System Restore and BSOD

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

System Restore and BSOD3rd September 2010, 10:11 am

I was recently streaming videos on zshare. Then a anti virus thing popped up and said I had a virus and I tried to close it and but It kept popping up and then my task manager was disabled so I restarted my computer and tried to do a system restore. But it was disabled so I googled around and tried to enable it again but some people recommended me going into regedit and changing something and now when I turn on my computer I get the BSOD after Windows XP load screen finishes. I can only access my computer in safe mode.

This is a hijackthis log.

Thank you in advance if you can provide any assistance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:06:59 PM, on 3/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\svc2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Danny Nguyen\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 74.208.10.249 gs.apple.com
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nxcweamros.tmp] "C:\DOCUME~1\DANNYN~1\LOCALS~1\Temp\nxcweamros.tmp"
O4 - HKLM\..\Run: [Eqajubozera] rundll32.exe "C:\WINDOWS\ekofimifetelag.dll",Startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetLog2] C:\WINDOWS\svc2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D78F4511-3B80-4015-8891-D94F6EA92FB5}: NameServer = 220.233.0.4,220.223.0.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8374 bytes

Re: System Restore and BSOD3rd September 2010, 11:41 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O1 - Hosts: 74.208.10.249 gs.apple.com
O4 - HKLM\..\Run: [nxcweamros.tmp] "C:\DOCUME~1\DANNYN~1\LOCALS~1\Temp\nxcweamros.tmp"
O4 - HKLM\..\Run: [Eqajubozera] rundll32.exe "C:\WINDOWS\ekofimifetelag.dll",Startup
O4 - HKCU\..\Run: [NetLog2] C:\WINDOWS\svc2.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: System Restore and BSOD4th September 2010, 1:05 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4534

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

4/09/2010 11:04:28 AM
mbam-log-2010-09-04 (11-04-28).txt

Scan type: Quick scan
Objects scanned: 136589
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Antivirus2010) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Antivirus2010) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\2008.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\svc2.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danny Nguyen\Local Settings\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Re: System Restore and BSOD4th September 2010, 4:47 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: System Restore and BSOD5th September 2010, 6:28 am

