[joyo8822]

I've tried everything I could to the best of my ability so here I land...I thank you ahead of time for your help.

I have a lenovo Y430 with Vista (unfortunately). I ended up with malware somehow that was redirecting google to spam sites. I ran 3 different malware removers including Norton Power Eraser. Power Eraser stopped the redirecting but asked me to restart. I did and now I'm stuck with the BSOD. I've attached an image of what I'm seeing.
Yes I've googled the STOP and received the "no results returned" which made me nervous.

Tried system restore: I keep getting an error stating I have an incorrect parameter.

Tried doing Lenovo's recovery system: Says Drivers can't be initialized please reinstall.
I try to reinstall and I get the 1719 error.

I've done SFC and I've done Norton Removal Tool to get rid of the [bleep] Power Eraser and I'm still getting the BSOD.

HELP!!

[Advertisements]

Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

I will get back to you soon with further instructions. Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Crag_Hack]

Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

I will get back to you soon with further instructions. Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Crag_Hack]

Hi joyo8822. I have some questions for you before we get started.

• Is safe mode available and functioning properly?
• Do you have a Windows CD?
• Can you burn a CD?
• Do you have a USB drive of at least 4 GB?

[joyo8822]

Hi Crag!

Thanks for your help!

1. Yes I can get into safe mode just fine, thankfully.
2. I don't have a CD. It wasn't provided with my computer.
3. I can burn a CD
4. I do have one with at least 4GB.

[Crag_Hack]

Hi joyo8822. We will now run a couple diagnostic utilities in safe mode. Also am I correct the BSOD hits during normal boot? Please do the following:

Reboot into safe mode with networking for the following instructions. To do this:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Choose safe mode with networking

Step 1

• Download OTL and save to desktop or other convenient location.
• Double click OTL to run it. Make sure all other windows are closed to let it run uninterrupted.
• Select the Scan All Users box in the middle on the top of the window
• Under the Custom Scans/Fixes box paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  WSHELPER.*
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  >C:\commands.txt echo list vol /raw /hide /c
  /wait
  >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
  /wait
  type c:\diskreport.txt /c
  /wait
  erase c:\commands.txt /hide /c
  /wait
  erase c:\diskreport.txt /hide /c
  CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

• Download aswMBR.exe ( 1870KB ) to your desktop.
• Double click the aswMBR.exe to run it
• It will ask you if you want to download the latest Avast! virus definitions, answer yes
  
  
• Click the Scan button to start scan
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL.txt
Extras.txt
aswMBR log

[joyo8822]

Hi Crag

Correct...BSOD only shows up in Normal Boot mode.


Step 1:
OTL.text:
OTL logfile created on: 7/30/2012 8:21:18 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Yola\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.74% Memory free
3.09 Gb Paging File | 2.51 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.74 Gb Total Space | 46.96 Gb Free Space | 25.01% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 15.90 Gb Free Space | 52.31% Space Free | Partition Type: NTFS

Computer Name: YOLAB | User Name: Yola | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 19:47:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Yola\Downloads\OTL.exe
PRC - [2012/07/26 20:57:17 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/18 21:24:27 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/17 14:54:50 | 000,079,384 | ---- | M] (Google) -- C:\Users\Yola\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/26 20:57:17 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/18 21:24:26 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/10/07 19:53:07 | 000,241,752 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/26 20:57:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 21:24:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/09/08 22:03:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/02/14 20:40:09 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/04/23 16:59:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/02/14 16:40:18 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2008/02/14 13:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 19:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 19:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/05/16 10:41:18 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/05/11 16:23:42 | 000,469,504 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\IncSvc.dll -- (IncSvc)
SRV - [2007/04/11 09:59:18 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2007/02/12 00:43:46 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR300.SYS -- (SMR300)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/29 09:49:06 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/07/28 18:53:56 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/05/24 16:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/04/23 17:24:26 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2008/10/07 19:29:51 | 000,049,472 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2008/09/10 12:09:00 | 001,132,840 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/06/29 14:52:28 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/11 18:28:58 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/05/21 15:05:34 | 000,008,832 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2008/05/21 15:04:04 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2008/05/21 08:35:26 | 000,220,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/12 21:48:06 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/29 01:56:32 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008/04/29 01:55:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/04/27 15:29:28 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/25 09:16:38 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2008/01/10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2008/01/02 09:50:26 | 000,018,448 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/11/23 17:00:02 | 000,047,680 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2007/10/25 16:06:04 | 000,017,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV - [2007/10/18 00:36:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/05/11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/05/09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 06:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2007/03/05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007/03/05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006/11/02 00:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}


IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.expatshield.com/g/?c=h
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....hTerms}&locale=
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = http://search.expats...q={searchTerms}
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "google.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Yola\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Yola\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Yola\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Yola\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yola\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yola\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/16 19:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/24 13:17:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 21:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 21:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 19:28:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Yola\AppData\Roaming\Move Networks [2009/10/01 22:02:57 | 000,000,000 | ---D | M]

[2009/07/31 00:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yola\AppData\Roaming\Mozilla\Extensions
[2009/07/31 00:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yola\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/07 19:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yola\AppData\Roaming\Mozilla\Firefox\Profiles\0u3wzxfr.default\extensions
[2010/05/09 14:04:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yola\AppData\Roaming\Mozilla\Firefox\Profiles\0u3wzxfr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 20:09:35 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Yola\AppData\Roaming\Mozilla\Firefox\Profiles\0u3wzxfr.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/04/04 22:29:53 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Yola\AppData\Roaming\Mozilla\Firefox\Profiles\0u3wzxfr.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/07/28 09:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 00:09:41 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\YOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0U3WZXFR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/10/29 00:09:41 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\YOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0U3WZXFR.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 21:24:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/30 14:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/01/15 11:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2012/03/04 00:17:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/09 18:14:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/09 18:14:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yola\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yola\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yola\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: ArtistScope plugin 42 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Yola\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Yola\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Yola\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: AVG Safe Search = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Yola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/09/08 22:03:43 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe (Compal Electronic Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [BlueSoleil] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil\BlueSoleil.lnk ()
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0C)" -"http://health.howstu...nstruation.htm" File not found
O4 - Startup: C:\Users\Yola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Yola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3575403344-3258026585-3421331224-1004\..Trusted Domains: sonic.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} http://services.coun...ex/OBXPopup.cab (OBXPopupBlockerAssistant Control)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35148CDF-980A-4CEC-A72F-86C32DA478DA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Yola\Documents\Pictures\Pictures\2009-09-07\later\396.JPG
O24 - Desktop BackupWallPaper: C:\Users\Yola\Documents\Pictures\Pictures\2009-09-07\later\396.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2860b0c9-4831-11de-8270-001eecc114fd}\Shell - "" = AutoRun
O33 - MountPoints2\{2860b0c9-4831-11de-8270-001eecc114fd}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{525bc92d-f5b2-11de-ad72-001eecc114fd}\Shell - "" = AutoRun
O33 - MountPoints2\{525bc92d-f5b2-11de-ad72-001eecc114fd}\Shell\AutoRun\command - "" = G:\Imageviewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ountPoints2\{c41f7c7b-e65c-11e0-88fb-001eecc114fd}\Shell\Autoplay\DropTarget\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 10:03:53 | 000,000,000 | ---D | C] -- C:\Users\Yola\AppData\Local\CrashDumps
