Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Metropolitan Police Warning [Solved]


  • This topic is locked This topic is locked

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 311 posts
Hi,

My friend has asked me to havea look at her laptop as whenever it boots its comes up with the Metropolitan Police Warning screen and is looking for her to pay £100, I have tried to boot in safe mode however it ends up with a white screen and I'm unable to do anything with it, the laptop is running Windows 7, would someone be able to give me some assistance with this ?
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi do you have a USB drive handy ?

Download the following three programmes to your desktop :
Please select the right 32/64 bit programmes for your system


1. WiNTBootIc
2. Windows 7 64bit RC
2. Windows 7 32bit RC
3. Farbar Recovery Scan Tool 64 bit
3. Farbar Recovery Scan Tool 32 bit

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

Posted Image

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#3
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi thanks for quick reply, I dont have a flash drive could I download the programs onto my desktop and then burn to a cd? also my PC runs XP and the laptop with the problem is running Windows 7 so how do I decide which Win7 I use?
  • 0

#4
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi again, I've a 2g SD card could I use that?
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that should do, and the system that you download the programmes to is of no consequence

A cd would also work just as well
  • 0

#6
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
how can i find out if 32 or 64 bit . ps I'll get a flash drive on way home
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does the computer have a sticker on it for the processor (laptops usually do ) saying AMD64 or Intel 64. If it is fairly new then I would suppose it to be 64 bit
  • 0

#8
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
No sticker I'm afraid but in set up(f2) says CPU is a pentium Dual Core CPU T4 2.2GHz, total memory 4096mb, laptop was bought in 2010 and is running Min7 home premium
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is 64bit
  • 0

#10
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Thanks again, I've got the utilities on the flash drive however the battery has gone on the laptop and she has forgotten to give me the charger so unfortunately it will be around this time tomorrow before I can run the programs. Thanks in the meantime
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, these things are sent to try you :lol:
  • 0

#12
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi when I try to select operating system and press next I'm getting a system recovery options error - it says this version of system recovery options is not compatible with the version of windows you are trying to repair.

Could it be hat I should use the 32bit version?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes go for the 32bit sorry about that
  • 0

#14
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2012
Ran by SYSTEM at 22-11-2012 18:37:29
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [142120 2010-03-25] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2010-07-05] (Sun Microsystems, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-18] ()
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKU\Ants\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ants\...\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h [3670528 2011-08-16] (Lime PRO LLC)
HKU\Ants\...\Run: [Facebook Update] "C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Ants\...\Winlogon: [Shell] explorer.exe,C:\Users\Ants\AppData\Roaming\msconfig.dat [68455 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
AppInit_DLLs: avgrsstx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ants\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

==================== Services (Whitelisted) ===================

3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg9wd; "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [308136 2010-06-22] (AVG Technologies CZ, s.r.o.)
2 avgfws9; "C:\Program Files\AVG\AVG9\avgfws9.exe" [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-06-22] (AVG Technologies CZ, s.r.o.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.1.0.28\diMaster.dll" /prefetch:1 [303544 2011-08-11] (Symantec Corporation)
2 OberonGameConsoleService; "C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe" [44312 2009-08-13] ()
2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
2 WajamUpdater; "C:\Program Files\Wajam\Updater\WajamUpdater.exe" [109064 2012-10-05] (Wajam)

