My friend has asked me to havea look at her laptop as whenever it boots its comes up with the Metropolitan Police Warning screen and is looking for her to pay £100, I have tried to boot in safe mode however it ends up with a white screen and I'm unable to do anything with it, the laptop is running Windows 7, would someone be able to give me some assistance with this ?
Metropolitan Police Warning [Solved]
Started by
Steviep
, Nov 21 2012 09:30 AM
#1
Posted 21 November 2012 - 09:30 AM
My friend has asked me to havea look at her laptop as whenever it boots its comes up with the Metropolitan Police Warning screen and is looking for her to pay £100, I have tried to boot in safe mode however it ends up with a white screen and I'm unable to do anything with it, the laptop is running Windows 7, would someone be able to give me some assistance with this ?
#2
Posted 21 November 2012 - 09:34 AM
Hi do you have a USB drive handy ?
Download the following three programmes to your desktop :
Please select the right 32/64 bit programmes for your system
1. WiNTBootIc
2. Windows 7 64bit RC
2. Windows 7 32bit RC
3. Farbar Recovery Scan Tool 64 bit
3. Farbar Recovery Scan Tool 32 bit
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
It will let you know when it is done
Then copy FRST to the same USB
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7. Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Download the following three programmes to your desktop :
Please select the right 32/64 bit programmes for your system
1. WiNTBootIc
2. Windows 7 64bit RC
2. Windows 7 32bit RC
3. Farbar Recovery Scan Tool 64 bit
3. Farbar Recovery Scan Tool 32 bit
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
It will let you know when it is done
Then copy FRST to the same USB
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7. Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
#3
Posted 21 November 2012 - 10:10 AM
Hi thanks for quick reply, I dont have a flash drive could I download the programs onto my desktop and then burn to a cd? also my PC runs XP and the laptop with the problem is running Windows 7 so how do I decide which Win7 I use?
#4
Posted 21 November 2012 - 10:25 AM
Hi again, I've a 2g SD card could I use that?
#5
Posted 21 November 2012 - 11:48 AM
Yes that should do, and the system that you download the programmes to is of no consequence
A cd would also work just as well
A cd would also work just as well
#6
Posted 21 November 2012 - 11:54 AM
how can i find out if 32 or 64 bit . ps I'll get a flash drive on way home
#7
Posted 21 November 2012 - 11:59 AM
Does the computer have a sticker on it for the processor (laptops usually do ) saying AMD64 or Intel 64. If it is fairly new then I would suppose it to be 64 bit
#8
Posted 21 November 2012 - 01:43 PM
No sticker I'm afraid but in set up(f2) says CPU is a pentium Dual Core CPU T4 2.2GHz, total memory 4096mb, laptop was bought in 2010 and is running Min7 home premium
#9
Posted 21 November 2012 - 01:50 PM
OK that is 64bit
#10
Posted 21 November 2012 - 02:05 PM
Thanks again, I've got the utilities on the flash drive however the battery has gone on the laptop and she has forgotten to give me the charger so unfortunately it will be around this time tomorrow before I can run the programs. Thanks in the meantime
#11
Posted 21 November 2012 - 02:09 PM
No problem, these things are sent to try you
#12
Posted 22 November 2012 - 11:06 AM
Hi when I try to select operating system and press next I'm getting a system recovery options error - it says this version of system recovery options is not compatible with the version of windows you are trying to repair.
Could it be hat I should use the 32bit version?
Could it be hat I should use the 32bit version?
#13
Posted 22 November 2012 - 12:03 PM
Yes go for the 32bit sorry about that
#14
Posted 22 November 2012 - 12:50 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2012
Ran by SYSTEM at 22-11-2012 18:37:29
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [142120 2010-03-25] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2010-07-05] (Sun Microsystems, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-18] ()
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKU\Ants\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ants\...\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h [3670528 2011-08-16] (Lime PRO LLC)
HKU\Ants\...\Run: [Facebook Update] "C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Ants\...\Winlogon: [Shell] explorer.exe,C:\Users\Ants\AppData\Roaming\msconfig.dat [68455 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
AppInit_DLLs: avgrsstx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ants\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
==================== Services (Whitelisted) ===================
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg9wd; "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [308136 2010-06-22] (AVG Technologies CZ, s.r.o.)