ComboFix 10-09-04.05 - Danny Nguyen 05/09/2010 16:12:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2894 [GMT 10:00]
Running from: c:\documents and settings\Danny Nguyen\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danny Nguyen\.COMMgr
c:\documents and settings\Danny Nguyen\Application Data\6200AE0B8C951DD1AAA016C8F78D6AB1
c:\documents and settings\Danny Nguyen\Application Data\6200AE0B8C951DD1AAA016C8F78D6AB1\enemies-names.txt
c:\documents and settings\Danny Nguyen\Application Data\6200AE0B8C951DD1AAA016C8F78D6AB1\local.ini
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\{491BF40F-58E3-4870-B095-1D53D8EBEB4D}
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\{491BF40F-58E3-4870-B095-1D53D8EBEB4D}\chrome.manifest
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\{491BF40F-58E3-4870-B095-1D53D8EBEB4D}\chrome\content\_cfg.js
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\{491BF40F-58E3-4870-B095-1D53D8EBEB4D}\chrome\content\overlay.xul
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\{491BF40F-58E3-4870-B095-1D53D8EBEB4D}\install.rdf
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Windows Server
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\daemon.dll
c:\windows\system32\90980.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
\\.\PhysicalDrive0 - Bootkit Agent was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Agent was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 09:49 . 2010-09-04 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-09-04 09:18 . 2010-09-04 09:44 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-09-04 09:18 . 2008-04-13 19:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-04 09:18 . 2008-04-13 19:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-09-04 09:18 . 2008-04-13 12:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-04 09:12 . 2010-09-04 09:12 -------- d-----w- c:\windows\ServicePackFiles
2010-09-04 07:34 . 2001-08-23 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2010-09-04 07:33 . 2001-08-23 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2010-09-04 07:32 . 2008-04-13 19:42 45568 ----a-w- c:\windows\system32\safrslv.dll
2010-09-04 07:31 . 2008-04-13 19:42 226816 -c--a-w- c:\windows\system32\dllcache\npdrmv2.dll
2010-09-04 07:30 . 2008-04-13 19:42 67072 ----a-w- c:\windows\system32\rdshost.exe
2010-09-04 07:22 . 2008-04-13 14:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-09-04 07:22 . 2008-04-13 14:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-09-04 07:21 . 2008-04-13 19:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-09-04 07:21 . 2008-04-13 14:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-09-04 07:21 . 2008-04-13 19:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-09-04 07:21 . 2008-04-13 14:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-09-04 07:20 . 2008-04-13 19:42 146432 ----a-w- c:\windows\system\winspool.drv
2010-09-04 07:20 . 2008-04-13 14:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-09-04 07:20 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-04 07:20 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-04 07:20 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-04 07:20 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-04 07:20 . 2008-04-13 19:42 74752 ----a-w- c:\windows\system32\storprop.dll
2010-09-04 01:45 . 2008-04-14 08:00 82432 ---h-tw- c:\windows\system32\d0d0404.dll
2010-09-04 01:45 . 2008-04-14 08:00 82432 ---h-tw- c:\windows\system32\156743a.dll
2010-09-03 09:20 . 2010-09-03 09:20 -------- d-----w- c:\windows\XSxS
2010-09-03 09:20 . 2010-09-03 09:20 -------- d-----w- c:\program files\Xenocode
2010-09-03 09:20 . 2010-09-03 09:20 -------- d-----w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Xenocode
2010-09-03 08:48 . 2010-09-03 08:48 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-03 07:49 . 2010-09-03 07:49 0 ----a-w- c:\windows\Hyozusoya.bin
2010-09-03 07:49 . 2010-09-03 07:49 120 ----a-w- c:\windows\Fwabilobakamode.dat
2010-09-03 07:47 . 2010-09-03 08:37 -------- d-----w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\mnkcrbusq
2010-09-03 07:47 . 2010-09-03 08:37 -------- d-----w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\obpcrjhbc
2010-09-03 07:46 . 2010-09-04 15:52 -------- d-----w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\maldqpghu
2010-09-03 07:46 . 2010-09-03 08:37 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\maldqpghu
2010-08-29 05:05 . 2010-08-29 05:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2010-08-29 05:04 . 2010-08-29 05:04 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2010-08-29 05:04 . 2010-09-01 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-29 05:03 . 2009-04-03 06:00 1310720 ----a-w- c:\windows\system32\CNC560C.dll
2010-08-29 05:03 . 2009-04-03 05:59 110592 ----a-w- c:\windows\system32\CNC560I.dll
2010-08-29 05:03 . 2009-04-03 05:57 106496 ----a-w- c:\windows\system32\CNC560U.dll
2010-08-29 05:03 . 2009-03-19 04:38 303104 ----a-w- c:\windows\system32\CNC560L.dll
2010-08-29 05:03 . 2008-08-25 08:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-08-29 05:02 . 2010-08-29 05:02 -------- d-----w- c:\program files\Common Files\CANON
2010-08-29 04:59 . 2010-08-29 04:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-08-29 04:58 . 2009-03-23 19:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA0.DLL
2010-08-29 04:58 . 2009-03-23 19:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA0.DLL
2010-08-29 04:58 . 2009-03-23 19:00 272384 ----a-w- c:\windows\system32\CNMLMA0.DLL
2010-08-29 04:58 . 2010-08-29 04:58 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-08-29 04:58 . 2009-02-04 13:17 90112 ----a-w- c:\windows\system32\CNC560O.dll
2010-08-29 04:58 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA0.DLL
2010-08-29 04:58 . 2010-08-29 04:58 -------- d--h--w- c:\program files\CanonBJ
2010-08-29 04:57 . 2010-08-29 04:57 -------- d-----w- c:\windows\system32\STRING
2010-08-29 04:57 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-08-29 04:57 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-08-29 04:57 . 2010-08-29 04:57 -------- d-----w- c:\windows\system32\CHM
2010-08-29 04:57 . 2010-08-29 05:04 -------- d-----w- c:\program files\Canon
2010-08-16 06:54 . 2008-04-14 08:00 82432 ---h-tw- c:\windows\system32\85f0af4.dll
2010-08-16 06:54 . 2008-04-14 08:00 82432 ---h-tw- c:\windows\system32\1a9620e.dll
2010-08-16 06:40 . 2008-04-14 08:00 82432 ---h-tw- c:\windows\system32\2acd802.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 06:21 . 2010-04-21 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-05 06:21 . 2009-09-14 14:39 16608 ----a-w- c:\windows\gdrv.sys
2010-09-04 11:38 . 2009-09-14 14:29 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-04 09:49 . 2009-09-14 14:56 69624 ----a-w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-04 09:48 . 2009-12-14 12:39 -------- d-----w- c:\program files\ATI
2010-09-04 07:53 . 2010-05-17 23:38 -------- d-----w- c:\program files\ATI Technologies
2010-09-04 07:33 . 2010-09-04 07:33 558142 ----a-w- c:\windows\java\Packages\FDN3VPFP.ZIP
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\5ZBZXB9Z.DAT
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\YZT7J7BL.DAT
2010-09-04 07:33 . 2010-09-04 07:33 155995 ----a-w- c:\windows\java\Packages\IIAJTNHZ.ZIP
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\WG0TV3Z3.DAT
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\BRBFLRVZ.DAT
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\7BJNDBTZ.DAT
2010-09-04 07:31 . 2009-09-14 14:29 22720 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-09-04 01:59 . 2010-08-17 07:50 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-09-04 01:54 . 2010-09-04 01:54 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-04 01:33 . 2009-09-29 07:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-04 01:23 . 2010-04-21 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-09-04 01:22 . 2010-04-21 07:37 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-03 09:29 . 2010-04-21 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 06:12 . 2009-09-14 16:15 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\uTorrent
2010-09-02 21:15 . 2010-03-21 10:51 256 ----a-w- c:\windows\system32\pool.bin
2010-09-02 05:24 . 2009-09-14 16:16 -------- d-----w- c:\program files\uTorrent
2010-08-31 07:37 . 2009-11-23 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-08-31 05:35 . 2009-11-23 22:03 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-29 05:07 . 2009-10-07 22:50 -------- d-----w- c:\program files\Brother
2010-08-29 05:07 . 2009-09-14 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-27 07:00 . 2010-08-27 07:00 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe
2010-08-26 13:14 . 2009-09-28 11:13 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\FrostWire
2010-08-24 09:18 . 2009-09-14 15:56 -------- d-----w- c:\program files\Warcraft III
2010-08-19 23:52 . 2010-05-15 23:49 -------- d-----w- c:\program files\MapleStory
2010-08-18 05:47 . 2010-05-15 23:49 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-08-18 04:16 . 2010-08-18 04:16 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-16 22:04 . 2009-10-07 22:12 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\Nero
2010-08-16 14:43 . 2009-10-07 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-16 14:43 . 2009-10-07 22:11 -------- d-----w- c:\program files\Nero
2010-08-16 14:36 . 2009-10-07 22:11 -------- d-----w- c:\program files\Common Files\Nero
2010-08-14 07:21 . 2009-12-12 05:25 -------- d-----r- c:\program files\Modern Warfare 2
2010-08-14 07:02 . 2009-12-15 00:35 -------- d-----w- c:\program files\Left 4 Dead 2
2010-08-12 01:59 . 2009-09-29 08:06 -------- d-----w- c:\program files\Cheat Engine
2010-08-01 03:43 . 2010-05-22 04:32 256 ----a-w- c:\documents and settings\Danny Nguyen\pool.bin
2010-07-29 16:48 . 2010-04-21 07:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 16:48 . 2010-04-21 07:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-26 05:47 . 2010-07-26 05:47 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-07-25 22:18 . 2010-06-24 14:14 -------- d-----w- c:\program files\WinSCP
2010-07-25 13:37 . 2010-07-25 13:37 -------- d-----w- c:\program files\Wide Angle Software
2010-07-25 13:32 . 2010-06-24 14:20 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\DiskAid
2010-07-25 01:32 . 2009-09-23 13:41 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\DivX
2010-07-24 03:04 . 2009-09-15 03:37 -------- d-----w- c:\program files\Steam
2010-07-22 05:19 . 2010-07-22 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-22 05:19 . 2010-07-22 05:19 -------- d-----w- c:\program files\DVD Shrink
2010-07-16 23:29 . 2010-07-05 02:26 96 ---ha-w- c:\windows\system32\HsInfo.dat
2010-07-14 22:37 . 2010-06-08 03:54 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-14 22:37 . 2010-06-08 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-14 22:36 . 2010-07-14 22:36 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-14 22:36 . 2009-09-23 13:41 -------- d-----w- c:\program files\DivX
2010-07-14 22:36 . 2010-07-14 22:36 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-14 22:35 . 2010-07-14 22:35 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-14 22:35 . 2010-07-14 22:35 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-14 22:33 . 2010-06-08 03:54 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-14 22:33 . 2010-06-08 03:54 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-07 07:22 . 2010-07-07 07:22 1861000 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe
2010-07-07 07:22 . 2010-07-07 07:22 1774992 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll
2010-07-01 11:35 . 2010-07-01 11:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-06-30 08:43 . 2010-06-30 08:43 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\uds.dll
2010-06-30 08:43 . 2010-06-30 08:43 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 08:42 . 2010-06-30 08:42 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\dns_client.dll
2010-06-16 20:33 . 2010-06-16 20:33 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-11 06:51 . 2010-06-11 06:51 3055600 ----a-w- c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 06:36 . 2010-06-11 06:36 275952 ----a-w- c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-09 23:01 . 2010-07-14 22:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-14 22:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-14 22:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-07-14 22:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-06-08 03:53 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-06-08 03:53 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 07:43 . 2010-06-09 07:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 07:43 . 2010-06-09 07:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-06-08 03:54 . 2010-06-08 03:54 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-08 03:54 . 2010-06-08 03:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-01 357096]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Danny Nguyen^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 08:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 05:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-10 12:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 07:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-28 12:55 136176 ----atw- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 00:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 06:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 00:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-19 23:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 05:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2009-10-27 04:10 401728 -c--a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-07 06:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-09-11 02:31 2836440 -c--a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-28 13:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-01 13:09 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\w3l.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CODWAW-KaOs\\CoDWaW.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Danny Nguyen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\bathroom_\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57437:TCP"= 57437:TCP:Pando Media Booster
"57437:UDP"= 57437:UDP:Pando Media Booster