[2012/07/29 09:53:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/29 09:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/29 09:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/29 01:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2012/07/29 01:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/07/29 00:55:48 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/07/28 23:33:19 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/28 23:33:19 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/28 23:33:19 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/28 23:33:19 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/28 23:33:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/28 23:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/28 23:33:18 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/28 23:33:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/28 23:33:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/28 23:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/28 23:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/28 22:31:26 | 000,000,000 | ---D | C] -- C:\Users\Yola\AppData\Roaming\InstallShield
[2012/07/28 19:49:44 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/07/28 19:41:18 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/07/28 19:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/28 18:55:06 | 000,000,000 | ---D | C] -- C:\RegRunInfo
[2012/07/28 18:53:56 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/07/28 18:53:50 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2012/07/28 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2012/07/28 18:53:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012/07/28 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\Yola\Desktop\Europe
[2012/07/28 17:30:42 | 000,000,000 | ---D | C] -- C:\NPE
[2012/07/28 16:34:53 | 000,000,000 | ---D | C] -- C:\Users\Yola\AppData\Local\NPE
[2012/07/28 12:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/07/28 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Yola\Documents\RegRun2
[2012/07/28 12:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/07/16 19:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/01 20:42:23 | 000,000,000 | -HSD | C] -- C:\found.000
[4 C:\Users\Yola\Desktop\*.tmp files -> C:\Users\Yola\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 19:43:30 | 000,001,356 | ---- | M] () -- C:\Users\Yola\AppData\Local\d3d9caps.dat
[2012/07/30 19:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 19:34:21 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/07/29 10:51:13 | 000,417,298 | ---- | M] () -- C:\Users\Yola\Documents\cc_20120729_105106.reg
[2012/07/29 10:05:49 | 000,002,070 | ---- | M] () -- C:\Users\Yola\Desktop\OneKey Recovery.lnk
[2012/07/29 09:49:06 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2012/07/29 09:43:29 | 000,421,452 | ---- | M] () -- C:\Users\Yola\Documents\cc_20120729_094314.reg
[2012/07/29 09:42:02 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/29 01:39:22 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2012/07/29 01:39:21 | 000,000,755 | ---- | M] () -- C:\Users\Yola\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2012/07/29 01:39:21 | 000,000,731 | ---- | M] () -- C:\Users\Yola\Desktop\Perfect Uninstaller.lnk
[2012/07/29 00:47:38 | 000,009,216 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/07/28 23:33:19 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/28 23:33:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/28 23:33:18 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/07/28 19:49:44 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2012/07/28 19:41:18 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/07/28 19:41:18 | 000,000,160 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2012/07/28 18:53:56 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2012/07/28 18:53:50 | 000,000,712 | ---- | M] () -- C:\Users\Yola\Desktop\UnHackMe.lnk
[2012/07/28 18:53:50 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\UnHackMe Task Scheduler.job
[2012/07/28 17:41:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 17:30:29 | 000,051,200 | ---- | M] () -- C:\Users\Yola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/28 16:51:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 16:51:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 16:39:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 16:38:27 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012/07/28 16:14:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3575403344-3258026585-3421331224-1004UA.job
[2012/07/28 15:57:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 12:13:49 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/07/28 12:13:49 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/07/28 10:24:25 | 000,002,037 | ---- | M] () -- C:\Users\Yola\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/28 10:15:50 | 329,368,958 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/28 10:00:45 | 102,354,748 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/28 00:52:34 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3575403344-3258026585-3421331224-1004Core.job