==================== Drivers (Whitelisted) ====================

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [24856 2010-03-30] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriverw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [122448 2010-06-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSErHrw7x; C:\Windows\System32\Drivers\AVGIDSwx.sys [25168 2010-06-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilterw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [30288 2010-06-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShimw7x; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [20560 2010-06-22] (AVG Technologies CZ, s.r.o. )
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-06-22] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)
0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-03-30] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\windows\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [995488 2012-08-10] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-15] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys [386208 2012-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS [92704 2012-08-21] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS [1601184 2012-08-21] (Symantec Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2010-12-02] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2010-12-02] (Nokia)
3 SRTSP; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS [566904 2011-08-02] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS [31864 2011-08-02] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1301000.01C\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1301000.01C\SYMEFA.SYS [897656 2011-07-28] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS [127096 2012-07-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [149624 2011-07-25] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\NIS\1301000.01C\SYMNETS.SYS [314488 2011-07-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-22 18:37 - 2012-11-22 18:37 - 00000000 ____D C:\FRST
2012-11-21 11:51 - 2012-11-21 11:52 - 00007605 ____A C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
2012-11-21 11:32 - 2012-11-21 11:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
2012-11-21 11:25 - 2012-11-21 11:25 - 00000000 ____D C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
2012-11-19 04:00 - 2012-05-31 04:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-11-18 19:31 - 2012-11-18 19:31 - 00003472 ____N C:\bootsqm.dat
2012-11-18 19:30 - 2012-11-18 19:30 - 00000000 __SHD C:\found.000
2012-11-18 18:30 - 2012-11-18 18:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
2012-11-18 12:32 - 2012-11-22 08:57 - 00000047 ____A C:\Users\Ants\AppData\Roaming\msconfig.ini
2012-11-18 12:32 - 2012-11-18 12:32 - 00068455 ____A C:\Users\Ants\0.7128933779996827.exe
2012-11-18 05:38 - 2012-11-18 05:39 - 00000000 ____D C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
2012-11-17 04:49 - 2012-11-17 04:49 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
2012-11-16 17:01 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-16 17:01 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-16 17:01 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-16 17:01 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 16:59 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-16 16:59 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-16 16:59 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 16:59 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-16 16:59 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-16 16:59 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 16:58 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 16:58 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 16:58 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 16:58 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 16:58 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 16:58 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 16:58 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 16:58 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 16:58 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 16:58 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 16:58 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 16:58 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 16:58 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 16:58 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 16:58 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 16:58 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-16 07:39 - 2012-10-18 09:57 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 07:39 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 07:31 - 2012-11-16 07:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
2012-11-15 07:12 - 2012-11-15 07:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
2012-11-13 08:07 - 2012-11-13 08:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
2012-11-12 06:13 - 2012-11-12 06:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
2012-11-11 04:56 - 2012-11-11 04:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
2012-11-10 16:10 - 2012-11-10 16:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
2012-11-10 04:10 - 2012-11-10 04:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
2012-11-09 07:52 - 2012-11-09 07:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
2012-11-08 12:44 - 2012-11-08 12:44 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 07:19 - 2012-11-08 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
2012-11-07 08:32 - 2012-11-07 08:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
2012-11-06 08:41 - 2012-11-06 08:41 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
2012-11-05 08:08 - 2012-11-05 08:08 - 00000000 ____D C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
2012-11-04 04:07 - 2012-11-04 04:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
2012-11-03 04:05 - 2012-11-03 04:05 - 00000000 ____D C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
2012-11-02 07:20 - 2012-11-02 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
2012-11-01 07:40 - 2012-11-01 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
2012-10-31 10:20 - 2012-10-31 10:21 - 00000000 ____D C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
2012-10-30 08:22 - 2012-10-30 08:22 - 00000000 ____D C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
2012-10-29 08:02 - 2012-10-29 08:03 - 00000000 ____D C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
2012-10-28 09:35 - 2012-10-28 09:35 - 00000000 ____D C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
2012-10-27 00:58 - 2012-10-27 00:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
2012-10-26 06:11 - 2012-10-26 06:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
2012-10-25 06:43 - 2012-10-25 06:43 - 00000000 ____D C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
2012-10-24 05:53 - 2012-10-24 05:53 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}
2012-10-23 07:09 - 2012-10-23 07:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A08F7D30-9950-435B-AA3D-C3CFC331F5F1}

