Hi all,

Today i also suffered from this attack.
1.Scanned with Ad-aware and cleaned up with Ccleaner.
2.Tried to run my free AVG anti virus but couldn't be completed as my pc always pop out a blue screen.
3.Done pre-work and here are the logs.

Deckard's System Scanner v20071014.68
Run by Paul Chong on 2008-06-28 11:29:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Paul Chong.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:40 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\lphc3btj0el6j.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Paul Chong\Desktop\dss.exe
C:\DOCUME~1\PAULCH~1\Desktop\Paul Chong.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [lphc3btj0el6j] C:\WINDOWS\system32\lphc3btj0el6j.exe
O4 - HKLM\..\Run: [SMrhc7btj0el6j] C:\Program Files\rhc7btj0el6j\rhc7btj0el6j.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212424268984
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 8825 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 09:48:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\rhc7btj0el6j
2008-06-28 09:33:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-28 09:33:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-28 09:33:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-28 09:32:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-28 09:25:12 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 09:25:12 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 09:25:12 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 09:25:12 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 09:25:12 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 09:25:12 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 09:25:12 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 09:25:12 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 09:25:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 09:25:12 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 09:25:12 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 09:25:12 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 09:25:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 09:25:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 09:25:05 0 d-------- C:\WINDOWS\CSC
2008-06-28 00:43:07 0 dr-h----- C:\Documents and Settings\Paul Chong\Recent
2008-06-28 00:39:59 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\rhc7btj0el6j
2008-06-28 00:39:56 0 d-------- C:\Program Files\rhc7btj0el6j
2008-06-28 00:38:25 0 d-------- C:\Program Files\PCHealthCenter
2008-06-28 00:37:35 60928 --a------ C:\WINDOWS\system32\blphc3btj0el6j.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-28 00:37:23 109056 --a------ C:\WINDOWS\system32\lphc3btj0el6j.exe
2008-06-26 22:57:05 0 dr-h----- C:\Documents and Settings\Paul Chong\Application Data\SecuROM
2008-06-26 22:53:15 0 d--h----- C:\Program Files\Zero G Registry
2008-06-26 22:52:20 0 d--h----- C:\Documents and Settings\Paul Chong\InstallAnywhere
2008-06-26 22:51:53 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Sports Interactive
2008-06-22 16:36:20 0 d-------- C:\Program Files\Open Workbench
2008-06-22 16:30:11 0 d-------- C:\Program Files\Java
2008-06-22 16:29:06 0 d-------- C:\Program Files\Common Files\Java
2008-06-22 11:48:29 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\QQDoctor
2008-06-22 11:02:32 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\QQUpdate
2008-06-21 18:14:40 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Tencent
2008-06-21 18:14:36 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-21 18:14:33 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\QQ
2008-06-21 18:14:31 0 d-------- C:\WINDOWS\system32\qqedit
2008-06-20 07:45:27 0 d-------- C:\WINDOWS\system32\QuickTime
2008-06-20 07:38:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-06-20 07:38:02 0 d-------- C:\Program Files\Macromedia
2008-06-20 07:38:02 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-20 07:37:24 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-19 16:23:12 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-19 16:17:03 0 d-------- C:\Program Files\Bonjour
2008-06-19 16:12:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-19 16:07:44 0 d-------- C:\Program Files\MagicISO
2008-06-15 16:27:20 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-15 14:13:19 421888 --a------ C:\WINDOWS\nvsulib.dll <Not Verified; NVIDIA; NVIDIA nTune>
2008-06-15 14:13:19 6912 --a------ C:\WINDOWS\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