[2012/07/28 00:39:07 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2012/07/16 19:15:31 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/13 22:20:27 | 000,417,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/12 19:52:00 | 000,002,037 | ---- | M] () -- C:\Users\Yola\Desktop\Google Chrome.lnk
[2012/07/03 21:16:40 | 000,342,812 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 09:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 09:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 09:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 09:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[4 C:\Users\Yola\Desktop\*.tmp files -> C:\Users\Yola\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 10:51:07 | 000,417,298 | ---- | C] () -- C:\Users\Yola\Documents\cc_20120729_105106.reg
[2012/07/29 09:43:19 | 000,421,452 | ---- | C] () -- C:\Users\Yola\Documents\cc_20120729_094314.reg
[2012/07/29 09:42:02 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/29 01:39:22 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2012/07/29 01:39:21 | 000,000,755 | ---- | C] () -- C:\Users\Yola\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2012/07/29 01:39:21 | 000,000,731 | ---- | C] () -- C:\Users\Yola\Desktop\Perfect Uninstaller.lnk
[2012/07/28 23:33:19 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/28 23:33:18 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/07/28 19:41:18 | 000,000,160 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2012/07/28 18:53:50 | 000,000,712 | ---- | C] () -- C:\Users\Yola\Desktop\UnHackMe.lnk
[2012/07/28 18:53:50 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\UnHackMe Task Scheduler.job
[2012/07/28 17:44:04 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2012/07/28 12:13:49 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/07/28 10:24:25 | 000,002,037 | ---- | C] () -- C:\Users\Yola\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/27 11:49:49 | 000,000,020 | ---- | C] () -- C:\Users\Yola\AppData\Local\UACBrResultRetrieving.dat
[2012/02/02 20:40:33 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/06 21:52:47 | 001,159,449 | ---- | C] () -- C:\Users\Yola\IMG_1526.JPG
[2011/11/06 21:52:46 | 001,252,878 | ---- | C] () -- C:\Users\Yola\IMG_1525.JPG
[2011/11/06 21:52:46 | 001,212,892 | ---- | C] () -- C:\Users\Yola\IMG_1524.JPG
[2011/11/06 21:52:46 | 001,050,035 | ---- | C] () -- C:\Users\Yola\IMG_1522.JPG
[2011/11/06 21:52:45 | 001,068,974 | ---- | C] () -- C:\Users\Yola\IMG_1520.JPG
[2011/11/06 21:52:45 | 001,017,705 | ---- | C] () -- C:\Users\Yola\IMG_1521.JPG
[2011/11/06 21:52:44 | 001,327,823 | ---- | C] () -- C:\Users\Yola\IMG_1518.JPG
[2011/11/06 21:52:40 | 013,143,626 | ---- | C] () -- C:\Users\Yola\IMG_1528.MOV
[2011/11/06 21:52:40 | 001,072,145 | ---- | C] () -- C:\Users\Yola\IMG_1527.JPG
[2011/11/06 21:25:18 | 002,775,270 | ---- | C] () -- C:\Users\Yola\DSCN0923.JPG
[2011/11/06 21:25:18 | 002,754,098 | ---- | C] () -- C:\Users\Yola\DSCN0919.JPG
[2011/11/06 21:25:18 | 002,692,239 | ---- | C] () -- C:\Users\Yola\DSCN0921.JPG
[2011/11/06 21:25:18 | 002,691,058 | ---- | C] () -- C:\Users\Yola\DSCN0922.JPG
[2011/11/06 21:25:18 | 002,637,254 | ---- | C] () -- C:\Users\Yola\DSCN0918.JPG
[2011/11/06 21:25:18 | 002,606,758 | ---- | C] () -- C:\Users\Yola\DSCN0915.JPG
[2011/11/06 21:25:18 | 002,485,456 | ---- | C] () -- C:\Users\Yola\DSCN0916.JPG
[2011/11/06 21:25:18 | 002,462,878 | ---- | C] () -- C:\Users\Yola\DSCN0924.JPG
[2011/11/06 21:25:18 | 002,425,813 | ---- | C] () -- C:\Users\Yola\DSCN0914.JPG
[2011/11/06 21:25:18 | 000,475,007 | ---- | C] () -- C:\Users\Yola\DSCN09200.JPG
[2011/11/06 21:25:17 | 002,780,392 | ---- | C] () -- C:\Users\Yola\DSCN0913.JPG
[2011/11/06 21:17:39 | 002,580,178 | ---- | C] () -- C:\Users\Yola\DSCN0920.JPG
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/05/30 11:32:37 | 000,003,994 | ---- | C] () -- C:\Users\Yola\.recently-used.xbel
[2011/04/15 23:07:19 | 000,043,593 | ---- | C] () -- C:\Users\Yola\submitRetro.do.htm
[2011/02/15 16:48:28 | 008,225,992 | ---- | C] () -- C:\Users\Yola\06 - Angels Cry.mp3
[2011/02/15 16:48:28 | 005,682,373 | ---- | C] () -- C:\Users\Yola\04 - In My Head.mp3
[2010/12/02 22:13:07 | 000,000,117 | ---- | C] () -- C:\Users\Yola\jagex_runescape_preferences2.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/09 14:12:27 | 067,804,229 | ---- | C] () -- C:\Users\Yola\tassies eating.MOV
[2010/05/09 14:10:50 | 090,756,275 | ---- | C] () -- C:\Users\Yola\seals arch.MOV
[2010/05/09 14:10:45 | 091,964,148 | ---- | C] () -- C:\Users\Yola\seals national park.MOV
[2009/11/19 21:17:54 | 000,024,312 | ---- | C] () -- C:\Users\Yola\Microsoft Office Professional Plus 2010 Beta Product Key.htm
[2009/01/16 00:12:54 | 000,001,356 | ---- | C] () -- C:\Users\Yola\AppData\Local\d3d9caps.dat
[2009/01/09 21:13:43 | 000,051,200 | ---- | C] () -- C:\Users\Yola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/22 21:54:35 | 000,029,239 | ---- | C] () -- C:\Users\Yola\AppData\Roaming\UserTile.png
[2008/12/14 19:27:30 | 000,000,034 | ---- | C] () -- C:\Users\Yola\jagex_runescape_preferences.dat