2 avgfws9; "C:\Program Files\AVG\AVG9\avgfws9.exe" [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-06-22] (AVG Technologies CZ, s.r.o.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.1.0.28\diMaster.dll" /prefetch:1 [303544 2011-08-11] (Symantec Corporation)
2 OberonGameConsoleService; "C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe" [44312 2009-08-13] ()
2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
2 WajamUpdater; "C:\Program Files\Wajam\Updater\WajamUpdater.exe" [109064 2012-10-05] (Wajam)
==================== Drivers (Whitelisted) ====================
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [24856 2010-03-30] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [122448 2010-06-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7x; C:\Windows\System32\Drivers\AVGIDSwx.sys [25168 2010-06-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [30288 2010-06-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShimw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [20560 2010-06-22] (AVG Technologies CZ, s.r.o. )
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-06-22] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)
0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-03-30] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\windows\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [995488 2012-08-10] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-15] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys [386208 2012-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS [92704 2012-08-21] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS [1601184 2012-08-21] (Symantec Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2010-12-02] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2010-12-02] (Nokia)
3 SRTSP; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS [566904 2011-08-02] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS [31864 2011-08-02] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1301000.01C\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1301000.01C\SYMEFA.SYS [897656 2011-07-28] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS [127096 2012-07-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [149624 2011-07-25] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\NIS\1301000.01C\SYMNETS.SYS [314488 2011-07-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2012-11-22 18:37 - 2012-11-22 18:37 - 00000000 ____D C:\FRST
2012-11-21 11:51 - 2012-11-21 11:52 - 00007605 ____A C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
2012-11-21 11:32 - 2012-11-21 11:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
2012-11-21 11:25 - 2012-11-21 11:25 - 00000000 ____D C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
2012-11-19 04:00 - 2012-05-31 04:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-18 19:31 - 2012-11-18 19:31 - 00003472 ____N C:\bootsqm.dat
2012-11-18 19:30 - 2012-11-18 19:30 - 00000000 __SHD C:\found.000
2012-11-18 18:30 - 2012-11-18 18:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
2012-11-18 12:32 - 2012-11-22 08:57 - 00000047 ____A C:\Users\Ants\AppData\Roaming\msconfig.ini
2012-11-18 12:32 - 2012-11-18 12:32 - 00068455 ____A C:\Users\Ants\0.7128933779996827.exe
2012-11-18 05:38 - 2012-11-18 05:39 - 00000000 ____D C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
2012-11-17 04:49 - 2012-11-17 04:49 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
2012-11-16 17:01 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-16 17:01 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-16 17:01 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-16 17:01 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 16:59 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-16 16:59 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 16:59 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-16 16:59 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-16 16:59 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 16:58 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 16:58 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 16:58 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 16:58 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 16:58 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 16:58 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 16:58 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 16:58 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 16:58 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 16:58 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 16:58 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 16:58 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 16:58 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 16:58 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 16:58 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 16:58 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-16 07:39 - 2012-10-18 09:57 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 07:39 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 07:31 - 2012-11-16 07:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
2012-11-15 07:12 - 2012-11-15 07:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
2012-11-13 08:07 - 2012-11-13 08:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
2012-11-12 06:13 - 2012-11-12 06:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
2012-11-11 04:56 - 2012-11-11 04:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
2012-11-10 16:10 - 2012-11-10 16:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
2012-11-10 04:10 - 2012-11-10 04:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
2012-11-09 07:52 - 2012-11-09 07:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
2012-11-08 12:44 - 2012-11-08 12:44 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 07:19 - 2012-11-08 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
2012-11-07 08:32 - 2012-11-07 08:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
2012-11-06 08:41 - 2012-11-06 08:41 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