2008-06-15 14:13:19 217088 --a------ C:\WINDOWS\NVGfxOgl.dll
2008-06-15 14:13:19 1622016 --a------ C:\WINDOWS\NVBenchMarks.dll <Not Verified; NVIDIA; NVIDIA nTune>
2008-06-15 14:13:19 380928 --a------ C:\WINDOWS\ntuneoem.dll <Not Verified; NVIDIA; NVIDIA nTune>
2008-06-15 14:13:19 45056 --a------ C:\WINDOWS\NTuneGpu.dll <Not Verified; NVIDIA; NVIDIA nTune>
2008-06-15 14:13:19 348160 --a------ C:\WINDOWS\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-06-15 14:13:19 499712 --a------ C:\WINDOWS\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-06-15 14:13:19 1060864 --a------ C:\WINDOWS\MFC71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-06-15 14:13:19 28672 --a------ C:\WINDOWS\AutoTuneScript.dll <Not Verified; NVIDIA; NVIDIA nTune>
2008-06-15 09:29:27 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\U3
2008-06-13 10:12:42 0 d-------- C:\WINDOWS\Close Combat - Modern Tactics
2008-06-10 07:42:05 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\TeamViewer
2008-06-10 07:40:21 0 d-------- C:\Documents and Settings\Paul Chong\temp
2008-06-07 14:33:44 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\PowerChallenge
2008-06-06 07:20:33 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-06 07:02:16 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-06 07:02:13 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\DAEMON Tools
2008-06-05 23:14:44 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\NJStar
2008-06-05 23:14:40 0 d-------- C:\Program Files\NJStar Communicator
2008-06-05 22:17:07 1222 --a------ C:\WINDOWS\checkip.dat
2008-06-05 21:56:27 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-05 06:44:39 0 d-------- C:\Program Files\EASEUS
2008-06-05 06:43:25 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\WinRAR
2008-06-05 03:53:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-05 03:52:03 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-05 03:52:03 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-04 07:42:03 0 d-------- C:\Documents and Settings\Paul Chong\Contacts
2008-06-04 07:33:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 07:32:55 0 d-------- C:\Program Files\Windows Live
2008-06-04 07:32:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-04 07:28:31 0 d-------- C:\Program Files\Common Files\L&H
2008-06-04 07:28:19 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 07:27:40 0 d-------- C:\WINDOWS\network diagnostic
2008-06-04 07:27:40 0 d-------- C:\Program Files\Microsoft Works
2008-06-04 07:27:06 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-04 07:26:57 0 d-------- C:\Program Files\Microsoft.NET
2008-06-04 01:33:41 0 d-------- C:\Program Files\MSXML 4.0
2008-06-04 01:18:11 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-04 01:17:53 0 d-------- C:\Program Files\BitComet
2008-06-03 22:44:30 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-03 22:11:54 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-03 22:11:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-03 22:11:50 0 d-------- C:\Program Files\SiteAdvisor
2008-06-03 22:04:52 23 ---hs---- C:\WINDOWS\system32\daefef5_d.dll
2008-06-03 22:04:44 0 d-------- C:\Program Files\RegSupreme Pro
2008-06-03 21:59:54 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 21:59:47 118784 -----n--- C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-03 21:59:47 0 d-------- C:\Program Files\SpywareBlaster
2008-06-03 21:56:14 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\SiteAdvisor
2008-06-03 21:56:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-03 21:56:14 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-03 21:51:54 0 d-------- C:\Program Files\Lavasoft
2008-06-03 21:51:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 21:51:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 21:35:36 0 d-------- C:\WINDOWS\Sun
2008-06-03 21:35:36 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Sun
2008-06-03 06:36:57 0 d--h----- C:\$AVG8.VAULT$
2008-06-03 06:17:25 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Talkback
2008-06-03 06:17:17 0 -----n--- C:\WINDOWS\nsreg.dat
2008-06-03 06:17:15 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Mozilla
2008-06-03 06:06:21 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 06:06:21 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\AVGTOOLBAR
2008-06-03 06:06:17 0 d-------- C:\Program Files\AVG
2008-06-03 06:06:17 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 01:09:26 0 d-------- C:\Program Files\CCleaner