========== LOP Check ==========

[2011/01/02 19:23:37 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Absolute Poker
[2011/06/12 02:24:34 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\ACASystems
[2010/01/01 19:23:35 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\acccore
[2011/06/12 02:38:26 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Audacity
[2011/10/09 09:24:16 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\AVG2012
[2011/12/24 08:14:16 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\BitTorrent
[2009/05/24 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\DAEMON Tools Lite
[2012/07/28 18:39:27 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Dropbox
[2009/01/18 22:12:34 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\GetRightToGo
[2011/05/30 11:32:38 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\gtk-2.0
[2009/05/09 19:29:37 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\iPodder
[2010/01/09 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Leadertech
[2008/11/16 05:08:00 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Lenovo
[2009/05/09 11:09:53 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Mediafly
[2009/01/17 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\OpenOffice.org
[2010/06/11 22:24:11 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\Opera
[2009/04/12 11:31:28 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\pdf995
[2008/12/22 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\PeerNetworking
[2009/04/20 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\SecondLife
[2011/04/15 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\TaxCut
[2009/02/04 23:16:21 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\TheScruffs
[2008/12/04 22:44:46 | 000,000,000 | ---D | M] -- C:\Users\Yola\AppData\Roaming\TuneUp Software
[2012/07/28 00:39:07 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2012/07/28 23:33:18 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/07/28 16:51:39 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/28 18:53:50 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\UnHackMe Task Scheduler.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Yola\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Yola\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/20 19:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Users\Yola\AppData\Local\Temp\services.exe.mui
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 19:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 05:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 05:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2010/03/22 16:37:24 | 000,033,237 | ---- | M] () MD5=0D4C93A6407E5E3DE3A0F3D323CA81A4 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\ProgramData\Spybot - Search & Destroy\Includes\Services.sbs
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Users\All Users\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.TICO >
[2002/04/03 00:39:00 | 000,002,038 | ---- | M] () MD5=B15FB3A60F5BA41109C6F94067C8DC62 -- C:\Program Files\TuneUp Utilities 2007\Data\services.tico

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Yola\AppData\Local\Temp\RarSFX0\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Yola\AppData\Local\Temp\RarSFX0\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2006/11/02 05:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\Windows\System32\en-US\wshelper.dll.mui
[2006/11/02 05:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_en-us_aba6a9ba9bd9dfc2\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: YOLAB
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 C NTFS Partition 188 GB Healthy Boot
Volume 2 D LENOVO NTFS Partition 30 GB Healthy
Volume 3 NTFS Partition 15 GB Healthy Hidden

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Yola\seals national park.MOV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Yola\seals arch.MOV:TOC.WMV
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:F9BCB534

< End of report >


An extras.txt was not produced....I was receiving an error during the scan that said: "WIN32 Error. Code: 6. The Handle is invalid"

Step 2: aswMBR log

Twice I tried to run the program and after about an hour or so...I received the BSOD.

