Programs crashing, restarts, blue screens (from Windows 7 help)

**kushiro** · 23-09-2010

The following logs are from scans done, at Broni's instruction, to address blue screens and crashes and other cute occurrences.

MBAM
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4674

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/23/2010 12:20:11 AM
mbam-log-2010-09-23 (00-20-11).txt

Scan type: Quick scan
Objects scanned: 132812
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gmer
When I tried to run Gmer, it opened and I got the following message:
"C:\Windows\system32\config\system: The system cannot find the file specified."

I clicked OK and then clicked Scan, and I got another message:
"C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process."
I clicked OK on that, and it performed a scan.

"Gmer hasn't found any system modification."
Log was blank.

MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 183):
0x02A0F000 \SystemRoot\system32\ntoskrnl.exe
0x02FEB000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00C64000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C71000 \SystemRoot\system32\PSHED.dll
0x00C85000 \SystemRoot\system32\CLFS.SYS
0x00CE3000 \SystemRoot\system32\CI.dll
0x00ECB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F7E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FDE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DA3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DBD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DC6000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DF0000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00C00000 \SystemRoot\system32\DRIVERS\mv61xx.sys
0x01008000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x01037000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01042000 \SystemRoot\system32\drivers\fltmgr.sys
0x0108E000 \SystemRoot\system32\drivers\fileinfo.sys
0x01213000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010A2000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01100000 \SystemRoot\System32\Drivers\cng.sys
0x013D0000 \SystemRoot\System32\drivers\pcw.sys
0x013E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01401000 \SystemRoot\system32\drivers\ndis.sys
0x014F3000 \SystemRoot\system32\drivers\NETIO.SYS
0x01553000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0157E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01173000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015C8000 \SystemRoot\System32\Drivers\spldr.sys
0x011BF000 \SystemRoot\System32\drivers\rdyboost.sys
0x015D0000 \SystemRoot\System32\Drivers\mup.sys
0x015E2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01858000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01892000 \SystemRoot\system32\DRIVERS\disk.sys
0x018A8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018D8000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01918000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01942000 \SystemRoot\System32\Drivers\Null.SYS
0x0194B000 \SystemRoot\System32\Drivers\Beep.SYS
0x01952000 \SystemRoot\System32\drivers\vga.sys
0x01960000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01985000 \SystemRoot\System32\drivers\watchdog.sys
0x01995000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0199E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019A7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019BB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019CC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01800000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02CC2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D07000 \SystemRoot\system32\drivers\afd.sys
0x02D91000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D9A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DC0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C80000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C97000 \SystemRoot\System32\drivers\discache.sys
0x00C46000 \SystemRoot\System32\Drivers\dfsc.sys
0x02CA6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02CB7000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03E88000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03ECF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03EF5000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03F0A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04876000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04022000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04116000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0415C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04180000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x041B2000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x041F0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04F20000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04000000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04011000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04F76000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04019000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04F82000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04F92000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04FCC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04FA8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04FD8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04FE7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04800000 \SystemRoot\system32\DRIVERS\ks.sys
0x04843000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03F40000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03F9A000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x03FBC000 \SystemRoot\system32\drivers\portcls.sys
0x03E00000 \SystemRoot\system32\drivers\drmk.sys
0x04855000 \SystemRoot\system32\drivers\ksthunk.sys
0x0581A000 \SystemRoot\system32\drivers\viahduaa.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x059AB000 \SystemRoot\System32\drivers\Dxapi.sys
0x059B7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059C5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x059D1000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x059DC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x059EF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x059FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E22000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00720000 \SystemRoot\System32\cdd.dll
0x05800000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03E3F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0580E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03E58000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x018E0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03E65000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00960000 \SystemRoot\System32\ATMFD.DLL
0x02A2B000 \SystemRoot\system32\drivers\luafv.sys
0x02A4E000 \SystemRoot\system32\drivers\WudfPf.sys
0x02A6F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A84000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A9C000 \SystemRoot\system32\drivers\HTTP.sys
0x02B64000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B82000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B9A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x064CA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06518000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0653B000 \SystemRoot\system32\drivers\peauth.sys
0x065E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06400000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0642D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0643F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0687B000 \SystemRoot\System32\DRIVERS\srv.sys
0x069B5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76E00000 \Windows\System32\ntdll.dll
0x47B40000 \Windows\System32\smss.exe
0xFF120000 \Windows\System32\apisetschema.dll
0xFF770000 \Windows\System32\autochk.exe
0xFF030000 \Windows\System32\advapi32.dll
0x76FD0000 \Windows\System32\normaliz.dll
0xFE2A0000 \Windows\System32\shell32.dll
0xFE200000 \Windows\System32\comdlg32.dll
0xFE0D0000 \Windows\System32\rpcrt4.dll
0xFE050000 \Windows\System32\shlwapi.dll
0xFDFD0000 \Windows\System32\difxapi.dll
0x76CE0000 \Windows\System32\kernel32.dll
0xFDF80000 \Windows\System32\Wldap32.dll
0xFDEB0000 \Windows\System32\usp10.dll
0xFDEA0000 \Windows\System32\lpk.dll
0xFDDC0000 \Windows\System32\oleaut32.dll
0x76FC0000 \Windows\System32\psapi.dll
0xFDB60000 \Windows\System32\iertutil.dll
0xFDAC0000 \Windows\System32\clbcatq.dll
0xFD990000 \Windows\System32\wininet.dll
0xFD920000 \Windows\System32\gdi32.dll
0xFD740000 \Windows\System32\setupapi.dll
0xFD5C0000 \Windows\System32\urlmon.dll
0xFD5B0000 \Windows\System32\nsi.dll
0xFD590000 \Windows\System32\imagehlp.dll
0xFD540000 \Windows\System32\ws2_32.dll
0xFD4A0000 \Windows\System32\msvcrt.dll
0xFD480000 \Windows\System32\sechost.dll
0xFD270000 \Windows\System32\ole32.dll
0x76BE0000 \Windows\System32\user32.dll
0xFD240000 \Windows\System32\imm32.dll
0xFD130000 \Windows\System32\msctf.dll
0xFD0F0000 \Windows\System32\cfgmgr32.dll
0xFCF80000 \Windows\System32\crypt32.dll
0xFCF40000 \Windows\System32\wintrust.dll
0xFCF20000 \Windows\System32\devobj.dll
0xFCE80000 \Windows\System32\comctl32.dll
0xFCE10000 \Windows\System32\KernelBase.dll
0xFCE00000 \Windows\System32\msasn1.dll
0x76FB0000 \Windows\SysWOW64\normaliz.dll