2008-06-03 00:48:57 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-03 00:48:25 0 d-------- C:\WINDOWS\Prefetch
2008-06-03 00:39:02 0 d-------- C:\WINDOWS\provisioning
2008-06-03 00:39:02 0 d-------- C:\WINDOWS\peernet
2008-06-03 00:38:24 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-03 00:36:44 0 d-------- C:\WINDOWS\EHome
2008-06-03 00:21:27 171280 -----n--- C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:27 139536 -----n--- C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:27 313856 -----n--- C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft? DirectX for Java>
2008-06-03 00:21:27 46352 -----n--- C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:27 6550 -----n--- C:\WINDOWS\jautoexp.dat
2008-06-03 00:21:26 113 -----n--- C:\WINDOWS\system32\zonedon.reg
2008-06-03 00:21:26 113 -----n--- C:\WINDOWS\system32\zonedoff.reg
2008-06-03 00:21:26 171792 -----n--- C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 286992 -----n--- C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 21264 -----n--- C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 154384 -----n--- C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 172304 -----n--- C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 15120 -----n--- C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 404752 -----n--- C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 63248 -----n--- C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:26 187152 -----n--- C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-03 00:21:25 49424 -----n--- C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-02 23:48:12 0 d-------- C:\WINDOWS\system32\bits
2008-06-02 23:48:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-02 23:48:01 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-02 23:42:19 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-02 23:39:36 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-02 23:38:35 0 d--hs---- C:\Documents and Settings\Paul Chong\UserData
2008-06-02 23:31:29 0 d-------- C:\Program Files\Setup Files
2008-06-02 23:25:55 0 d-------- C:\WINDOWS\NV22482252.TMP
2008-06-02 23:21:36 12288 -r------- C:\WINDOWS\system32\drivers\EIO_XP.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2008-06-02 23:20:31 12288 -----n--- C:\WINDOWS\system32\drivers\EIO64_xp.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
2008-06-02 23:19:50 10752 -----n--- C:\WINDOWS\system32\drivers\Video3D32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>
2008-06-02 23:19:50 196608 -----n--- C:\WINDOWS\system32\drivers\nVivid.bin
2008-06-02 23:19:50 196608 --a------ C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-02 23:19:50 196608 -----n--- C:\WINDOWS\system32\drivers\nAsmedia.bin
2008-06-02 23:19:50 196608 -----n--- C:\WINDOWS\system32\drivers\nAdvanced.bin
2008-06-02 23:19:50 8704 -----n--- C:\WINDOWS\system32\drivers\Bravo.sys <Not Verified; ASMT; Microsoft(R) Windows NT(R) Operating System>
2008-06-02 23:19:50 196653 -----n--- C:\WINDOWS\system32\drivers\aVivid.bin
2008-06-02 23:19:50 11136 -----n--- C:\WINDOWS\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
2008-06-02 23:19:50 196582 -----n--- C:\WINDOWS\system32\drivers\aStandard.bin
2008-06-02 23:19:50 196582 -----n--- C:\WINDOWS\system32\drivers\aAsmedia.bin
2008-06-02 23:19:50 196608 -----n--- C:\WINDOWS\system32\drivers\aAdvanced.bin
2008-06-02 23:19:50 11264 -----n--- C:\WINDOWS\system32\ATKOSDMini.DLL <Not Verified; ASUSTeK Computer Inc.; >
2008-06-02 23:19:50 262144 -----n--- C:\WINDOWS\ATKKBService.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
2008-06-02 23:19:50 0 d-------- C:\Program Files\ASUS
2008-06-02 23:19:49 180224 -----n--- C:\WINDOWS\system32\xvidvfw.dll
2008-06-02 23:19:49 761856 -----n--- C:\WINDOWS\system32\xvidcore.dll
2008-06-02 23:19:49 348160 -----n--- C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-06-02 23:19:49 12416 -----n--- C:\WINDOWS\system32\drivers\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
2008-06-02 23:19:49 77312 -----n--- C:\WINDOWS\system32\devcon.exe <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-06-02 23:19:49 5424640 -----n--- C:\WINDOWS\system32\ATKOSDX32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS On-Screen Display For 3D Game>
2008-06-02 23:19:49 36352 -----n--- C:\WINDOWS\system32\ATKOGL32.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUSTeK Computer Inc. AsusOGL>
2008-06-02 23:19:49 2093056 -----n--- C:\WINDOWS\system32\ATKDispCPL.dll <Not Verified; ASUSTeK COMPUTER INC.; ASUS Display Property Page>