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9/24/2009 1:33 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9/24/2009 1:33 PM 5248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [9/15/2009 12:39 AM 68136]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32856]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [6/25/2010 4:18 PM 28160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/17/2009 11:52 PM 722416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 10:57 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/15/2009 12:41 AM 1691480]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/2/2009 7:03 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/2/2009 7:03 PM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/3/2005 7:10 AM 32512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c447879d1b0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 12:55]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core1cb0c44b7efa93c.job
- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-28 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {D78F4511-3B80-4015-8891-D94F6EA92FB5} = 220.233.0.4,220.223.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Danny Nguyen\Application Data\Mozilla\Firefox\Profiles\v9b0dtyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll
SafeBoot-WudfPf
SafeBoot-WudfRd

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFEB008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x8afeb008
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9cd9bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9ce6a21
SendHandler -> NDIS.sys @ 0xb9cc487b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 5 !
copy of MBR has been found in sector 9 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1380)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-05 16:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 06:26

Pre-Run: 300,078,444,544 bytes free
Post-Run: 302,299,480,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

Current=4 Default=4 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 68BD22972D65E3B5A59C00CD488BEBB3

Re: System Restore and BSOD5th September 2010, 8:54 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File:: c:\windows\system32\d0d0404.dll c:\windows\system32\156743a.dll c:\windows\Hyozusoya.bin c:\windows\Fwabilobakamode.dat c:\windows\system32\85f0af4.dll c:\windows\system32\1a9620e.dll c:\windows\system32\2acd802.dll Folder:: c:\documents and settings\Danny Nguyen\Local Settings\Application Data\mnkcrbusq c:\documents and settings\Danny Nguyen\Local Settings\Application Data\obpcrjhbc c:\documents and settings\Danny Nguyen\Local Settings\Application Data\maldqpghu c:\documents and settings\Danny Nguyen\Application Data\maldqpghu MBR:: Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: System Restore and BSOD5th September 2010, 11:00 pm

ComboFix 10-09-04.06 - Danny Nguyen 06/09/2010 8:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2892 [GMT 10:00]
Running from: c:\documents and settings\Danny Nguyen\My Documents\Downloads\Programs\Combo-Fix.exe
Command switches used :: c:\documents and settings\Danny Nguyen\My Documents\Downloads\Programs\CFScript.txt.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\Fwabilobakamode.dat"
"c:\windows\Hyozusoya.bin"
"c:\windows\system32\156743a.dll"
"c:\windows\system32\1a9620e.dll"
"c:\windows\system32\2acd802.dll"
"c:\windows\system32\85f0af4.dll"
"c:\windows\system32\d0d0404.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danny Nguyen\Application Data\maldqpghu
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\maldqpghu
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\mnkcrbusq
c:\documents and settings\Danny Nguyen\Local Settings\Application Data\obpcrjhbc
c:\windows\Fwabilobakamode.dat
c:\windows\Hyozusoya.bin
c:\windows\system32\156743a.dll
c:\windows\system32\1a9620e.dll
c:\windows\system32\2acd802.dll
c:\windows\system32\85f0af4.dll
c:\windows\system32\d0d0404.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-05 22:28 . 2010-09-05 22:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-05 07:26 . 2010-09-05 07:26 -------- d-sh--w- c:\documents and settings\Danny Nguyen\PrivacIE
2010-09-05 07:25 . 2010-09-05 07:25 -------- d-sh--w- c:\documents and settings\Danny Nguyen\IETldCache
2010-09-05 07:20 . 2010-09-05 07:21 -------- dc-h--w- c:\windows\ie8
2010-09-05 05:49 . 2010-09-05 06:26 -------- d-----w- C:\Combo-Fix
2010-09-04 09:49 . 2010-09-04 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-09-04 09:18 . 2010-09-04 09:44 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-09-04 09:18 . 2008-04-13 19:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-04 09:18 . 2008-04-13 19:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-09-04 09:18 . 2008-04-13 12:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-04 09:12 . 2010-09-04 09:12 -------- d-----w- c:\windows\ServicePackFiles
2010-09-04 07:34 . 2001-08-23 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2010-09-04 07:33 . 2001-08-23 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2010-09-04 07:32 . 2008-04-13 19:42 45568 ----a-w- c:\windows\system32\safrslv.dll
2010-09-04 07:31 . 2008-04-13 19:42 226816 -c--a-w- c:\windows\system32\dllcache\npdrmv2.dll
2010-09-04 07:30 . 2008-04-13 19:42 67072 ----a-w- c:\windows\system32\rdshost.exe
2010-09-04 07:22 . 2008-04-13 14:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-09-04 07:22 . 2008-04-13 14:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-09-04 07:21 . 2008-04-13 19:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-09-04 07:21 . 2008-04-13 14:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-09-04 07:21 . 2008-04-13 19:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-09-04 07:21 . 2008-04-13 14:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-09-04 07:20 . 2008-04-13 19:42 146432 ----a-w- c:\windows\system\winspool.drv
2010-09-04 07:20 . 2008-04-13 14:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-09-04 07:20 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-04 07:20 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-04 07:20 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-04 07:20 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-04 07:20 . 2008-04-13 19:42 74752 ----a-w- c:\windows\system32\storprop.dll
2010-09-04 01:54 . 2010-09-04 01:54 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-03 09:20 . 2010-09-03 09:20 -------- d-----w- c:\windows\XSxS
2010-09-03 09:20 . 2010-09-03 09:20 -------- d-----w- c:\program files\Xenocode
2010-09-03 09:20 . 2010-09-03 09:20 -------- d-----w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Xenocode
2010-09-03 08:48 . 2010-09-03 08:48 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-29 05:05 . 2010-08-29 05:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2010-08-29 05:04 . 2010-08-29 05:04 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2010-08-29 05:04 . 2010-09-01 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-29 05:03 . 2009-04-03 06:00 1310720 ----a-w- c:\windows\system32\CNC560C.dll
2010-08-29 05:03 . 2009-04-03 05:59 110592 ----a-w- c:\windows\system32\CNC560I.dll
2010-08-29 05:03 . 2009-04-03 05:57 106496 ----a-w- c:\windows\system32\CNC560U.dll
2010-08-29 05:03 . 2009-03-19 04:38 303104 ----a-w- c:\windows\system32\CNC560L.dll
2010-08-29 05:03 . 2008-08-25 08:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-08-29 05:02 . 2010-08-29 05:02 -------- d-----w- c:\program files\Common Files\CANON
2010-08-29 05:01 . 2009-05-06 19:20 93696 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0c0a\CNMsrA0.dll
2010-08-29 05:01 . 2009-05-06 19:20 88064 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0816\CNMsrA0.dll
2010-08-29 05:01 . 2009-05-06 19:20 473088 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0c0a\CNMurA0.dll
2010-08-29 05:01 . 2009-05-06 19:20 227840 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0c0a\CNMlrA0.dll
2010-08-29 04:59 . 2010-08-29 04:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-08-29 04:58 . 2009-03-23 19:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA0.DLL
2010-08-29 04:58 . 2009-03-23 19:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA0.DLL
2010-08-29 04:58 . 2009-03-23 19:00 272384 ----a-w- c:\windows\system32\CNMLMA0.DLL
2010-08-29 04:58 . 2010-08-29 04:58 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-08-29 04:58 . 2009-02-04 13:17 90112 ----a-w- c:\windows\system32\CNC560O.dll
2010-08-29 04:58 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA0.DLL
2010-08-29 04:58 . 2010-08-29 04:58 -------- d--h--w- c:\program files\CanonBJ
2010-08-29 04:57 . 2010-08-29 04:57 -------- d-----w- c:\windows\system32\STRING
2010-08-29 04:57 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-08-29 04:57 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-08-29 04:57 . 2010-08-29 04:57 -------- d-----w- c:\windows\system32\CHM
2010-08-29 04:57 . 2010-08-29 05:04 -------- d-----w- c:\program files\Canon
2010-08-27 07:00 . 2010-08-27 07:00 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe
2010-08-18 04:16 . 2010-08-18 04:16 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-17 07:50 . 2010-09-04 01:59 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 22:55 . 2010-04-21 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-05 22:37 . 2009-09-14 14:39 16608 ----a-w- c:\windows\gdrv.sys
2010-09-04 11:38 . 2009-09-14 14:29 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-04 09:49 . 2009-09-14 14:56 69624 ----a-w- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-04 09:48 . 2009-12-14 12:39 -------- d-----w- c:\program files\ATI
2010-09-04 07:53 . 2010-05-17 23:38 -------- d-----w- c:\program files\ATI Technologies
2010-09-04 07:33 . 2010-09-04 07:33 558142 ----a-w- c:\windows\java\Packages\FDN3VPFP.ZIP
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\5ZBZXB9Z.DAT
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\YZT7J7BL.DAT
2010-09-04 07:33 . 2010-09-04 07:33 155995 ----a-w- c:\windows\java\Packages\IIAJTNHZ.ZIP
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\WG0TV3Z3.DAT
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\BRBFLRVZ.DAT
2010-09-04 07:33 . 2010-09-04 07:33 2678 ----a-w- c:\windows\java\Packages\Data\7BJNDBTZ.DAT
2010-09-04 07:31 . 2009-09-14 14:29 22720 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-09-04 01:33 . 2009-09-29 07:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-04 01:23 . 2010-04-21 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-09-04 01:22 . 2010-04-21 07:37 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-03 09:29 . 2010-04-21 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 06:12 . 2009-09-14 16:15 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\uTorrent
2010-09-02 21:15 . 2010-03-21 10:51 256 ----a-w- c:\windows\system32\pool.bin
2010-09-02 05:24 . 2009-09-14 16:16 -------- d-----w- c:\program files\uTorrent
2010-08-31 07:37 . 2009-11-23 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-08-31 05:35 . 2009-11-23 22:03 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-29 05:07 . 2009-10-07 22:50 -------- d-----w- c:\program files\Brother
2010-08-29 05:07 . 2009-09-14 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-26 13:14 . 2009-09-28 11:13 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\FrostWire
2010-08-24 09:18 . 2009-09-14 15:56 -------- d-----w- c:\program files\Warcraft III
2010-08-19 23:52 . 2010-05-15 23:49 -------- d-----w- c:\program files\MapleStory
2010-08-18 05:47 . 2010-05-15 23:49 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-08-16 22:04 . 2009-10-07 22:12 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\Nero
2010-08-16 14:43 . 2009-10-07 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-16 14:43 . 2009-10-07 22:11 -------- d-----w- c:\program files\Nero
2010-08-16 14:36 . 2009-10-07 22:11 -------- d-----w- c:\program files\Common Files\Nero
2010-08-14 07:21 . 2009-12-12 05:25 -------- d-----r- c:\program files\Modern Warfare 2
2010-08-14 07:02 . 2009-12-15 00:35 -------- d-----w- c:\program files\Left 4 Dead 2
2010-08-12 01:59 . 2009-09-29 08:06 -------- d-----w- c:\program files\Cheat Engine
2010-08-01 03:43 . 2010-05-22 04:32 256 ----a-w- c:\documents and settings\Danny Nguyen\pool.bin
2010-07-29 16:48 . 2010-04-21 07:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 16:48 . 2010-04-21 07:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-26 05:47 . 2010-07-26 05:47 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-07-25 22:18 . 2010-06-24 14:14 -------- d-----w- c:\program files\WinSCP
2010-07-25 13:37 . 2010-07-25 13:37 -------- d-----w- c:\program files\Wide Angle Software
2010-07-25 13:32 . 2010-06-24 14:20 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\DiskAid
2010-07-25 01:32 . 2009-09-23 13:41 -------- d-----w- c:\documents and settings\Danny Nguyen\Application Data\DivX
2010-07-24 03:04 . 2009-09-15 03:37 -------- d-----w- c:\program files\Steam
2010-07-22 05:19 . 2010-07-22 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-22 05:19 . 2010-07-22 05:19 -------- d-----w- c:\program files\DVD Shrink
2010-07-16 23:29 . 2010-07-05 02:26 96 ---ha-w- c:\windows\system32\HsInfo.dat
2010-07-14 22:37 . 2010-06-08 03:54 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-14 22:37 . 2010-06-08 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-14 22:36 . 2010-07-14 22:36 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-14 22:36 . 2009-09-23 13:41 -------- d-----w- c:\program files\DivX
2010-07-14 22:36 . 2010-07-14 22:36 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-14 22:35 . 2010-07-14 22:35 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-14 22:35 . 2010-07-14 22:35 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-14 22:33 . 2010-06-08 03:54 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-14 22:33 . 2010-06-08 03:54 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-07 07:22 . 2010-07-07 07:22 1861000 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe
2010-07-07 07:22 . 2010-07-07 07:22 1774992 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll
2010-07-01 11:35 . 2010-07-01 11:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-06-30 08:43 . 2010-06-30 08:43 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\uds.dll
2010-06-30 08:43 . 2010-06-30 08:43 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 08:42 . 2010-06-30 08:42 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\dns_client.dll
2010-06-16 20:33 . 2010-06-16 20:33 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-11 06:51 . 2010-06-11 06:51 3055600 ----a-w- c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 06:36 . 2010-06-11 06:36 275952 ----a-w- c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-09 23:01 . 2010-07-14 22:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-14 22:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-14 22:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-07-14 22:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-06-08 03:53 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-06-08 03:53 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 07:43 . 2010-06-09 07:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 07:43 . 2010-06-09 07:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-06-08 03:54 . 2010-06-08 03:54 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-08 03:54 . 2010-06-08 03:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-08 03:53 . 2010-06-08 03:53 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-05_06.21.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-05 22:37 . 2010-09-05 22:37 16384 c:\windows\Temp\Perflib_Perfdata_49c.dat
+ 2010-09-05 22:38 . 2010-09-05 22:38 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
- 2009-09-14 14:32 . 2008-11-07 07:55 26144 c:\windows\system32\spupdsvc.exe
+ 2009-09-14 14:32 . 2009-01-07 08:21 26144 c:\windows\system32\spupdsvc.exe
+ 2010-09-05 07:21 . 2009-01-07 08:20 16928 c:\windows\system32\spmsg.dll
+ 2002-08-29 03:41 . 2009-03-07 18:31 46592 c:\windows\system32\pngfilt.dll
- 2008-04-14 08:00 . 2010-09-05 06:15 84646 c:\windows\system32\perfc009.dat
+ 2008-04-14 08:00 . 2010-09-05 22:41 84646 c:\windows\system32\perfc009.dat
+ 2008-07-12 19:10 . 2009-01-07 08:20 23552 c:\windows\system32\normaliz.dll
- 2008-07-12 19:10 . 2008-07-12 19:10 23552 c:\windows\system32\normaliz.dll
- 2008-07-12 19:10 . 2008-07-12 19:10 24576 c:\windows\system32\nlsdl.dll
+ 2008-07-12 19:10 . 2009-01-07 08:20 24576 c:\windows\system32\nlsdl.dll
+ 2002-08-29 03:39 . 2009-03-07 18:31 48128 c:\windows\system32\mshtmler.dll
+ 2002-08-29 03:41 . 2009-03-07 18:31 66560 c:\windows\system32\mshtmled.dll
+ 2001-08-23 12:00 . 2009-03-07 18:31 45568 c:\windows\system32\mshta.exe
+ 2008-07-12 19:10 . 2009-03-07 18:31 13312 c:\windows\system32\msfeedssync.exe
+ 2008-04-23 00:16 . 2009-03-07 18:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-08-29 03:41 . 2009-03-07 18:34 43008 c:\windows\system32\licmgr10.dll
+ 2001-08-23 12:00 . 2009-03-07 18:33 25600 c:\windows\system32\jsproxy.dll
+ 2002-08-29 03:40 . 2009-03-07 18:32 94720 c:\windows\system32\inseng.dll
+ 2002-08-29 03:40 . 2009-03-07 18:31 34816 c:\windows\system32\imgutil.dll
+ 2008-04-22 03:39 . 2009-03-07 18:32 36864 c:\windows\system32\ieudinit.exe
+ 2002-08-29 03:40 . 2009-03-07 18:32 71680 c:\windows\system32\iesetup.dll
+ 2001-08-23 12:00 . 2009-03-07 18:32 55808 c:\windows\system32\iernonce.dll
- 2008-07-12 19:10 . 2008-07-12 19:10 26112 c:\windows\system32\idndl.dll
+ 2008-07-12 19:10 . 2009-01-07 08:20 26112 c:\windows\system32\idndl.dll
+ 2008-04-23 00:16 . 2009-03-07 18:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-07 18:31 . 2009-03-07 18:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-07 18:31 . 2009-03-07 18:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-07 18:31 . 2009-03-07 18:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-07 18:31 . 2009-03-07 18:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-07 18:34 . 2009-03-07 18:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-07 18:31 . 2009-03-07 18:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-07 18:24 . 2009-03-07 18:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2001-08-23 12:00 . 2009-03-07 18:33 18944 c:\windows\system32\corpol.dll
+ 2009-09-14 14:37 . 2010-09-05 22:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-14 14:37 . 2010-09-05 00:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-14 14:37 . 2010-09-05 00:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-14 14:37 . 2010-09-05 22:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-05 22:52 . 2010-09-05 22:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-09-14 14:37 . 2010-09-05 00:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-08-23 12:00 . 2009-03-07 18:32 72704 c:\windows\system32\admparse.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 37888 c:\windows\ie8\url.dll
+ 2010-09-05 07:21 . 2009-03-08 04:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 39424 c:\windows\ie8\pngfilt.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 96256 c:\windows\ie8\occache.dll
+ 2010-09-05 07:20 . 2008-04-13 11:56 56832 c:\windows\ie8\mshtmler.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 29184 c:\windows\ie8\mshta.exe
+ 2010-09-05 07:20 . 2008-07-12 19:10 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-09-05 07:20 . 2008-04-23 00:16 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 22016 c:\windows\ie8\licmgr10.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 15872 c:\windows\ie8\jsproxy.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 96256 c:\windows\ie8\inseng.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 35840 c:\windows\ie8\imgutil.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 93184 c:\windows\ie8\iexplore.exe