==================== One Month Modified Files and Folders ========

2012-11-22 08:57 - 2012-11-18 12:32 - 00000047 ____A C:\Users\Ants\AppData\Roaming\msconfig.ini
2012-11-22 08:57 - 2010-03-30 14:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-22 08:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-22 08:55 - 2009-07-13 20:39 - 00162530 ____A C:\Windows\setupact.log
2012-11-22 08:44 - 2009-09-16 22:44 - 01194191 ____A C:\Windows\WindowsUpdate.log
2012-11-22 08:43 - 2012-10-14 15:37 - 00000262 ____A C:\Windows\Tasks\PC Performer_DEFAULT.job
2012-11-22 08:43 - 2012-03-30 15:03 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
2012-11-22 08:43 - 2012-03-30 15:03 - 00000900 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
2012-11-22 08:43 - 2010-03-30 14:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-22 08:43 - 2009-07-13 20:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-22 08:43 - 2009-07-13 20:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-21 11:52 - 2012-11-21 11:51 - 00007605 ____A C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
2012-11-21 11:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-21 11:32 - 2012-11-21 11:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
2012-11-21 11:32 - 2010-07-05 08:57 - 00000000 ____D C:\Users\Ants\AppData\Roaming\LimeWire
2012-11-21 11:31 - 2010-04-17 02:13 - 00000000 ____D C:\Users\Ants\Tracing
2012-11-21 11:25 - 2012-11-21 11:25 - 00000000 ____D C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
2012-11-19 03:47 - 2010-03-30 14:38 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2012-11-18 19:31 - 2012-11-18 19:31 - 00003472 ____N C:\bootsqm.dat
2012-11-18 19:30 - 2012-11-18 19:30 - 00000000 __SHD C:\found.000
2012-11-18 18:31 - 2012-11-18 18:30 - 00000000 ____D C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
2012-11-18 12:32 - 2012-11-18 12:32 - 00068455 ____A C:\Users\Ants\0.7128933779996827.exe
2012-11-18 12:32 - 2010-03-30 13:28 - 00000000 ____D C:\users\Ants
2012-11-18 05:39 - 2012-11-18 05:38 - 00000000 ____D C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
2012-11-17 08:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-17 04:49 - 2012-11-17 04:49 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
2012-11-17 04:47 - 2010-03-30 13:38 - 00110848 ____A C:\Users\Ants\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 04:46 - 2009-07-13 20:33 - 00418256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-16 17:11 - 2010-03-30 13:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-16 17:09 - 2009-07-26 12:06 - 00797826 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-16 16:57 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini
2012-11-16 07:31 - 2012-11-16 07:31 - 00000000 ____D C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
2012-11-15 07:12 - 2012-11-15 07:12 - 00000000 ____D C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
2012-11-14 10:16 - 2012-11-14 10:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
2012-11-13 13:06 - 2010-04-23 06:17 - 00000000 ____D C:\Users\Ants\Documents\Youcam
2012-11-13 11:07 - 2012-08-16 14:46 - 00000000 ____D C:\Users\Ants\AppData\Local\CrashDumps
2012-11-13 08:07 - 2012-11-13 08:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
2012-11-12 06:13 - 2012-11-12 06:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
2012-11-11 08:49 - 2012-04-08 09:03 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for Ants.job
2012-11-11 04:56 - 2012-11-11 04:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
2012-11-10 16:11 - 2012-11-10 16:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
2012-11-10 04:10 - 2012-11-10 04:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
2012-11-09 07:52 - 2012-11-09 07:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
2012-11-08 12:44 - 2012-11-08 12:44 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 12:44 - 2012-06-13 07:42 - 00000000 ____D C:\Users\Ants\AppData\Local\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-11-08 12:44 - 2011-12-08 03:01 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-11-08 07:20 - 2012-11-08 07:19 - 00000000 ____D C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
2012-11-07 08:59 - 2012-05-29 11:32 - 00002320 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-07 08:32 - 2012-11-07 08:32 - 00000000 ____D C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
2012-11-06 08:41 - 2012-11-06 08:41 - 00000000 ____D C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
2012-11-05 08:08 - 2012-11-05 08:08 - 00000000 ____D C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
2012-11-04 04:07 - 2012-11-04 04:07 - 00000000 ____D C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
2012-11-03 04:05 - 2012-11-03 04:05 - 00000000 ____D C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
2012-11-02 07:20 - 2012-11-02 07:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
2012-11-01 07:40 - 2012-11-01 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
2012-10-31 10:21 - 2012-10-31 10:20 - 00000000 ____D C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
2012-10-30 08:22 - 2012-10-30 08:22 - 00000000 ____D C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
2012-10-29 08:03 - 2012-10-29 08:02 - 00000000 ____D C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
2012-10-28 09:35 - 2012-10-28 09:35 - 00000000 ____D C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
2012-10-27 00:58 - 2012-10-27 00:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
2012-10-26 06:12 - 2012-10-26 06:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
2012-10-25 06:43 - 2012-10-25 06:43 - 00000000 ____D C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
2012-10-24 05:53 - 2012-10-24 05:53 - 00000000 ____D C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}
2012-10-23 07:09 - 2012-10-23 07:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A08F7D30-9950-435B-AA3D-C3CFC331F5F1}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-29 08:12:33
Restore point made on: 2012-11-04 11:00:40
Restore point made on: 2012-11-11 11:00:46
Restore point made on: 2012-11-16 16:56:34
Restore point made on: 2012-11-18 11:00:48

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3004.61 MB
Available physical RAM: 2546.39 MB
Total Pagefile: 3000.83 MB
Available Pagefile: 2553.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:108.89 GB) (Free:44.92 GB) NTFS
2 Drive e: () (Fixed) (Total:108.89 GB) (Free:1.48 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.25 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7634 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 108 GB 15 GB
Partition 4 Primary 108 GB 123 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 108 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 108 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7630 MB 4032 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7630 MB Healthy

=========================================================

Last Boot: 2012-11-11 08:08

==================== End Of Log ============================
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached fixlist.txt to the same USB as FRST

Restart FRST as previously and press Fix
Once it has completed boot normally

You will still not see the taskbar
So press the Windows and R key to bring up the run box
Type in :

Iexplore.exe

This will then start IE

  • Download RogueKiller and RUN.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP