Please help -- BSOD, can't boot in safe mode

[tomgartin]

Hello, thank you in advance for whatever help you can offer. My wife was using her computer to write some things in MS Word when it suddenly restarted (Windows Update, I think?) and ran a scheduled Lenovo Boot Optimizer process during the reboot sequence. When it got to the Windows 7 loading screen, it crashed to the dreaded BSOD. Techs and Specs below:

 

SYSTEM:

Windows 7 Home Premium 64-bit

Lenovo V570, Intel i5 2.4 ghz, 4gb RAM

Avast anti-virus

 

STATUS:

Boot into safe mode (minimal, networking, cmd prompt) doesn't work. It hangs on aswrvrt.sys and then goes to BSOD.

Startup repair cannot repair the problem automatically.

Last known good configuration does not boot.

There is no system restore point to load.

I can get into System Recovery Options to access Command Prompt, so I've run FRST64.exe from my USB drive, but I do not know how to make a fixlist.txt from the log it generated. (see attached)

 

FRST appears to flag Avast, Rundll, and safeboot in the log...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014

Ran by SYSTEM on MININT-76Q5BM4 on 20-06-2014 09:52:57

Running from G:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)

HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)

HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-09-06] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-06] (Lenovo(beijing) Limited)

HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-09-06] (Lenovo)

HKLM\...\Run: [boxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [13502744 2014-06-15] (Box, Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)

HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-29] (AVAST Software)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)

HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-26] (APN)

HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2627728 2012-09-24] (Bradford Networks)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

HKLM-x32\...\RunOnce: [20140529] - C:\Program Files\AVAST Software\Avast\setup\emupdate\64870614-9e16-494d-936d-7608f5818fb6.exe /check [183208 2014-06-03] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\Owner\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\Owner\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\Owner\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\Owner\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)

HKU\Owner\...\Run: [backgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION

HKU\Owner\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)

HKU\Owner\...\RunOnce: [Application Restart #0] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\Owner\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)

HKU\Owner\...\RunOnce: [Application Restart #2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)

HKU\Owner\...\RunOnce: [Application Restart #3] - C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [1423008 2014-05-15] (Microsoft Corporation)

HKU\Owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File

BootExecute: autocheck autochk * FbDefrag

 

==================== Services (Whitelisted) =================

 

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)

S2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)

S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-05-12] (Box, Inc.)

S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )

S2 ExpatShieldService; C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()

S3 ExpatTrayService; C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()

S2 ExpatWd; C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-04] ()

S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()

 

==================== Drivers (Whitelisted) ====================

 

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-29] (AVAST Software)

S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-08-29] (AVAST Software)

S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-29] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-29] ()

S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-29] (AVAST Software)

S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-29] (AVAST Software)

S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-29] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-29] ()

S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)

S3 BcmSqlStartupSvc; 

S2 CLKMSVC10_3A60B698; 

S2 CLKMSVC10_C3B3B687; 

S2 DriverService; 

S2 IAStorDataMgrSvc; 

S2 iATAgentService; 

S2 idealife Update Service; 

S3 IGRS; 

S2 IviRegMgr; 

S2 nvUpdatusService; 

S2 Oasis2Service; 

S2 PCCarerService; 

S2 ReadyComm.DirectRouter; 

S2 RichVideo; 

S2 RtLedService; 

S2 SeaPort; 

S2 SoftwareService; 

S3 SQLWriter; 

S2 Stereo Service; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-19 17:16 - 2014-06-20 09:52 - 00000000 ____D () C:\FRST

2014-06-18 13:13 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-06-18 13:13 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-06-18 13:13 - 2014-05-30 01:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-06-18 13:13 - 2014-05-30 01:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-06-18 13:13 - 2014-05-30 01:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-06-18 13:13 - 2014-05-30 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-06-18 13:13 - 2014-05-30 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-06-18 13:13 - 2014-05-30 01:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-06-18 13:13 - 2014-05-30 01:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-06-18 13:13 - 2014-05-30 01:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-18 13:13 - 2014-05-30 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-06-18 13:13 - 2014-05-30 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-18 13:13 - 2014-05-30 00:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-06-18 13:13 - 2014-05-30 00:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-06-18 13:13 - 2014-05-30 00:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-18 13:13 - 2014-05-30 00:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-06-18 13:13 - 2014-05-30 00:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-18 13:13 - 2014-05-30 00:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-18 13:13 - 2014-05-30 00:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-18 13:13 - 2014-05-30 00:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-06-18 13:13 - 2014-05-30 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-18 13:13 - 2014-05-30 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-18 13:13 - 2014-05-30 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-18 13:13 - 2014-05-30 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-06-18 13:13 - 2014-05-30 00:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-18 13:13 - 2014-05-30 00:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-18 13:13 - 2014-05-30 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-06-18 13:13 - 2014-05-30 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-18 13:13 - 2014-05-30 00:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-18 13:13 - 2014-05-30 00:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-18 13:13 - 2014-05-30 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-18 13:13 - 2014-05-30 00:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-18 13:13 - 2014-05-29 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-18 13:13 - 2014-05-29 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-18 13:13 - 2014-05-29 23:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-18 13:13 - 2014-05-29 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-18 13:13 - 2014-05-29 23:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-06-18 13:13 - 2014-05-29 23:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-18 13:13 - 2014-05-29 23:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-06-18 13:13 - 2014-05-29 23:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-18 13:13 - 2014-05-29 23:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-18 13:13 - 2014-05-29 23:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-18 13:13 - 2014-05-08 01:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2014-06-18 13:13 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2014-06-18 13:13 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll

2014-06-18 13:13 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-18 13:13 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2014-06-18 13:13 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2014-06-18 13:13 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2014-06-18 13:13 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2014-06-18 13:13 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll

2014-06-18 13:13 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2014-06-18 13:13 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-18 13:13 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-18 13:13 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-18 13:13 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-18 13:12 - 2014-05-30 02:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-06-18 13:12 - 2014-05-30 01:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-06-18 13:12 - 2014-05-30 01:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-06-18 13:12 - 2014-05-30 01:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-06-18 13:12 - 2014-05-30 01:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-06-18 13:12 - 2014-05-30 01:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-06-18 13:12 - 2014-05-30 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-06-18 13:12 - 2014-05-30 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2014-06-18 13:12 - 2014-05-29 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-06-18 13:12 - 2014-05-29 23:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-06-18 13:11 - 2014-06-08 01:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

2014-06-18 13:11 - 2014-06-08 01:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

 

==================== One Month Modified Files and Folders =======

 

2014-06-20 09:52 - 2014-06-19 17:16 - 00000000 ____D () C:\FRST

2014-06-19 10:08 - 2011-09-06 18:21 - 00747392 _____ () C:\Windows\System32\TPHDLOG0.LOG

2014-06-19 10:08 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-19 10:08 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-19 10:07 - 2014-03-22 08:39 - 02946200 _____ () C:\Windows\System32\PsBoot.log

2014-06-19 10:07 - 2014-03-22 08:39 - 00838134 _____ () C:\Windows\System32\defragLog.log

2014-06-19 10:07 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-19 10:07 - 2009-07-13 20:51 - 00070160 _____ () C:\Windows\setupact.log

2014-06-19 09:59 - 2011-09-06 18:30 - 00734183 _____ () C:\Windows\System32\fastboot.set

2014-06-19 09:58 - 2011-10-22 06:46 - 00000000 ___RD () C:\Users\Owner\Dropbox

2014-06-19 09:58 - 2011-09-06 17:38 - 01275657 _____ () C:\Windows\WindowsUpdate.log

2014-06-19 09:23 - 2011-09-06 18:27 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-19 09:20 - 2011-09-06 18:21 - 03828096 _____ () C:\Windows\System32\TPAPSLOG.LOG

2014-06-19 09:19 - 2013-08-07 18:11 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1512396293-3231289414-3376205821-1000UA.job

2014-06-19 09:08 - 2014-04-12 06:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live

2014-06-19 09:00 - 2013-02-28 13:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-19 05:43 - 2013-08-15 14:26 - 00000000 ____D () C:\Windows\System32\MRT

2014-06-19 05:41 - 2013-08-07 18:11 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1512396293-3231289414-3376205821-1000Core.job

2014-06-19 05:41 - 2011-09-06 18:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-19 05:38 - 2011-10-08 04:40 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2014-06-19 05:37 - 2011-10-22 07:06 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-19 05:35 - 2014-05-08 21:17 - 00000000 ___SD () C:\Windows\System32\CompatTel

2014-06-19 05:33 - 2013-12-31 10:45 - 00000000 ___RD () C:\Users\Owner\Google Drive

2014-06-19 05:33 - 2013-09-23 05:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-18 13:07 - 2011-10-22 06:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox

2014-06-18 09:51 - 2014-05-16 08:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\Box Sync

2014-06-08 01:13 - 2014-06-18 13:11 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

2014-06-08 01:08 - 2014-06-18 13:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