2012-11-05 08:08 - 2012-11-05 08:08 - 00000000 ____D C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
2012-11-04 04:07 - 2012-11-04 04:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
2012-11-03 04:05 - 2012-11-03 04:05 - 00000000 ____D C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
2012-11-02 07:20 - 2012-11-02 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
2012-11-01 07:40 - 2012-11-01 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
2012-10-31 10:20 - 2012-10-31 10:21 - 00000000 ____D C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
2012-10-30 08:22 - 2012-10-30 08:22 - 00000000 ____D C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
2012-10-29 08:02 - 2012-10-29 08:03 - 00000000 ____D C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
2012-10-28 09:35 - 2012-10-28 09:35 - 00000000 ____D C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
2012-10-27 00:58 - 2012-10-27 00:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
2012-10-26 06:11 - 2012-10-26 06:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
2012-10-25 06:43 - 2012-10-25 06:43 - 00000000 ____D C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
2012-10-24 05:53 - 2012-10-24 05:53 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}
2012-10-23 07:09 - 2012-10-23 07:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A08F7D30-9950-435B-AA3D-C3CFC331F5F1}
==================== One Month Modified Files and Folders ========
2012-11-22 08:57 - 2012-11-18 12:32 - 00000047 ____A C:\Users\Ants\AppData\Roaming\msconfig.ini
2012-11-22 08:57 - 2010-03-30 14:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-22 08:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-22 08:55 - 2009-07-13 20:39 - 00162530 ____A C:\Windows\setupact.log
2012-11-22 08:44 - 2009-09-16 22:44 - 01194191 ____A C:\Windows\WindowsUpdate.log
2012-11-22 08:43 - 2012-10-14 15:37 - 00000262 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job
2012-11-22 08:43 - 2012-03-30 15:03 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
2012-11-22 08:43 - 2012-03-30 15:03 - 00000900 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
2012-11-22 08:43 - 2010-03-30 14:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-22 08:43 - 2009-07-13 20:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-22 08:43 - 2009-07-13 20:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-21 11:52 - 2012-11-21 11:51 - 00007605 ____A C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
2012-11-21 11:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-21 11:32 - 2012-11-21 11:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
2012-11-21 11:32 - 2010-07-05 08:57 - 00000000 ____D C:\Users\Ants\AppData\Roaming\LimeWire
2012-11-21 11:31 - 2010-04-17 02:13 - 00000000 ____D C:\Users\Ants\Tracing
2012-11-21 11:25 - 2012-11-21 11:25 - 00000000 ____D C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
2012-11-19 03:47 - 2010-03-30 14:38 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-11-18 19:31 - 2012-11-18 19:31 - 00003472 ____N C:\bootsqm.dat
2012-11-18 19:30 - 2012-11-18 19:30 - 00000000 __SHD C:\found.000
2012-11-18 18:31 - 2012-11-18 18:30 - 00000000 ____D C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
2012-11-18 12:32 - 2012-11-18 12:32 - 00068455 ____A C:\Users\Ants\0.7128933779996827.exe
2012-11-18 12:32 - 2010-03-30 13:28 - 00000000 ____D C:\users\Ants
2012-11-18 05:39 - 2012-11-18 05:38 - 00000000 ____D C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
2012-11-17 08:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-17 04:49 - 2012-11-17 04:49 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
2012-11-17 04:47 - 2010-03-30 13:38 - 00110848 ____A C:\Users\Ants\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 04:46 - 2009-07-13 20:33 - 00418256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-16 17:11 - 2010-03-30 13:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-16 17:09 - 2009-07-26 12:06 - 00797826 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-16 16:57 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini
2012-11-16 07:31 - 2012-11-16 07:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
2012-11-15 07:12 - 2012-11-15 07:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
2012-11-13 13:06 - 2010-04-23 06:17 - 00000000 ____D C:\Users\Ants\Documents\Youcam
2012-11-13 11:07 - 2012-08-16 14:46 - 00000000 ____D C:\Users\Ants\AppData\Local\CrashDumps
2012-11-13 08:07 - 2012-11-13 08:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
2012-11-12 06:13 - 2012-11-12 06:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
2012-11-11 08:49 - 2012-04-08 09:03 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for Ants.job
2012-11-11 04:56 - 2012-11-11 04:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
2012-11-10 16:11 - 2012-11-10 16:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
2012-11-10 04:10 - 2012-11-10 04:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
2012-11-09 07:52 - 2012-11-09 07:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
2012-11-08 12:44 - 2012-11-08 12:44 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 12:44 - 2012-06-13 07:42 - 00000000 ____D C:\Users\Ants\AppData\Local\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-11-08 07:20 - 2012-11-08 07:19 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
2012-11-07 08:59 - 2012-05-29 11:32 - 00002320 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-07 08:32 - 2012-11-07 08:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
2012-11-06 08:41 - 2012-11-06 08:41 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
2012-11-05 08:08 - 2012-11-05 08:08 - 00000000 ____D C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
2012-11-04 04:07 - 2012-11-04 04:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
2012-11-03 04:05 - 2012-11-03 04:05 - 00000000 ____D C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
2012-11-02 07:20 - 2012-11-02 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
2012-11-01 07:40 - 2012-11-01 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