[joyo8822]

Hi Crag

I tried again and was finally able to get the aswmbr log...here you go..no luck with extras.txt yet. Thanks!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 19:57:08
-----------------------------
19:57:08.127 OS Version: Windows 6.0.6002 Service Pack 2
19:57:08.127 Number of processors: 2 586 0xF0D
19:57:08.127 ComputerName: YOLAB UserName: Yola
19:57:09.187 Initialize success
19:57:18.922 AVAST engine defs: 12073100
19:57:22.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:57:22.806 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
19:57:22.822 Disk 0 MBR read successfully
19:57:22.822 Disk 0 MBR scan
19:57:22.822 Disk 0 Windows VISTA default MBR code
19:57:22.869 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 192247 MB offset 2048
19:57:22.869 Disk 0 Partition - 00 0F Extended LBA 31118 MB offset 393723904
19:57:22.900 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
19:57:22.931 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 31117 MB offset 393725952
19:57:22.931 Disk 0 scanning sectors +488396464
19:57:22.993 Disk 0 scanning C:\Windows\system32\drivers
19:57:37.517 Service scanning
19:58:09.637 Modules scanning
19:58:14.833 Disk 0 trace - called modules:
19:58:14.880 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:58:14.896 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c37158]
19:58:14.927 3 CLASSPNP.SYS[831ad8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85b37030]
19:58:16.534 AVAST engine scan C:\Windows
19:58:20.751 AVAST engine scan C:\Windows\system32
20:02:21.011 AVAST engine scan C:\Windows\system32\drivers
20:02:38.576 AVAST engine scan C:\Users\Yola
21:10:38.116 AVAST engine scan C:\ProgramData
21:20:23.741 Scan finished successfully
21:28:16.748 Disk 0 MBR has been saved successfully to "C:\Users\Yola\Desktop\MBR.dat"
21:28:16.763 The log file has been saved successfully to "C:\Users\Yola\Desktop\aswMBR.txt"

[Crag_Hack]

I finished looking at your OTL log today. Will have a response for you tomorrow. Just giving you a heads up.

[Crag_Hack]

Hi joyo8822. Your OTL log looks clean as does your aswMBR log. Please do the following:

Step 1

Considering the problem didn't occur in safe mode the next step is to determine which startup item/service that wasn't loaded in safe mode is causing the problem (the problem might lie elsewhere however). We achieve this using msconfig which allows us to disable startup items/services. First step is to disable all the items/services and see if you still get the BSOD. If so then skip to step 2. If not continue with these instructions. Now turn half of the items/services back on and see if the problem recurs. If so the offending entry/service is one of the ones we turned back on so then we disable half of those to see if the entry/service is one of the ones now enabled. We repeat this disable/enable half procedure until we isolate the offending entry/service. This page explains how to do it. Make sure to follow the instructions on that page. Let me know if you have any questions/problems.

Step 2

If Step 1 didn't get rid of the BSOD the next step is to run NPE again and try and undo the fixes. If it is still installed, boot into safe mode then run it. If not installed please redownload and reinstall from here in safe mode with networking. Then run NPE and follow these instructions to undo your fixes. If you have no option to undo the fixes continue to the next step. If you are able to undo the fixes restart and see if you still get the BSOD in normal Windows. If not let me know. If you still get the BSOD continue with step 3.

Step 3

• Please navigate to C:\Windows\MiniDump
• Upload the most recent mindumps in your next post. They will be named with the date first in the filename i.e. 080112-18720-01.dmp for today. You can only upload 1 MB of files to GeeksToGo so you should be able to upload 3 minidump files.
  
  • Click Add Reply for your next post
  • Click the Browse button below the post text box
  • Select one minidump file at a time
  • Click the Open button,
  • Click the Attach This File button
• Repeat these steps for the other 2 most recent minidumps

Things to see in your next post:
msconfig troubleshooting results
NPE results if attempted
minidump files if needed

[joyo8822]

Hi Crag

Step 1: I still received the BSOD.

Step 2: When I went to go run NPE.exe...I received the following error during installation
"Error while enumerating operating systems in the computer. Error Code: 0x80045007,0"

Step 3: I was given an error by the forum when attempting to upload and it said "You aren't permitted to upload this kind of file". As an FYI...my most recent minidump is from 2010.

[Crag_Hack]

Hi joyo8822. I found this page with a user having similar problems as you. The next step is to see what your Vista boot options are. Please do the following:

Reboot your computer and tap the F10 key until Edit Boot Options screen appears
Write down everything and report to me or just take a pic and show me the pic.