Processes (total 49):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
332 csrss.exe
396 C:\Windows\System32\wininit.exe
416 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
424 csrss.exe
432 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
540 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
572 C:\Windows\System32\winlogon.exe
588 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
744 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\atiesrxx.exe
952 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\atieclxx.exe
1548 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
1672 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1720 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1744 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1984 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2004 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2336 C:\Windows\System32\taskhost.exe
2424 C:\Windows\System32\dwm.exe
2444 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2792 C:\Windows\explorer.exe
2932 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
3032 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3068 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2764 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
908 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3100 C:\Windows\System32\SearchIndexer.exe
3612 C:\Windows\System32\wuauclt.exe
2088 WmiPrvSE.exe
3024 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3992 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3960 C:\Windows\System32\audiodg.exe
316 C:\Windows\System32\SearchProtocolHost.exe
2908 C:\Windows\System32\SearchFilterHost.exe
3228 C:\Users\Sam\Downloads\Desktop\MBRCheck.exe
3312 C:\Windows\System32\conhost.exe
1992 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00E3A0, Rev: 05.01D05

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

OTL
OTL.txt

OTL logfile created on: 9/23/2010 12:33:40 AM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sam\Downloads\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 508.35 Gb Free Space | 85.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-PC
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/23 00:13:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Downloads\Desktop\OTL.exe
PRC - [2010/07/21 18:13:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 19:47:13 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 19:47:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 19:47:09 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

========== Modules (SafeList) ==========

MOD - [2010/09/23 00:13:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Downloads\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/06 22:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/21 18:13:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 19:47:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/08 11:18:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/16 19:47:13 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/16 19:47:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 20:35:43 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/06 22:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/06 21:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 06

42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 04:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/11 18:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 88 4F 9C 73 FF CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/04 16:22:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 11:10:37 | 000,000,000 | ---D | M]

[2010/05/31 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2010/09/23 00:30:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\x3y1qfx9.default\extensions
[2010/08/18 21:09:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\x3y1qfx9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/09 09:48:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/21 20:12:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 09:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 11:13:36 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (www)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/23 00:17:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/23 00:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/23 00:14:10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sam\Downloads\Desktop\mbam-setup-1.46.exe
[2010/09/23 00:13:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Downloads\Desktop\OTL.exe
[2010/09/23 00:03:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Downloads\Desktop\TFC.exe
[2010/09/07 21