2012-10-31 10:21 - 2012-10-31 10:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
2012-10-30 08:22 - 2012-10-30 08:22 - 00000000 ____D C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
2012-10-29 08:03 - 2012-10-29 08:02 - 00000000 ____D C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
2012-10-28 09:35 - 2012-10-28 09:35 - 00000000 ____D C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
2012-10-27 00:58 - 2012-10-27 00:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
2012-10-26 06:12 - 2012-10-26 06:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
2012-10-25 06:43 - 2012-10-25 06:43 - 00000000 ____D C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
2012-10-24 05:53 - 2012-10-24 05:53 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}
2012-10-23 07:09 - 2012-10-23 07:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A08F7D30-9950-435B-AA3D-C3CFC331F5F1}
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-29 08:12:33
Restore point made on: 2012-11-04 11:00:40
Restore point made on: 2012-11-11 11:00:46
Restore point made on: 2012-11-16 16:56:34
Restore point made on: 2012-11-18 11:00:48
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3004.61 MB
Available physical RAM: 2546.39 MB
Total Pagefile: 3000.83 MB
Available Pagefile: 2553.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:108.89 GB) (Free:44.92 GB) NTFS
2 Drive e: () (Fixed) (Total:108.89 GB) (Free:1.48 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.25 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7634 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 108 GB 15 GB
Partition 4 Primary 108 GB 123 GB
=========================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 108 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 108 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7630 MB 4032 KB
=========================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7630 MB Healthy
=========================================================
Last Boot: 2012-11-11 08:08
==================== End Of Log ============================
Ran by SYSTEM at 22-11-2012 18:37:29
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [142120 2010-03-25] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2010-07-05] (Sun Microsystems, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-18] ()
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKU\Ants\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ants\...\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h [3670528 2011-08-16] (Lime PRO LLC)
HKU\Ants\...\Run: [Facebook Update] "C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Ants\...\Winlogon: [Shell] explorer.exe,C:\Users\Ants\AppData\Roaming\msconfig.dat [68455 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
AppInit_DLLs: avgrsstx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ants\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
==================== Services (Whitelisted) ===================
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg9wd; "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [308136 2010-06-22] (AVG Technologies CZ, s.r.o.)
2 avgfws9; "C:\Program Files\AVG\AVG9\avgfws9.exe" [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-06-22] (AVG Technologies CZ, s.r.o.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.1.0.28\diMaster.dll" /prefetch:1 [303544 2011-08-11] (Symantec Corporation)
2 OberonGameConsoleService; "C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe" [44312 2009-08-13] ()
2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
2 WajamUpdater; "C:\Program Files\Wajam\Updater\WajamUpdater.exe" [109064 2012-10-05] (Wajam)
==================== Drivers (Whitelisted) ====================
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [24856 2010-03-30] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [122448 2010-06-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7x; C:\Windows\System32\Drivers\AVGIDSwx.sys [25168 2010-06-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [30288 2010-06-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShimw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [20560 2010-06-22] (AVG Technologies CZ, s.r.o. )
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-06-22] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)
0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-03-30] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\windows\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [995488 2012-08-10] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-15] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys [386208 2012-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS [92704 2012-08-21] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS [1601184 2012-08-21] (Symantec Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2010-12-02] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2010-12-02] (Nokia)
3 SRTSP; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS [566904 2011-08-02] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS [31864 2011-08-02] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1301000.01C\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1301000.01C\SYMEFA.SYS [897656 2011-07-28] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS [127096 2012-07-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [149624 2011-07-25] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\NIS\1301000.01C\SYMNETS.SYS [314488 2011-07-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2012-11-22 18:37 - 2012-11-22 18:37 - 00000000 ____D C:\FRST
2012-11-21 11:51 - 2012-11-21 11:52 - 00007605 ____A C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
2012-11-21 11:32 - 2012-11-21 11:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
2012-11-21 11:25 - 2012-11-21 11:25 - 00000000 ____D C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
2012-11-19 04:00 - 2012-05-31 04:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-18 19:31 - 2012-11-18 19:31 - 00003472 ____N C:\bootsqm.dat
2012-11-18 19:30 - 2012-11-18 19:30 - 00000000 __SHD C:\found.000
2012-11-18 18:30 - 2012-11-18 18:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
2012-11-18 12:32 - 2012-11-22 08:57 - 00000047 ____A C:\Users\Ants\AppData\Roaming\msconfig.ini
2012-11-18 12:32 - 2012-11-18 12:32 - 00068455 ____A C:\Users\Ants\0.7128933779996827.exe
2012-11-18 05:38 - 2012-11-18 05:39 - 00000000 ____D C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
2012-11-17 04:49 - 2012-11-17 04:49 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
2012-11-16 17:01 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-16 17:01 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-16 17:01 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-16 17:01 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 16:59 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-16 16:59 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 16:59 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-16 16:59 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-16 16:59 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 16:58 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 16:58 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 16:58 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 16:58 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 16:58 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 16:58 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 16:58 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 16:58 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 16:58 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 16:58 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 16:58 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 16:58 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 16:58 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 16:58 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 16:58 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 16:58 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-16 07:39 - 2012-10-18 09:57 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 07:39 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 07:31 - 2012-11-16 07:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
2012-11-15 07:12 - 2012-11-15 07:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
2012-11-13 08:07 - 2012-11-13 08:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
2012-11-12 06:13 - 2012-11-12 06:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
2012-11-11 04:56 - 2012-11-11 04:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
2012-11-10 16:10 - 2012-11-10 16:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
2012-11-10 04:10 - 2012-11-10 04:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
2012-11-09 07:52 - 2012-11-09 07:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
2012-11-08 12:44 - 2012-11-08 12:44 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 07:19 - 2012-11-08 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
2012-11-07 08:32 - 2012-11-07 08:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
2012-11-06 08:41 - 2012-11-06 08:41 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
2012-11-05 08:08 - 2012-11-05 08:08 - 00000000 ____D C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
2012-11-04 04:07 - 2012-11-04 04:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
2012-11-03 04:05 - 2012-11-03 04:05 - 00000000 ____D C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
2012-11-02 07:20 - 2012-11-02 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
2012-11-01 07:40 - 2012-11-01 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
2012-10-31 10:20 - 2012-10-31 10:21 - 00000000 ____D C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
2012-10-30 08:22 - 2012-10-30 08:22 - 00000000 ____D C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
2012-10-29 08:02 - 2012-10-29 08:03 - 00000000 ____D C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
2012-10-28 09:35 - 2012-10-28 09:35 - 00000000 ____D C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
2012-10-27 00:58 - 2012-10-27 00:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
2012-10-26 06:11 - 2012-10-26 06:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
2012-10-25 06:43 - 2012-10-25 06:43 - 00000000 ____D C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
2012-10-24 05:53 - 2012-10-24 05:53 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}
2012-10-23 07:09 - 2012-10-23 07:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A08F7D30-9950-435B-AA3D-C3CFC331F5F1}
==================== One Month Modified Files and Folders ========
2012-11-22 08:57 - 2012-11-18 12:32 - 00000047 ____A C:\Users\Ants\AppData\Roaming\msconfig.ini
2012-11-22 08:57 - 2010-03-30 14:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-22 08:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-22 08:55 - 2009-07-13 20:39 - 00162530 ____A C:\Windows\setupact.log
2012-11-22 08:44 - 2009-09-16 22:44 - 01194191 ____A C:\Windows\WindowsUpdate.log
2012-11-22 08:43 - 2012-10-14 15:37 - 00000262 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job
2012-11-22 08:43 - 2012-03-30 15:03 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
2012-11-22 08:43 - 2012-03-30 15:03 - 00000900 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
2012-11-22 08:43 - 2010-03-30 14:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-22 08:43 - 2009-07-13 20:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-22 08:43 - 2009-07-13 20:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-21 11:52 - 2012-11-21 11:51 - 00007605 ____A C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
2012-11-21 11:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-21 11:32 - 2012-11-21 11:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
2012-11-21 11:32 - 2010-07-05 08:57 - 00000000 ____D C:\Users\Ants\AppData\Roaming\LimeWire
2012-11-21 11:31 - 2010-04-17 02:13 - 00000000 ____D C:\Users\Ants\Tracing
2012-11-21 11:25 - 2012-11-21 11:25 - 00000000 ____D C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
2012-11-19 03:47 - 2010-03-30 14:38 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-11-18 19:31 - 2012-11-18 19:31 - 00003472 ____N C:\bootsqm.dat