2014-05-30 02:21 - 2014-06-18 13:12 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-05-30 02:02 - 2014-06-18 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-05-30 02:02 - 2014-06-18 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-05-30 01:45 - 2014-06-18 13:13 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-05-30 01:39 - 2014-06-18 13:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-05-30 01:39 - 2014-06-18 13:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-05-30 01:38 - 2014-06-18 13:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-05-30 01:28 - 2014-06-18 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-05-30 01:27 - 2014-06-18 13:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-05-30 01:24 - 2014-06-18 13:13 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-05-30 01:21 - 2014-06-18 13:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-05-30 01:21 - 2014-06-18 13:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-05-30 01:20 - 2014-06-18 13:12 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-05-30 01:18 - 2014-06-18 13:13 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-30 01:11 - 2014-06-18 13:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-05-30 01:08 - 2014-06-18 13:12 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-05-30 01:06 - 2014-06-18 13:13 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-05-30 01:02 - 2014-06-18 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-30 00:55 - 2014-06-18 13:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-05-30 00:49 - 2014-06-18 13:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-05-30 00:46 - 2014-06-18 13:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-05-30 00:44 - 2014-06-18 13:13 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-30 00:44 - 2014-06-18 13:13 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-05-30 00:43 - 2014-06-18 13:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-30 00:42 - 2014-06-18 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-05-30 00:38 - 2014-06-18 13:13 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-30 00:35 - 2014-06-18 13:13 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-05-30 00:34 - 2014-06-18 13:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-30 00:33 - 2014-06-18 13:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-30 00:30 - 2014-06-18 13:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-30 00:29 - 2014-06-18 13:13 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-05-30 00:28 - 2014-06-18 13:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-30 00:27 - 2014-06-18 13:13 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-30 00:24 - 2014-06-18 13:12 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2014-05-30 00:23 - 2014-06-18 13:13 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-05-30 00:16 - 2014-06-18 13:13 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-30 00:10 - 2014-06-18 13:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-05-30 00:06 - 2014-06-18 13:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-30 00:04 - 2014-06-18 13:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-30 00:02 - 2014-06-18 13:13 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-29 23:56 - 2014-06-18 13:13 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-29 23:56 - 2014-06-18 13:12 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-05-29 23:54 - 2014-06-18 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-29 23:50 - 2014-06-18 13:13 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-05-29 23:49 - 2014-06-18 13:13 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-29 23:43 - 2014-06-18 13:13 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-05-29 23:40 - 2014-06-18 13:13 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-29 23:30 - 2014-06-18 13:13 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-05-29 23:21 - 2014-06-18 13:13 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-29 23:15 - 2014-06-18 13:13 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-29 23:13 - 2014-06-18 13:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-29 23:13 - 2014-06-18 13:12 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-05-29 06:34 - 2014-05-04 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DropboxMaster

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\APNSetup.exe

C:\Users\Owner\AppData\Local\Temp\conduitinstaller.exe

C:\Users\Owner\AppData\Local\Temp\DeleteVF.exe

C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwxpvpe.dll

C:\Users\Owner\AppData\Local\Temp\j2eezwll.dll

C:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\log4net.dll

C:\Users\Owner\AppData\Local\Temp\nsb783.exe

C:\Users\Owner\AppData\Local\Temp\nsrDB14.exe

C:\Users\Owner\AppData\Local\Temp\ose00000.exe

C:\Users\Owner\AppData\Local\Temp\RDVAlert.exe

C:\Users\Owner\AppData\Local\Temp\SecondStepInstaller.exe

C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Owner\AppData\Local\Temp\SPStub.exe

C:\Users\Owner\AppData\Local\Temp\SyncRestarter.exe

C:\Users\Owner\AppData\Local\Temp\sync_upgrader.exe

C:\Users\Owner\AppData\Local\Temp\uninstall.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

 

==================== Restore Points  =========================

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 11%

Total physical RAM: 6058.17 MB

Available physical RAM: 5335.11 MB

Total Pagefile: 6056.37 MB

Available Pagefile: 5334.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:654.69 GB) (Free:539.88 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:15.57 GB) NTFS

Drive g: (LITTLEOTTER) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2AF26336)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 11938486)

Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

 

 

LastRegBack: 2014-06-18 15:52

 

==================== End Of Log ============================

 

Can anyone help me?

FRST.txt

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Re-boot, see if Windows will load normally....

fixlist.txt

[tomgartin]

Thanks, I'll give it a shot.

 

(And this is a legitimate copy of Windows, if that's what you were getting at.)

[kevinf80]

I`m getting at nothing, I post standard introduction to make you aware of forum protocol.....

[tomgartin]

Hi, sorry for the delayed response. Things have been hectic at work the past couple days, but I wanted to give the ending to the story.

 

The fixlist here didn't work for me, so I went ahead and just bought a SATA->USB adapter and pulled the data with my laptop. Then I tried doing a clean install of Windows 7, since I have the disc, but it would only install with the EFI file system, meaning my system image backup of her computer could not be extracted since it was made with the BIOS system, and my attempts to force a BIOS type installation failed miserably. We have identical laptops since we bought the same model at the same time, so the only way to get all the correct drivers onto her laptop after that was to use the software that came with my SATA adapter. With all hope lost, I cloned my entire HD onto my wife's HD, then replaced all "my" data with hers. It's up and running now, with the only traces of the fix being (1) the Windows/User folder is called "Tom" instead of "Miranda" and (2) the Windows product key is the one for my laptop and it's not worth the trouble to correct it.

 

TL;DR Her laptop was so ####ed that I cloned my own HD to save it.

 

Again, sorry for the delayed response to your kind support. Thank you for your patience. I wish you all the best.

[kevinf80]

I guess we can close this one out as you`ve done your fix... The following link will show how to changer "user" names:

 

http://www.sevenforums.com/tutorials/147545-user-profile-folder-change-user-account-folder-name.html

 

Take care and surf safe,

 

Kevin

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!