Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Metropolitan Police Warning [Solved]


  • This topic is locked This topic is locked

#46
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi did run fix and when rebooted it had the same blue screen error si i've started it up again in safe made, here is the log otl produced when laptop opened in safe mode and i'm just running a quick scan and will post log

All processes killed
========== OTL ==========
Error: No service named avgfws9 was found to stop!
Service\Driver key avgfws9 not found.
File C:\Program Files\AVG\AVG9\avgfws9.exe not found.
Error: No service named avg9wd was found to stop!
Service\Driver key avg9wd not found.
File C:\Program Files\AVG\AVG9\avgwdsvc.exe not found.
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
File C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe not found.
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe moved successfully.
Error: No service named AvgMfx86 was found to stop!
Service\Driver key AvgMfx86 not found.
File C:\Windows\System32\drivers\avgmfx86.sys not found.
Error: No service named AvgTdiX was found to stop!
Service\Driver key AvgTdiX not found.
File C:\Windows\System32\drivers\avgtdix.sys not found.
Error: No service named AVGIDSDriverw7x was found to stop!
Service\Driver key AVGIDSDriverw7x not found.
File C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys not found.
Error: No service named AVGIDSFilterw7x was found to stop!
Service\Driver key AVGIDSFilterw7x not found.
File C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys not found.
Error: No service named AVGIDSErHrw7x was found to stop!
Service\Driver key AVGIDSErHrw7x not found.
File C:\Windows\System32\drivers\AVGIDSwx.sys not found.
Error: No service named AVGIDSShimw7x was found to stop!
Service\Driver key AVGIDSShimw7x not found.
File C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys not found.
Error: No service named AvgLdx86 was found to stop!
Service\Driver key AvgLdx86 not found.
File C:\Windows\System32\drivers\avgldx86.sys not found.
Error: No service named AvgRkx86 was found to stop!
Service\Driver key AvgRkx86 not found.
File C:\Windows\System32\drivers\avgrkx86.sys not found.
Error: No service named Avgfwfd was found to stop!
Service\Driver key Avgfwfd not found.
File C:\Windows\System32\drivers\avgfwd6x.sys not found.
Registry key HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\it folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\id folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\es folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\en folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\de folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\da folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules\locale folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\modules folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\locale\en-US folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\locale folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12\components folder moved successfully.
C:\ProgramData\AVG Secure Search\11.1.0.12 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files\AVG\AVG9\avgssie.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG9_TRAY not found.
File C:\Program Files\AVG\AVG9\avgtray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully.
File C:\Program Files\AVG Secure Search\HF_G_Jul.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
File C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
File C:\Program Files\AVG Secure Search\vprot.exe not found.
File C:\Program Files\AVG\AVG9\avgpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File C:\Program Files\AVG\AVG9\avgpp.dll not found.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:avgrsstx.dll deleted successfully.
File C:\windows\System32\avgrsstx.dll not found.
C:\Users\Ants\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Ants\AppData\Roaming\AVG9 folder moved successfully.
C:\Users\Ants\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_49\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_49\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_49\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_49 folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_26\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_26\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_26\chrome folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected]\ch_26 folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\[email protected] folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox folder moved successfully.
C:\Program Files\AVG\AVG9\Toolbar.old folder moved successfully.
C:\Program Files\AVG\AVG9\Chjw\62ea4535ea45072f folder moved successfully.
C:\Program Files\AVG\AVG9\Chjw folder moved successfully.
C:\Program Files\AVG\AVG9\cfg folder moved successfully.
C:\Program Files\AVG\AVG9\avgam folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Program Files\McAfee Security Scan\2.0.181\sacoredata folder moved successfully.
C:\Program Files\McAfee Security Scan\2.0.181 folder moved successfully.
C:\Program Files\McAfee Security Scan folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\10.0.6 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\9.0.1 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\11.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\11.1.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\10.2.0 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\10.0.6 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ants
->Temp folder emptied: 393936676 bytes
->Temporary Internet Files folder emptied: 136784066 bytes
->Java cache emptied: 463 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3800680 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40765 bytes
RecycleBin emptied: 3451000 bytes

Total Files Cleaned = 513.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 11232012_212624