2012-11-18 19:30 - 2012-11-18 19:30 - 00000000 __SHD C:\found.000
2012-11-18 18:31 - 2012-11-18 18:30 - 00000000 ____D C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
2012-11-18 12:32 - 2012-11-18 12:32 - 00068455 ____A C:\Users\Ants\0.7128933779996827.exe
2012-11-18 12:32 - 2010-03-30 13:28 - 00000000 ____D C:\users\Ants
2012-11-18 05:39 - 2012-11-18 05:38 - 00000000 ____D C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
2012-11-17 08:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-17 04:49 - 2012-11-17 04:49 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
2012-11-17 04:47 - 2010-03-30 13:38 - 00110848 ____A C:\Users\Ants\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 04:46 - 2009-07-13 20:33 - 00418256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-16 17:11 - 2010-03-30 13:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-16 17:09 - 2009-07-26 12:06 - 00797826 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-16 16:57 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini
2012-11-16 07:31 - 2012-11-16 07:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
2012-11-15 07:12 - 2012-11-15 07:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
2012-11-13 13:06 - 2010-04-23 06:17 - 00000000 ____D C:\Users\Ants\Documents\Youcam
2012-11-13 11:07 - 2012-08-16 14:46 - 00000000 ____D C:\Users\Ants\AppData\Local\CrashDumps
2012-11-13 08:07 - 2012-11-13 08:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
2012-11-12 06:13 - 2012-11-12 06:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
2012-11-11 08:49 - 2012-04-08 09:03 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for Ants.job
2012-11-11 04:56 - 2012-11-11 04:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
2012-11-10 16:11 - 2012-11-10 16:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
2012-11-10 04:10 - 2012-11-10 04:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
2012-11-09 07:52 - 2012-11-09 07:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
2012-11-08 12:44 - 2012-11-08 12:44 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 12:44 - 2012-06-13 07:42 - 00000000 ____D C:\Users\Ants\AppData\Local\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-11-08 07:20 - 2012-11-08 07:19 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
2012-11-07 08:59 - 2012-05-29 11:32 - 00002320 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-07 08:32 - 2012-11-07 08:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
2012-11-06 08:41 - 2012-11-06 08:41 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
2012-11-05 08:08 - 2012-11-05 08:08 - 00000000 ____D C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
2012-11-04 04:07 - 2012-11-04 04:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
2012-11-03 04:05 - 2012-11-03 04:05 - 00000000 ____D C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
2012-11-02 07:20 - 2012-11-02 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
2012-11-01 07:40 - 2012-11-01 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
2012-10-31 10:21 - 2012-10-31 10:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
2012-10-30 08:22 - 2012-10-30 08:22 - 00000000 ____D C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
2012-10-29 08:03 - 2012-10-29 08:02 - 00000000 ____D C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
2012-10-28 09:35 - 2012-10-28 09:35 - 00000000 ____D C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
2012-10-27 00:58 - 2012-10-27 00:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
2012-10-26 06:12 - 2012-10-26 06:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
2012-10-25 06:43 - 2012-10-25 06:43 - 00000000 ____D C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
2012-10-24 05:53 - 2012-10-24 05:53 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}
2012-10-23 07:09 - 2012-10-23 07:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A08F7D30-9950-435B-AA3D-C3CFC331F5F1}
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-29 08:12:33
Restore point made on: 2012-11-04 11:00:40
Restore point made on: 2012-11-11 11:00:46
Restore point made on: 2012-11-16 16:56:34
Restore point made on: 2012-11-18 11:00:48
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3004.61 MB
Available physical RAM: 2546.39 MB
Total Pagefile: 3000.83 MB
Available Pagefile: 2553.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:108.89 GB) (Free:44.92 GB) NTFS
2 Drive e: () (Fixed) (Total:108.89 GB) (Free:1.48 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.25 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7634 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 108 GB 15 GB
Partition 4 Primary 108 GB 123 GB
=========================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 108 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 108 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7630 MB 4032 KB
=========================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7630 MB Healthy
=========================================================
Last Boot: 2012-11-11 08:08
==================== End Of Log ============================
#15
Posted 22 November 2012 - 01:21 PM
Download the attached fixlist.txt to the same USB as FRST
Restart FRST as previously and press Fix
Once it has completed boot normally
You will still not see the taskbar
So press the Windows and R key to bring up the run box
Type in :
Iexplore.exe
This will then start IE
Please post: All RKreport.txt text files located on your desktop.
Restart FRST as previously and press Fix
Once it has completed boot normally
You will still not see the taskbar
So press the Windows and R key to bring up the run box
Type in :
Iexplore.exe
This will then start IE
- Download RogueKiller and RUN.
NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
- Wait until Prescan has finished ...
- Click on Scan
- Wait for the end of the scan.
- The report has been created on the desktop.
- Click on the Delete button.
- The report has been created on the desktop.
- Next click on the ShortcutsFix
- The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users