2008-06-02 23:19:49 242688 -----n--- C:\WINDOWS\system32\ATKDISP.dll <Not Verified; ASUSTeK Computer Inc.; ASUS Windows 2000/XP Display Driver>
2008-06-02 23:19:49 12416 -----n--- C:\WINDOWS\system32\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
2008-06-02 23:19:49 46080 -----n--- C:\WINDOWS\system32\asrussian.dll
2008-06-02 23:19:49 45568 -----n--- C:\WINDOWS\system32\askorean.dll
2008-06-02 23:19:49 45568 -----n--- C:\WINDOWS\system32\asjapan.dll
2008-06-02 23:19:49 46080 -----n--- C:\WINDOWS\system32\asgerman.dll
2008-06-02 23:19:49 46592 -----n--- C:\WINDOWS\system32\asfrench.dll
2008-06-02 23:19:49 46080 -----n--- C:\WINDOWS\system32\aseng.dll
2008-06-02 23:19:49 45568 -----n--- C:\WINDOWS\system32\ASCHT.dll
2008-06-02 23:19:49 45568 -----n--- C:\WINDOWS\system32\aschs.dll
2008-06-02 23:17:21 0 d-------- C:\Program Files\My Company Name
2008-06-02 23:14:43 0 d-------- C:\WINDOWS\nview
2008-06-02 23:06:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-02 23:06:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-02 22:59:18 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Ahead
2008-06-02 22:59:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-02 22:57:12 0 d-------- C:\Program Files\Nero
2008-06-02 22:57:12 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-02 22:57:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-02 22:43:48 0 d-------- C:\Program Files\SAMSUNG
2008-06-02 22:34:22 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Macromedia
2008-06-02 22:34:22 0 d-------- C:\Documents and Settings\Paul Chong\Application Data\Adobe
2008-06-02 22:23:30 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-02 22:23:30 0 d-------- C:\WINDOWS\Logs


-- Find3M Report ---------------------------------------------------------------

2008-06-28 11:26:29 453 --a------ C:\Documents and Settings\Paul Chong\Application Data\SamsungLiveUpdateConfig.ini
2008-06-22 16:29:06 0 d-------- C:\Program Files\Common Files
2008-06-15 14:13:17 0 d-------- C:\Program Files\MSI
2008-06-05 06:44:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 01:35:32 0 d-------- C:\Program Files\Messenger
2008-06-04 00:08:58 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 00:39:02 0 d-------- C:\Program Files\Movie Maker
2008-06-03 00:38:18 0 d-------- C:\Program Files\Windows NT
2008-06-02 23:58:30 0 d-------- C:\Program Files\Realtek
2008-06-02 23:39:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-07 16:06:52 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-07 16:06:52 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/03/2008 06:06 AM 2050816 --------- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/03/2008 06:06 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [05/23/2008 02:51 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [03/25/2008 11:15 AM]
"RTHDCPL"="RTHDCPL.EXE" [04/07/2008 04:06 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/07/2008 04:06 PM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [03/24/2008 07:52 PM]
"nwiz"="nwiz.exe" [03/24/2008 07:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [03/24/2008 07:52 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/03/2008 06:06 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [05/17/2008 12:50 AM]
"DelReg"="C:\Program Files\MSI\DualCoreCenter\DelReg.exe" [05/13/2008 07:26 PM]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [08/04/2004 01:31 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [08/29/2002 05:39 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [08/29/2002 05:39 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [08/29/2002 05:39 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"lphc3btj0el6j"="C:\WINDOWS\system32\lphc3btj0el6j .exe" [06/28/2008 12:37 AM]
"SMrhc7btj0el6j"="C:\Program Files\rhc7btj0el6j\rhc7btj0el6j.exe" [06/27/2008 05:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 06:03 PM]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [03/06/2008 03:52 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [6/15/2008 2:13:19 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20af4ecd-39c2-11dd-b50d-0019dbf62813}]
AutoRun\command- H:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-28 11:30:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3327.23 MiB / 2820.19 MiB
Pagefile Memory (total/avail): 5215.77 MiB / 4850.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.63 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 8.18 GiB free.