Files\Folders moved on Reboot...
File move failed. C:\Users\Ants\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#47
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
OTL logfile created on: 11/23/2012 9:41:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.73% Memory free
5.86 Gb Paging File | 4.95 Gb Available in Paging File | 84.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.71 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS

Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 20:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ants\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/06/25 00:48:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/08/22 02:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/21 15:56:04 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/21 15:56:04 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/13 21:09:12 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/13 21:09:12 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/11 00:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/23 21:22:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,314,488 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys -- (SymNetS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 09:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F3-156E9C05E571
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enGB373
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ants\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/23 18:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/23 17:59:55 | 000,000,000 | ---D | M]

[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Ants\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\

O1 HOSTS File: ([2012/11/23 21:26:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [lime pro] C:\Program Files\Lime PRO\LimePro.exe (Lime PRO LLC)
O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\Ants\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JA0633SN\avg_remover_stf_x86_2013_2706.exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG9" /avgdatadir="C:\ProgramData\avg9" File not found
O4 - Startup: C:\Users\Ants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA44414-D6F4-4E72-B76E-8DD67461F6DA}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 20:59:48 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\ElevatedDiagnostics
[2012/11/23 18:02:44 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{870AB0D2-1B38-4645-9CA6-68059E1C7088}
[2012/11/23 15:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/23 15:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/23 15:43:13 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/11/23 15:12:35 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/11/23 15:12:31 | 000,000,000 | ---D | C] -- C:\d6f6f9445f6c1896bd8766e6068641
[2012/11/23 15:04:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C226E9DB-F122-45E0-B7DD-0573A22C80B9}
[2012/11/23 02:37:04 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/22 22:56:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\Desktop\RK_Quarantine
[2012/11/22 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B0B7F35F-8608-4C26-982A-67B8BFFAFB79}
[2012/11/22 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{0A683A6D-65A3-4494-BD62-6E3364C68282}
[2012/11/21 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
[2012/11/21 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
[2012/11/19 03:30:23 | 000,000,000 | --SD | C] -- C:\found.000
[2012/11/19 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
[2012/11/18 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
[2012/11/17 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
[2012/11/16 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
[2012/11/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
[2012/11/14 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
[2012/11/13 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
[2012/11/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
[2012/11/11 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
[2012/11/11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
[2012/11/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
[2012/11/09 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
[2012/11/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
[2012/11/07 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
[2012/11/06 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
[2012/11/05 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
[2012/11/04 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
[2012/11/03 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
[2012/11/02 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
[2012/11/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
[2012/10/31 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
[2012/10/30 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
[2012/10/29 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
[2012/10/28 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
[2012/10/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
[2012/10/26 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
[2012/10/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}

========== Files - Modified Within 30 Days ==========

[2012/11/23 21:37:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 21:37:37 | 249,404,998 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/23 21:37:37 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 21:26:28 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/11/23 21:26:06 | 000,674,732 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/23 21:26:06 | 000,127,730 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/23 20:56:49 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 20:46:02 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 20:30:37 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 19:52:11 | 000,007,605 | ---- | M] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2012/11/21 19:51:42 | 000,007,605 | ---- | C] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/01/11 19:51:56 | 000,068,455 | ---- | C] () -- C:\Users\Ants\AppData\Roaming\msconfig.dat
[2011/07/10 12:40:14 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{A601DAF0-A1C5-4CCB-961D-9E3B51E94D3D}
[2011/05/13 19:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{37291F92-2AD8-4E21-88A5-C28DABEE5D51}
[2011/04/27 14:17:09 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{63E7382F-4625-4A94-B4D4-EE227549C87D}
[2010/03/30 21:30:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/07 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\FrostWire
[2010/03/31 05:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameConsole
[2010/09/11 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameTuts
[2012/11/24 02:27:26 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\LimeWire
[2012/11/22 23:32:59 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PerformerSoft
[2012/11/24 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PhotoScape
[2011/06/30 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
  • 0

#48
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a clean boot to determine which driver is stopping it going to normal mode

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\Ants\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JA0633SN\avg_remover_stf_x86_2013_2706.exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG9" /avgdatadir="C:\ProgramData\avg9" File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Next we will check for driver conflicts

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

Posted Image

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

Posted Image

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Once back in windows does the problem still occur ?
  • 0