24 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\receipt.asp_files
[2010/08/21 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\00
[2010/08/17 21:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/08/13 22:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010/08/09 09:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/08 20:26:11 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Epson
[2010/08/08 20:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2010/08/08 20:24:54 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\InstallShield
[2010/08/08 20:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/08/08 20:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/08/01 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename
[2010/08/01 19:12:23 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\tunes
[2010/07/29 23:19:28 | 000,839,680 | ---- | C] (www) -- C:\Windows\SysWow64\lameACM.acm
[2010/07/29 23:19:28 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/07/29 23:19:28 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/07/29 23:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/07/29 23:16:52 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Media Player Classic
[2010/07/29 23:12:15 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\VirtualDub-1.9.9
[2010/07/23 11:10:48 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Foxit Software
[2010/07/23 11:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/07/22 18:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/07/22 18:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/22 18:04:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/22 18:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/22 18:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/22 18:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/07/22 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Microsoft Help
[2010/07/22 18:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/07/22 18:03:12 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/21 18:13:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/07/16 19:47:12 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/27 18:24:47 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Diagnostics

========== Files - Modified Within 90 Days ==========

[2010/09/23 00:33:46 | 003,407,872 | -HS- | M] () -- C:\Users\Sam\ntuser.dat
[2010/09/23 00:23:13 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 00:23:13 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 00:20:19 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/23 00:20:19 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/23 00:20:19 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/23 00:17:27 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 00:16:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/23 00:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/23 00:15:59 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 00:15:11 | 005,220,844 | -H-- | M] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2010/09/23 00:14:15 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sam\Downloads\Desktop\mbam-setup-1.46.exe
[2010/09/23 00:13:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Downloads\Desktop\OTL.exe
[2010/09/23 00:13:31 | 000,080,384 | ---- | M] () -- C:\Users\Sam\Downloads\Desktop\MBRCheck.exe
[2010/09/23 00:13:12 | 000,293,376 | ---- | M] () -- C:\Users\Sam\Downloads\Desktop\0w714dlr.exe
[2010/09/23 00:03:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Downloads\Desktop\TFC.exe
[2010/09/23 00:00:48 | 065,161,460 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/21 23:12:34 | 151,664,998 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/21 23:11:50 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/09/21 09:53:41 | 000,004,346 | ---- | M] () -- C:\Users\Sam\Downloads\Desktop\BlueScreenView.lnk
[2010/09/07 21:57:23 | 000,011,226 | ---- | M] () -- C:\Users\Sam\Documents\receipt.asp.htm
[2010/09/05 00:38:35 | 007,450,485 | ---- | M] () -- C:\Users\Sam\Documents\dlink.PDF
[2010/08/17 21:16:59 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2010/08/13 22:03:10 | 000,013,089 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/08/13 22:02:59 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/08/08 20:25:38 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2010/08/08 20:12:42 | 000,039,424 | ---- | M] () -- C:\Users\Sam\Documents\agco hearing notes.doc
[2010/08/08 19:20:04 | 000,000,162 | -H-- | M] () -- C:\Users\Sam\Documents\~$co hearing notes.doc
[2010/08/01 19:17:59 | 000,001,051 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Tag&Rename.lnk
[2010/08/01 19:17:59 | 000,001,027 | ---- | M] () -- C:\Users\Sam\Downloads\Desktop\Tag&Rename.lnk
[2010/07/23 22:57:21 | 000,007,601 | ---- | M] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2010/07/23 13:16:10 | 000,027,648 | ---- | M] () -- C:\Users\Sam\Documents\jmancuso-cover.doc
[2010/07/23 13:15:01 | 000,048,128 | ---- | M] () -- C:\Users\Sam\Documents\jmancuso-resume.doc
[2010/07/23 11:10:37 | 000,001,258 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/23 11:10:37 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/23 09:00:52 | 000,063,568 | ---- | M] () -- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 09:00:33 | 002,229,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/16 19:47:13 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/16 19:47:12 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/16 19:47:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/14 04:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/07/14 04:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/07/08 21:49:02 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{c3dd983f-8afb-11df-b4df-e0cb4ebac608}.TMContainer00000000000000000002.regt rans-ms
[2010/07/08 21:49:02 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{c3dd983f-8afb-11df-b4df-e0cb4ebac608}.TMContainer00000000000000000001.regt rans-ms
[2010/07/08 21:49:02 | 000,065,536 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{c3dd983f-8afb-11df-b4df-e0cb4ebac608}.TM.blf
[2010/06/29 11:37:13 | 000,027,617 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