D: is Fixed (NTFS) - 195.32 GiB total, 167.97 GiB free.
E: is Fixed (NTFS) - 250.9 GiB total, 165.77 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AACS-00ZUB0 - 465.76 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 446.22 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DiskInternals\\RecoveryServer\\RecoveryServ er.exe"="C:\\Program Files\\DiskInternals\\RecoveryServer\\RecoveryServ er.exe:*:Enabled:RecoveryServer"
"D:\\Games\\PES 2008\\PES2008.exe"="D:\\Games\\PES 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "="C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe :*:Enabled:PowerSoccer"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Tencent\\QQ\\QQ.exe"="C:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Paul Chong\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAUL-DO7IBB0DHE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Paul Chong
LOGONSERVER=\\PAUL-DO7IBB0DHE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PAULCH~1\LOCALS~1\Temp
USERDOMAIN=PAUL-DO7IBB0DHE
USERNAME=Paul Chong
USERPROFILE=C:\Documents and Settings\Paul Chong
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Paul Chong (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a2 6e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
AntivirXP08 --> "C:\Program Files\rhc7btj0el6j\uninstall.exe"
ASUS Gamer OSD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS Smart Doctor --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033
ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 1.02 --> C:\Program Files\BitComet\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Close Combat - Modern Tactics --> "C:\WINDOWS\Close Combat - Modern Tactics\uninstall.exe" "/U:\Games\Matrix Games\Close Combat - Modern Tactics\Uninstall\uninstall.xml"
CRIMES of WAR --> "D:\Games\CRIMES of WAR\unins000.exe"
DMI Browse --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\DMI Browser\Uninst.isu"
DualCoreCenter --> "C:\Program Files\MSI\DualCoreCenter\unins000.exe"
EA?SPORTS? NBA?LIVE?08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
EASEUS Data Recovery Wizard Professional 4.3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1965C9BB-9114-4A50-AEC7-E62414BB117B}\setup.exe" -l0x9 -removeonly
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Football Manager 2008 --> "D:\Games\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11F5D779-7BD9-465A-BBC4-10701386BCB9}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spun inst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
i-Speeder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
InfoView --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Magic ISO Maker v5.5 (build 0261) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
Nero 7 Essentials --> MsiExec.exe /X{BD49141C-188C-4B75-9F46-C2C42F2D1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
Open Workbench --> MsiExec.exe /I{AED0B5AC-0771-4600-9777-9C4C910EBE09}
Pro Evolution Soccer 2008 --> C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0409
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegSupreme Pro --> "C:\Program Files\RegSupreme Pro\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Terrorist Takedown 2 (1.01) --> "D:\Games\Terrorist Takedown 2\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WMIinfo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\WMIinfo\Uninst.isu"
XviD MPEG-4 Video Codec --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type640 / Error
Event Submitted/Written: 06/28/2008 11:20:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7btj0el6j.exe, version 0.0.0.0, faulting module rhc7btj0el6j.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7btj0el6j.exe!ws!]

Event Record #/Type635 / Warning
Event Submitted/Written: 06/28/2008 09:45:25 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type634 / Warning
Event Submitted/Written: 06/28/2008 09:45:25 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'ExcelUserData', component '{8ADD2C96-C8B7-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\ Excel\UserData' does not exist.