#49
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi, thanks for all your help with this. Ive run OTL and the mscoop nfig and let laptop reboot however still getting blue screen when trying to access windows normally, tried to boot into safe mode with networking and get same error - the only way I can access windows is in basic safe mode, when windows opens I get an error box the says this:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: d1
BCP1: 00000004
BCP2: 00000002
BCP3: 00000000
BCP4: 8B04BB02
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\112412-23244-01.dmp
C:\Users\Ants\AppData\Local\Temp\WER-45677-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt
  • 0

#50
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the last three minidumps from C:\Windows\Minidump
You will need to zip the files to attach them... My feeling is that there is a problem with the network drivers as booting without them is a big clue
  • 0

#51
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Attached File  112412-23244-01.rar   22.49KB   41 downloadsHope these are okAttached File  112312-32463-01.rar   23.35KB   40 downloadsAttached File  112312-41355-01.rar   25.53KB   45 downloads
  • 0

#52
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK go to this site and download the driver applicable to your system

This is the one you are updating
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
  • 0

#53
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
I'm really sorry but I dont understand what I've to do :0( which of these do I download?

v9.2.0.105 with modded INF v1.31 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v9.1.0.314 with modded INF v1.30 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v9.1.0.100 with modded INF v1.30 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v8.0.0.316 with modded INF v1.29 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v9.0.0.125 with modded INF v1.29 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v8.0.0.279 with modded INF v1.29 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v7.7.0.449 with modded INF v1.29 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v8.0.0.225 with modded INF v1.29 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v8.0.0.219 with modded INF v1.28 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v7.7.0.384 with modded INF v1.28 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v8.0.0.171 with modded INF v1.28 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v2.0.0.73 with modded INF v1.28 for both vista and Windows 7 x64 only
Should work for ALL Atheros Chipset versions

v8.0.0.144 with modded INF v1.28 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v7.7.0.319 with modded INF v1.28 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions

v2.0.0.72 with modded INF v1.28 for both vista and Windows 7
Should work for ALL Atheros Chipset versions

v7.7.0.259 with modded INF v1.26 for both WinXP x86 and x64
Should work for ALL Atheros Chipset versions

v7.7.0.233 with modded INF v1.24 for both WinXP x86 and x64
Should work for ALL Atheros Chipset versions

v7.7.0.231 with modded INF v1.24 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v2.0.0.70 with modded INF v1.26 for both vista and Windows 7
Should work for ALL Atheros Chipset versions

v7.6.1.221 with modded INF v1.26 for both WinXP x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.204 with modded INF v1.26 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.184 with modded INF v1.24 for both WinXP x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.204 with modded INF v1.23 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.184 with modded INF v1.23 for both WinXP x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.162 with modded INF v1.20 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.170 with modded INF v1.21 for both WinXP x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.122 with modded INF v1.20 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.1.122 with modded INF v1.19 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.0.172 with modded INF v1.19 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.6.0.83 with modded INF v1.17 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions

v7.3.1.109 with modded INF v1.15 for both Vista x86 and x64
Should work for ALL Atheros Chipset versions
  • 0

#54
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
when I try to get back into that site I get a window popping up that says Data Execution Prevention-Microsoft Widows- To help protect your computer, Windows has closed the progran Internet Explorer
  • 0

#55
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select this one
v9.2.0.105 with modded INF v1.31 for both Vista/Win7 x86 and x64
Should work for ALL Atheros Chipset versions
  • 0

Advertisements


#56
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Ive downloadeD that to my flash drive, do I just run it from the laptop in safe mode?..... sorry to be so thick
  • 0

#57
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes copy it across to the desktop

Then right click the inf file and select install
  • 0

#58
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi,

It says the inf file you selected does not support this method of installation
  • 0

#59
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that was the easy way

Could you go to device manager :

Go Start > Run
Type in devmgmt.msc press OK
Device manager will open

Locate the Atheros driver
Right click the driver and select properties

Click update drive
Select browse my computer for driver location
In the box that opens navigate to the driver file that is on the desktop
Then follow the remaining prompts
  • 0

#60
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
mmc cannot open the file c:\windows\system32\devmgmt.msc
this may because the file does not exist, not an mmc console or was created by a later version of mmc. this may also because you do not have sufficient access rights to the file
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP