:23 | 000,011,957 | ---- | C] ()(C:\Users\ginee\Documents\??????????.docx) -- C:\Users\ginee\Documents\本当に手紙を書くこと.docx

< End of report >

Edited by hikkari, 07 December 2012 - 05:48 AM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 07 December 2012 - 06:28 AM

Thanks for the detailed feedback.

The log looks clean.

Let's do some maintenance and see if the improves.

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove Ad-Aware Antivirus and
    Ad-Aware Browsing Protection.
  • You may download both x32 and x64 versions of Java from http://www.java.com/en/download/manual.jsp

    Uninstall the following older Java:

    Java 7 Update 6

    Then install both the downloaded Java versions.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  • Run command Prompt as Administrator. To do that:
    Go to Start and type cmd.exe in the Search box.
    It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    Copy the following command, right-click in the open Command prompt window and select Paste:

    sfc /scannow

    Press Enter. Wait until the scan is done.
  • The next post we will check the whole system. Please let me know if you see any change in the performance.


#11 hikkari

hikkari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 07 December 2012 - 03:31 PM

Okay I did what you said and as for the scan, and I think it came out clean ("Windows Resource Protection did not find any integrity violations")
I restarted my computer but it still feels like it responses very slow.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 07 December 2012 - 05:51 PM

  • Please download Attached File  fix.reg   404bytes   5 downloads
    Double-click it and confirm the prompt to allow to merge.
  • Defragment your hard drive:
    • Go to start. Select All Programs.
    • Click Accessories then System Tools.
    • Click Disk Defragmenter.
    • Select derive C and click Defragment disk. Wait until it is done, it might take a while.
  • Please follow the instruction on How to use CHKDSK and use the graphical method to schedule a scan. Restart and let the scan to be run fully.

Please tell me if it made any difference.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:56 PM

Posted 13 December 2012 - 02:23 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users