Event Record #/Type633 / Warning
Event Submitted/Written: 06/28/2008 09:45:25 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type632 / Warning
Event Submitted/Written: 06/28/2008 09:45:24 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3145 / Error
Event Submitted/Written: 06/28/2008 11:18:45 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type3142 / Error
Event Submitted/Written: 06/28/2008 09:45:25 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Event Record #/Type3141 / Error
Event Submitted/Written: 06/28/2008 09:45:25 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Event Record #/Type3137 / Error
Event Submitted/Written: 06/28/2008 09:26:40 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
asuskbnt
AvgLdx86
AvgMfx86
EIO_XP
Fips
intelppm

Event Record #/Type3136 / Error
Event Submitted/Written: 06/28/2008 09:25:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-06-28 11:27:25 ------------

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

Thanks for the reply.
Here are the logs.

ComboFix 08-06-20.4 - Paul Chong 2008-06-28 15:39:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2847 [GMT 8:00]
Running from: C:\Documents and Settings\Paul Chong\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Paul Chong\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\daefef5_d.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\SUPERAntiSpyware.com
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Malwarebytes
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 15:06 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 15:06 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 11:21 . 2008-06-28 11:21 <DIR> d-------- C:\Deckard
2008-06-28 09:48 . 2008-06-28 09:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhc7btj0el6j
2008-06-28 09:33 . 2008-06-28 09:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-28 09:25 . 2008-06-28 09:25 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-28 00:39 . 2008-06-28 00:40 <DIR> d-------- C:\Program Files\rhc7btj0el6j
2008-06-28 00:39 . 2008-06-28 00:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\rhc7btj0el6j
2008-06-28 00:36 . 2008-06-28 00:36 49,152 --a------ C:\WINDOWS\system32\Setup_ver1.1336.0.exe
2008-06-26 22:57 . 2008-06-26 22:57 <DIR> dr-h----- C:\Documents and Settings\Paul Chong\Application Data\SecuROM
2008-06-26 22:57 . 2008-06-26 22:57 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-26 22:53 . 2008-06-26 22:53 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-26 22:52 . 2008-06-26 22:52 <DIR> d--h----- C:\Documents and Settings\Paul Chong\InstallAnywhere
2008-06-26 22:51 . 2008-06-27 18:07 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Sports Interactive
2008-06-22 16:36 . 2008-06-22 16:36 <DIR> d-------- C:\Program Files\Open Workbench
2008-06-22 16:30 . 2008-06-22 16:30 <DIR> d-------- C:\Program Files\Java
2008-06-22 16:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-22 16:29 . 2008-06-22 16:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-22 11:48 . 2008-06-22 11:48 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQDoctor
2008-06-22 11:02 . 2008-06-22 11:02 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQUpdate
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\WINDOWS\system32\qqedit
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-21 18:14 . 2008-06-22 11:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Tencent
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQ
2008-06-20 19:23 . 2001-08-23 20:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 07:45 . 2008-06-20 07:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-06-20 07:38 . 2008-06-20 07:45 <DIR> d-------- C:\Program Files\Macromedia
2008-06-20 07:38 . 2008-06-20 07:43 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-06-20 07:37 . 2008-06-20 07:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-19 16:23 . 2008-06-19 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-19 16:17 . 2008-06-19 16:17 <DIR> d-------- C:\Program Files\Bonjour
2008-06-19 16:12 . 2008-06-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-19 16:07 . 2008-06-19 16:07 <DIR> d-------- C:\Program Files\MagicISO
2008-06-15 16:27 . 2008-06-15 16:27 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-15 09:29 . 2008-06-22 16:37 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\U3
2008-06-13 10:12 . 2008-06-13 10:12 <DIR> d-------- C:\WINDOWS\Close Combat - Modern Tactics
2008-06-11 19:25 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 07:42 . 2008-06-26 14:35 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\TeamViewer
2008-06-10 07:40 . 2008-06-10 07:40 <DIR> d-------- C:\Documents and Settings\Paul Chong\temp
2008-06-07 14:33 . 2008-06-15 20:50 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\PowerChallenge
2008-06-07 13:45 . 2001-08-23 20:00 173,602 --a--c--- C:\WINDOWS\system32\dllcache\c_10008.nls
2008-06-07 13:45 . 2001-08-23 20:00 173,602 --a------ C:\WINDOWS\system32\c_10008.nls