========== Files Created - No Company Name ==========

[2010/09/23 00:17:27 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 00:13:30 | 000,080,384 | ---- | C] () -- C:\Users\Sam\Downloads\Desktop\MBRCheck.exe
[2010/09/23 00:13:12 | 000,293,376 | ---- | C] () -- C:\Users\Sam\Downloads\Desktop\0w714dlr.exe
[2010/09/21 23:11:50 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2010/09/21 09:53:41 | 000,004,346 | ---- | C] () -- C:\Users\Sam\Downloads\Desktop\BlueScreenView.lnk
[2010/09/07 21

56 | 000,011,226 | ---- | C] () -- C:\Users\Sam\Documents\receipt.asp.htm
[2010/09/05 00:37:56 | 007,450,485 | ---- | C] () -- C:\Users\Sam\Documents\dlink.PDF
[2010/08/17 21:16:59 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2010/08/13 22:03:10 | 004,131,192 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/08/13 22:03:10 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/08/13 22:03:10 | 000,013,089 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/08/08 20:25:38 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2010/08/08 20:24:55 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/08/08 20:24:55 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/08/08 20:24:55 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/08/08 20:24:55 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/08/08 20:24:55 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/08/08 20:24:55 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/08/08 20:24:55 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/08/08 20:24:55 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2010/08/08 20:24:55 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/08/08 20:24:55 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2010/08/08 20:24:55 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2010/08/08 20:24:55 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2010/08/08 20:24:55 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2010/08/08 20:24:55 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2010/08/08 20:24:55 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/08/08 20:24:55 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/08/08 20:24:55 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/08/08 20:24:55 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/08/08 20:24:55 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/08/08 20:24:55 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/08/08 20:24:55 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/08/08 20:24:55 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/08/08 19:20:04 | 000,000,162 | -H-- | C] () -- C:\Users\Sam\Documents\~$co hearing notes.doc
[2010/08/08 19:20:03 | 000,039,424 | ---- | C] () -- C:\Users\Sam\Documents\agco hearing notes.doc
[2010/08/01 19:17:59 | 000,001,051 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Tag&Rename.lnk
[2010/08/01 19:17:59 | 000,001,027 | ---- | C] () -- C:\Users\Sam\Downloads\Desktop\Tag&Rename.lnk
[2010/07/29 23:19:28 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/29 23:19:28 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/29 23:19:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/07/29 23:19:28 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/07/29 23:19:28 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/07/29 23:19:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/07/29 23:16:09 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/23 22:57:21 | 000,007,601 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2010/07/23 13:09:16 | 000,027,648 | ---- | C] () -- C:\Users\Sam\Documents\jmancuso-cover.doc
[2010/07/23 13:04:25 | 000,048,128 | ---- | C] () -- C:\Users\Sam\Documents\jmancuso-resume.doc
[2010/07/23 11:10:37 | 000,001,258 | ---- | C] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/23 11:10:37 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/08 21:46:32 | 000,524,288 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{c3dd983f-8afb-11df-b4df-e0cb4ebac608}.TMContainer00000000000000000002.regt rans-ms
[2010/07/08 21:46:32 | 000,524,288 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{c3dd983f-8afb-11df-b4df-e0cb4ebac608}.TMContainer00000000000000000001.regt rans-ms
[2010/07/08 21:46:32 | 000,065,536 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{c3dd983f-8afb-11df-b4df-e0cb4ebac608}.TM.blf
[2010/05/10 17:43:31 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/05/10 15:09:10 | 000,035,319 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/05/10 15:08:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/10 15:08:49 | 000,027,617 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/08/08 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Epson
[2010/07/23 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Foxit Software
[2010/05/29 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LockHunter
[2010/09/21 20:52:23 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/09/21 23:11:50 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/09/23 00:15:59 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/23 00:16:00 | 4294,103,040 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/10 17:59:39 | 000,000,221 | -HS- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/21 18:45:20 | 000,000,402 | -HS- | M] () -- C:\Users\Sam\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

There was no Extras.log generated (or at least I couldn't find it anywhere).

**broni** · 24-09-2010

I don't see anything malicious here, so I assume, back to your old topic....

**kushiro** · 24-09-2010

OK then. At least that's good news.

**broni** · 24-09-2010

Programs crashing, restarts, blue screens (from Windows 7 help)

Programs crashing, restarts, blue screens (from Windows 7 help)

Similar Threads

Programs crashing, restarts, blue screens, invalid files...stress

Blue Screens, Constantly Restarts, Need Help, Please and Thank You

many blue screens!please help...

Getting lots of blue screens...

My PC blue screens a lot!