[joyo8822]

Hi Crag, Here's the picture of the boot options.

[Crag_Hack]

Hi joyo8822. We will now try to fix your boot options to allow you to boot into normal Windows. Also we'll try to take a look at what NPE did, restore your msconfig settings, and try out your computer. Please do the following:

Step 1

• Reboot your computer and tap the F10 key until Edit Boot Options screen appears
• Remove the /minint part by deleting it then press enter to accept the changes
• See if you can boot into normal Windows (if not let me know and end this session)
• If so restart and see if you are still able to boot into Windows
• If you get the BSOD again do the following (if not proceed to step 2):
  
• Go back to the Edit Boot Options screen
• delete /minint and press enter
• Boot into normal Windows
• Immediately do the following
• Click Start Menu --> All Programs --> Accessories
• Right click on Command prompt and click Run as Administrator
• Type the following line and press Enter. (Note : the brackets are NOT [ ] but { }, also note the spaces)
  bcdedit /set {default} winpe no
• Restart and see if you are still able to boot into Windows (if not let me know otherwise proceed to step 2)

Step 2

• Run Norton Power Eraser
• Accept the agreement
• Click History
• Select the previous repair session (if present, if not go to step 3)
• Click Next
• Take a pic of the screen or a screenshot and post in your reply
• Close NPE

Step 3

• Click Start Menu
• Type msconfig.exe in the Start Search box and then press ENTER
• Make sure Normal startup is selected - if it isn't select it then click Apply

Step 4

Try using your computer and see if the symptoms remain, most importantly:
Google redirects
Try to run system restore but don't revert to a restore point, just see if it runs correctly

Things to see in your next post:
step 1 results
NPE repair session details screenshot (if step 1 worked)
computer status (if step 1 worked)

[joyo8822]

Hi Josh (sorry I just realized that you put your name previously!)

My computer is working again!! Thank you so much for your help!!

Step 1: As I said my computer started working again. =)

Step 2: (I also have an XML log if you'd like it??)

Google isn't redirecting and my computer is booting up perfectly. Thank you soooooo much for your help! Please let me know if I'm able to donate towards the forum/website because this website and people like you are wonderful!

[Crag_Hack]

Hello joyo8822. Glad to hear everyting looks good. Did you have to use the bcdedit command or did just deleting the /minint work? The next step is to check the NPE previous session in more detail, run an Extras scan, clean your temp files, run an antivirus scan with Kasperksy Security Scan, and finally a malware scan with Malwarebytes. After this if everything is clean we are done. Please do the following:

Step 1

• Run Norton Power Eraser
• Accept the agreement
• Click History
• Select the previous repair session
• Click Next
• Click the arrow next to the text Boot Record
• Take a pic of the screen or a screenshot and post in your reply
• Close NPE

Step 2

• Run OTL
• Click the None button
• Select the Use SafeList option in the Extra Registry section
• Then click the Run Scan button at the top
• Let the program run unhindered
• Then post the produced log (Extras.txt in the same directory as OTL)

Step 3

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [CREATERESTOREPOINT]
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Step 4

• Go to here
• Click the download button under Kaspersky Security Scan
• Download and run the file
• It will start to download the Kaspersky Security Scan program data
• Once downloaded the installer will begin
• Click Next
• Accept the License Agreement
• Click Install
• The program will now install
• Click Finish
• Kaspersky Security Scan will now start
  
  
  
• Click the Full Scan button
  
  
  
• The scan will take about an hour or two depending on the amount of data on your hard drive
• If the scan detects problems it will open a Problems found window (you can click Details to view the scan results)
  
  
  
• Once the scan is complete do the following:
  
  • Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
  • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
  • Attach the HtmlReport zipped folder to your next post
    
    
    
• You can now close Kaspersky Security Scan

Step 5

The following instructions are for running a scan with Malwarebytes' Anti-Malware. This scan will find any remaining infections that aren't already cleaned.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Things to see in your next post:
NPE screenshot
Extras.txt
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
Kaspersky Security Scan results HtmlReport zipped folder
MBAM log