+ 2010-09-05 07:20 . 2008-04-13 19:41 62976 c:\windows\ie8\iesetup.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 48640 c:\windows\ie8\iernonce.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 81920 c:\windows\ie8\ieencode.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-09-05 07:20 . 2008-04-23 00:16 63488 c:\windows\ie8\icardie.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 38912 c:\windows\ie8\hmmapi.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 35328 c:\windows\ie8\corpol.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 99840 c:\windows\ie8\advpack.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 61440 c:\windows\ie8\admparse.dll
+ 2008-04-14 08:00 . 2009-01-07 08:21 121856 c:\windows\system32\xmllite.dll
- 2008-04-14 08:00 . 2008-04-14 08:00 121856 c:\windows\system32\xmllite.dll
+ 2002-08-29 03:41 . 2009-03-07 18:34 914944 c:\windows\system32\wininet.dll
+ 2008-07-12 19:10 . 2009-03-07 18:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2002-08-29 03:41 . 2009-03-07 18:34 236544 c:\windows\system32\webcheck.dll
+ 2002-08-29 03:41 . 2009-03-07 18:33 420352 c:\windows\system32\vbscript.dll
+ 2002-08-29 03:41 . 2009-03-07 18:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 08:00 . 2010-09-05 22:41 496288 c:\windows\system32\perfh009.dat
- 2008-04-14 08:00 . 2010-09-05 06:15 496288 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-03-07 18:34 109568 c:\windows\system32\occache.dll
+ 2002-08-29 03:41 . 2009-03-07 18:32 611840 c:\windows\system32\mstime.dll
+ 2002-08-29 03:41 . 2009-03-07 18:34 193536 c:\windows\system32\msrating.dll
+ 2001-08-23 12:00 . 2009-03-07 18:22 156160 c:\windows\system32\msls31.dll
+ 2008-04-23 00:16 . 2009-03-07 18:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 08:20 . 2009-01-07 08:20 265720 c:\windows\system32\msdbg2.dll
+ 2001-08-23 12:00 . 2009-03-07 18:33 726528 c:\windows\system32\jscript.dll
+ 2008-07-12 19:10 . 2009-03-07 18:22 164352 c:\windows\system32\ieui.dll
+ 2002-08-29 03:40 . 2009-03-07 18:31 183808 c:\windows\system32\iepeers.dll
+ 2002-08-29 03:40 . 2009-03-08 04:09 391536 c:\windows\system32\iedkcs32.dll
+ 2008-04-23 00:16 . 2009-03-07 18:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-07 18:32 163840 c:\windows\system32\ieakui.dll
+ 2002-08-29 03:40 . 2009-03-07 18:33 229376 c:\windows\system32\ieaksie.dll
+ 2002-08-29 03:40 . 2009-03-07 18:33 125952 c:\windows\system32\ieakeng.dll
+ 2002-08-29 03:41 . 2009-03-07 18:32 173056 c:\windows\system32\ie4uinit.exe
+ 2002-08-29 03:40 . 2009-03-07 18:31 216064 c:\windows\system32\dxtrans.dll
+ 2002-08-29 03:40 . 2009-03-07 18:31 348160 c:\windows\system32\dxtmsft.dll
+ 2009-03-07 18:34 . 2009-03-07 18:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-07 18:34 . 2009-03-07 18:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-07 18:34 . 2009-03-07 18:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 08:20 . 2009-01-07 08:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 08:20 . 2009-01-07 08:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-03-07 18:34 . 2009-03-07 18:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-07 18:34 . 2009-03-07 18:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2001-08-23 12:00 . 2009-03-07 18:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 04:09 . 2009-03-08 04:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-07 18:31 . 2009-03-07 18:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 04:09 . 2009-03-08 04:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2001-08-23 12:00 . 2009-03-07 18:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-07 18:33 . 2009-03-07 18:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-07 18:31 . 2009-03-07 18:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-07 18:31 . 2009-03-07 18:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-07 18:32 . 2009-03-07 18:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2002-08-29 03:40 . 2009-03-07 18:32 128512 c:\windows\system32\advpack.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 666112 c:\windows\ie8\wininet.dll
+ 2010-09-05 07:20 . 2008-07-12 19:10 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-09-05 07:20 . 2008-04-13 19:42 276480 c:\windows\ie8\webcheck.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 851968 c:\windows\ie8\vgx.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 434176 c:\windows\ie8\vbscript.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 619520 c:\windows\ie8\urlmon.dll
+ 2010-09-05 07:21 . 2009-01-07 08:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-09-05 07:21 . 2009-01-07 08:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-09-05 07:20 . 2008-04-13 19:42 532480 c:\windows\ie8\mstime.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 146432 c:\windows\ie8\msrating.dll
+ 2010-09-05 07:20 . 2001-08-23 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 449024 c:\windows\ie8\mshtmled.dll
+ 2010-09-05 07:20 . 2008-04-23 00:16 459264 c:\windows\ie8\msfeeds.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 512000 c:\windows\ie8\jscript.dll
+ 2010-09-05 07:20 . 2008-07-12 19:10 180736 c:\windows\ie8\ieui.dll
+ 2010-09-05 07:20 . 2008-04-23 00:16 267776 c:\windows\ie8\iertutil.dll
+ 2010-09-05 07:20 . 2008-07-12 19:10 287744 c:\windows\ie8\ieproxy.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 251904 c:\windows\ie8\iepeers.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-09-05 07:20 . 2008-04-23 00:16 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-09-05 07:20 . 2001-08-23 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 216576 c:\windows\ie8\ieaksie.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 143360 c:\windows\ie8\ieakeng.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 205312 c:\windows\ie8\dxtrans.dll
+ 2010-09-05 07:20 . 2008-04-13 19:41 357888 c:\windows\ie8\dxtmsft.dll
+ 2002-08-29 03:41 . 2009-03-07 18:34 1206784 c:\windows\system32\urlmon.dll
+ 2002-08-29 03:41 . 2009-03-07 18:41 5937152 c:\windows\system32\mshtml.dll
+ 2008-04-23 00:16 . 2009-03-07 18:32 1985024 c:\windows\system32\iertutil.dll
+ 2007-04-17 05:32 . 2009-02-06 11:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-03-07 18:34 . 2009-03-07 18:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 08:20 . 2009-01-07 08:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-03-07 18:41 . 2009-03-07 18:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-07 08:20 . 2009-01-07 08:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2010-09-05 07:20 . 2008-04-13 19:42 3066880 c:\windows\ie8\mshtml.dll
+ 2010-09-05 07:20 . 2008-04-23 00:16 6066176 c:\windows\ie8\ieframe.dll
+ 2010-09-05 07:20 . 2007-04-17 05:32 2455488 c:\windows\ie8\ieapfltr.dat
+ 2008-04-23 00:16 . 2009-03-07 18:39 11063808 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-01 357096]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-08-29 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Danny Nguyen^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 08:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 05:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-10 12:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 07:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-28 12:55 136176 ----atw- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 00:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 06:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 00:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-19 23:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 05:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2009-10-27 04:10 401728 -c--a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-07 06:50 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-09-11 02:31 2836440 -c--a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-28 13:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-01 13:09 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\w3l.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CODWAW-KaOs\\CoDWaW.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Danny Nguyen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\bathroom_\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57437:TCP"= 57437:TCP:Pando Media Booster
"57437:UDP"= 57437:UDP:Pando Media Booster

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9/24/2009 1:33 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9/24/2009 1:33 PM 5248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [9/15/2009 12:39 AM 68136]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/25/2010 2:39 PM 490280]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32856]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [6/25/2010 4:18 PM 28160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/17/2009 11:52 PM 722416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 10:57 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/15/2009 12:41 AM 1691480]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/2/2009 7:03 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/2/2009 7:03 PM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/3/2005 7:10 AM 32512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c447879d1b0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 12:55]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core1cb0c44b7efa93c.job
- c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-28 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {D78F4511-3B80-4015-8891-D94F6EA92FB5} = 220.233.0.4,220.223.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Danny Nguyen\Application Data\Mozilla\Firefox\Profiles\v9b0dtyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Danny Nguyen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Danny Nguyen\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B115F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x8b115f00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9cc7bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cd4a21
SendHandler -> NDIS.sys @ 0xb9cb287b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 5 !
copy of MBR has been found in sector 9 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3908)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-09-06 08:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 22:59
ComboFix2.txt 2010-09-05 06:26

Pre-Run: 302,236,921,856 bytes free
Post-Run: 302,168,506,368 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - F8604F1C62213A17BE09EAC66A5CB26E

Re: System Restore and BSOD5th September 2010, 11:04 pm

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL C
Open a Notepad and press CTRL V
Post the output back here.

Re: System Restore and BSOD6th September 2010, 2:43 am

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Re: System Restore and BSOD6th September 2010, 8:49 am

Okay that is annoying now.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: System Restore and BSOD6th September 2010, 10:14 am

2010/09/06 20:12:19.0125 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/06 20:12:19.0125 ================================================================================
2010/09/06 20:12:19.0125 SystemInfo:
2010/09/06 20:12:19.0125
2010/09/06 20:12:19.0125 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/06 20:12:19.0125 Product type: Workstation
2010/09/06 20:12:19.0125 ComputerName: DANNY
2010/09/06 20:12:19.0125 UserName: Danny Nguyen
2010/09/06 20:12:19.0125 Windows directory: C:\WINDOWS
2010/09/06 20:12:19.0125 System windows directory: C:\WINDOWS
2010/09/06 20:12:19.0125 Processor architecture: Intel x86
2010/09/06 20:12:19.0125 Number of processors: 2
2010/09/06 20:12:19.0125 Page size: 0x1000
2010/09/06 20:12:19.0125 Boot type: Normal boot
2010/09/06 20:12:19.0125 ================================================================================
2010/09/06 20:12:20.0156 Initialize success
2010/09/06 20:12:23.0078 ================================================================================
2010/09/06 20:12:23.0078 Scan started
2010/09/06 20:12:23.0078 Mode: Manual;
2010/09/06 20:12:23.0078 ================================================================================
2010/09/06 20:12:32.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/06 20:12:33.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/06 20:12:35.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/06 20:12:35.0859 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/09/06 20:12:38.0609 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/06 20:12:39.0000 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/09/06 20:12:39.0718 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/06 20:12:41.0406 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/06 20:12:42.0078 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/06 20:12:43.0187 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/06 20:12:43.0921 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/09/06 20:12:44.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/06 20:12:44.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/06 20:12:45.0156 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/09/06 20:12:46.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/06 20:12:47.0109 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2010/09/06 20:12:47.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/06 20:12:48.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/06 20:12:48.0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/06 20:12:49.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/06 20:12:50.0875 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/09/06 20:12:51.0328 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2010/09/06 20:12:52.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/06 20:12:53.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/06 20:12:53.0453 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/09/06 20:12:53.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/06 20:12:54.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/06 20:12:55.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/06 20:12:56.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/06 20:12:56.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/06 20:12:57.0671 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/06 20:12:58.0578 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/06 20:12:59.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/06 20:12:59.0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/06 20:12:59.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/06 20:13:00.0093 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
2010/09/06 20:13:00.0484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/06 20:13:00.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/06 20:13:01.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/06 20:13:02.0000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/06 20:13:02.0921 HssDrv (0d6b32306c362750ec6576f1d90c52f7) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2010/09/06 20:13:03.0296 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/06 20:13:04.0453 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/06 20:13:04.0859 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/06 20:13:05.0781 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/06 20:13:06.0703 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/06 20:13:07.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/06 20:13:07.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/06 20:13:08.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/06 20:13:08.0562 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/06 20:13:09.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/06 20:13:09.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/06 20:13:09.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/06 20:13:10.0390 kl1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2010/09/06 20:13:10.0765 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2010/09/06 20:13:11.0265 KLIF (6376d81052ae06a0669d3357be467dba) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/09/06 20:13:11.0656 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/09/06 20:13:12.0250 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/09/06 20:13:12.0765 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/06 20:13:13.0250 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/06 20:13:14.0140 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\drivers\libusb0.sys
2010/09/06 20:13:14.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/06 20:13:14.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/06 20:13:15.0390 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/06 20:13:16.0078 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/06 20:13:17.0078 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/06 20:13:17.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/06 20:13:18.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/06 20:13:18.0859 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/06 20:13:19.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/06 20:13:19.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/06 20:13:20.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/06 20:13:20.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/06 20:13:21.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/06 20:13:22.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/06 20:13:23.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/06 20:13:24.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/06 20:13:25.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/06 20:13:26.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/06 20:13:28.0140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/06 20:13:29.0125 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/06 20:13:29.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/06 20:13:30.0468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/06 20:13:30.0875 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/09/06 20:13:31.0250 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/09/06 20:13:31.0609 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/09/06 20:13:32.0000 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/09/06 20:13:32.0343 nmwcdnsuc (fb09150cfc7a499a53c308d04841a3bd) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2010/09/06 20:13:32.0750 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/09/06 20:13:33.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/06 20:13:33.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/06 20:13:34.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/06 20:13:35.0218 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/06 20:13:35.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/06 20:13:36.0515 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/06 20:13:36.0937 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/06 20:13:37.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/06 20:13:37.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/06 20:13:38.0187 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/09/06 20:13:38.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/06 20:13:39.0390 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/06 20:13:39.0843 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/06 20:13:42.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/06 20:13:42.0906 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/06 20:13:43.0312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/06 20:13:43.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/06 20:13:44.0078 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/06 20:13:46.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/06 20:13:46.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/06 20:13:47.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/06 20:13:47.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/06 20:13:47.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/06 20:13:48.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/06 20:13:48.0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/06 20:13:49.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/06 20:13:49.0593 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/06 20:13:50.0000 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/06 20:13:50.0359 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/06 20:13:50.0734 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/06 20:13:51.0171 RTHDMIAzAudService (a5a9f4b77d7ff2b02633999ff71a7e9b) C:\WINDOWS\system32\drivers\RtKHDMI.sys
2010/09/06 20:13:51.0593 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/09/06 20:13:52.0046 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/09/06 20:13:52.0453 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/06 20:13:52.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/06 20:13:53.0468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/06 20:13:54.0046 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/06 20:13:55.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/06 20:13:55.0703 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/06 20:13:56.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/06 20:13:56.0609 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/06 20:13:56.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/06 20:13:57.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/06 20:13:59.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/06 20:13:59.0687 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2010/09/06 20:14:00.0093 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/06 20:14:00.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/06 20:14:00.0890 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/06 20:14:01.0296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/06 20:14:02.0109 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/06 20:14:03.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/06 20:14:03.0421 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/09/06 20:14:03.0843 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/06 20:14:04.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/06 20:14:04.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/06 20:14:04.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/06 20:14:05.0312 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/06 20:14:05.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/06 20:14:06.0015 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/06 20:14:06.0390 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/09/06 20:14:06.0734 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/09/06 20:14:07.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/06 20:14:07.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/06 20:14:08.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/06 20:14:08.0984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/06 20:14:09.0343 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/09/06 20:14:10.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/06 20:14:10.0406 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/09/06 20:14:10.0765 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/06 20:14:11.0140 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/06 20:14:11.0562 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/06 20:14:11.0984 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/06 20:14:12.0359 ================================================================================
2010/09/06 20:14:12.0359 Scan finished
2010/09/06 20:14:12.0359 ================================================================================

Re: System Restore and BSOD6th September 2010, 11:11 am

Hello.
There is still something going on here, I aren't sure what it is yet though, I am gonna talk to some colleagues and see what they come up with. For now, do the following for this next log.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: System Restore and BSOD6th September 2010, 2:32 pm

µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Acrobat.com
Adobe Acrobat Reader 3.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Parental Control & Encoder
Belarc Advisor 8.1
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty: Modern Warfare 2 - Multiplayer
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Cheat Engine 5.5
Cheat Engine 5.6.1
Condition Zero
Counter-Strike
DAEMON Tools
DiskAid 3.11
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Dragonica
DVD Shrink 3.2
EasySaver B9.0205.1
e-tax 2010
Free WMA to MP3 Converter 1.16
FrostWire 4.20.3
GameKiller Maple Box
GOM Player
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
High-Definition Video Playback 10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotspot Shield 1.47
iTunes
Java(TM) 6 Update 16
Kaspersky Internet Security 2011
Kaspersky Internet Security 2011
K-Lite Mega Codec Pack 5.1.4
LibUSB-Win32-0.1.12.2
Malwarebytes' Anti-Malware
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 8
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Software Updater
NSS (remove only)
Ovi Desktop Sync Engine
OviMPlatform
Pando Media Booster
PC Connectivity Solution
PowerISO
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Security Update for Windows XP (KB923789)
Segoe UI
Steam
System Requirements Lab
The Lord of the Rings FREE Trial
Total Video Converter 3.50
TouchCopy 09
Typing
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
WC3Banlist
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WinSCP 4.2.8
WonderKing
World of Warcraft

Re: System Restore and BSOD6th September 2010, 3:24 pm

I see that you are running FrostWire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Also, let me know how the machine is running right now, what problems remain?

Re: System Restore and BSOD6th September 2010, 10:02 pm

I think everything is fine now. Thank you so much for all your help. Is there anyway I can donate without a credit card?

System Restore and BSOD

descriptionSystem Restore and BSOD3rd September 2010, 10:11 am

descriptionRe: System Restore and BSOD3rd September 2010, 11:41 pm

descriptionRe: System Restore and BSOD4th September 2010, 1:05 am

descriptionRe: System Restore and BSOD4th September 2010, 4:47 pm

descriptionRe: System Restore and BSOD5th September 2010, 6:28 am

descriptionRe: System Restore and BSOD5th September 2010, 8:54 pm

descriptionRe: System Restore and BSOD5th September 2010, 11:00 pm

descriptionRe: System Restore and BSOD5th September 2010, 11:04 pm

descriptionRe: System Restore and BSOD6th September 2010, 2:43 am

descriptionRe: System Restore and BSOD6th September 2010, 8:49 am

descriptionRe: System Restore and BSOD6th September 2010, 10:14 am

descriptionRe: System Restore and BSOD6th September 2010, 11:11 am

descriptionRe: System Restore and BSOD6th September 2010, 2:32 pm

descriptionRe: System Restore and BSOD6th September 2010, 3:24 pm

descriptionRe: System Restore and BSOD6th September 2010, 10:02 pm

descriptionRe: System Restore and BSOD

System Restore and BSOD3rd September 2010, 10:11 am

Re: System Restore and BSOD3rd September 2010, 11:41 pm

Re: System Restore and BSOD4th September 2010, 1:05 am

Re: System Restore and BSOD4th September 2010, 4:47 pm

Re: System Restore and BSOD5th September 2010, 6:28 am

Re: System Restore and BSOD5th September 2010, 8:54 pm

Re: System Restore and BSOD5th September 2010, 11:00 pm

Re: System Restore and BSOD5th September 2010, 11:04 pm

Re: System Restore and BSOD6th September 2010, 2:43 am

Re: System Restore and BSOD6th September 2010, 8:49 am

Re: System Restore and BSOD6th September 2010, 10:14 am

Re: System Restore and BSOD6th September 2010, 11:11 am

Re: System Restore and BSOD6th September 2010, 2:32 pm

Re: System Restore and BSOD6th September 2010, 3:24 pm

Re: System Restore and BSOD6th September 2010, 10:02 pm

Re: System Restore and BSOD