2008-06-06 07:20 . 2008-06-06 07:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-06 07:02 . 2008-06-06 07:02 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\DAEMON Tools
2008-06-06 07:02 . 2008-06-06 07:02 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-05 23:48 . 2008-05-22 08:12 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-05 23:48 . 2008-05-22 08:12 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-05 23:48 . 2008-05-28 06:22 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-05 23:48 . 2008-05-22 08:12 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-05 23:48 . 2008-05-28 06:22 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-05 23:48 . 2008-05-28 06:21 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-05 23:48 . 2008-05-28 06:21 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-05 23:14 . 2008-06-22 11:39 <DIR> d-------- C:\Program Files\NJStar Communicator
2008-06-05 23:14 . 2008-06-22 11:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\NJStar
2008-06-05 22:17 . 2008-06-05 22:17 1,222 --a------ C:\WINDOWS\checkip.dat
2008-06-05 06:44 . 2008-06-05 06:44 <DIR> d-------- C:\Program Files\EASEUS
2008-06-05 03:53 . 2008-06-05 03:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-05 03:53 . 2006-10-04 22:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-05 03:53 . 2006-10-04 22:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-05 03:53 . 2006-10-04 22:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-05 03:52 . 2008-06-05 03:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-05 03:52 . 2008-06-05 03:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-05 02:45 . 2008-06-09 06:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 07:42 . 2008-06-05 21:49 <DIR> d-------- C:\Documents and Settings\Paul Chong\Contacts
2008-06-04 07:33 . 2008-06-04 07:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 07:32 . 2008-06-04 07:42 <DIR> d-------- C:\Program Files\Windows Live
2008-06-04 07:32 . 2008-06-04 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-04 07:29 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-04 07:29 . 2008-06-24 23:35 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-04 07:28 . 2008-06-04 07:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 07:28 . 2008-06-04 07:28 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-04 07:27 . 2008-06-04 07:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-04 07:27 . 2008-06-17 23:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-04 07:26 . 2008-06-04 07:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-04 07:25 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-04 07:25 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-04 07:25 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-04 07:25 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-04 07:25 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-04 07:25 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-04 07:25 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-04 07:25 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-04 07:25 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-04 07:23 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-04 01:33 . 2008-06-04 01:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-04 01:18 . 2008-06-04 01:18 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-04 01:17 . 2008-06-04 01:32 <DIR> d-------- C:\Program Files\BitComet
2008-06-04 01:17 . 2007-07-09 21:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-04 01:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-04 01:11 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 22:44 . 2008-06-03 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-03 22:04 . 2008-06-03 22:04 <DIR> d-------- C:\Program Files\RegSupreme Pro
2008-06-03 22:04 . 2008-06-03 22:04 23 --------- C:\WINDOWS\system32\dfaded8_d.ocx
2008-06-03 21:59 . 2008-06-28 00:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 21:59 . 2008-06-28 02:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 21:59 . 2005-04-15 19:58 1,071,088 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-03 21:59 . 2005-08-25 18:18 118,784 --------- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-03 21:59 . 2005-08-25 18:19 115,920 --------- C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:56 . 2008-06-23 22:55 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\SiteAdvisor
2008-06-03 21:56 . 2008-06-28 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-03 21:56 . 2008-06-03 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-03 21:51 . 2008-06-03 21:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-03 21:51 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 21:51 . 2008-06-03 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 21:35 . 2008-06-03 21:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-03 06:36 . 2008-06-28 15:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-03 06:17 . 2008-06-03 06:17 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Talkback
2008-06-03 06:17 . 2008-06-03 06:17 0 --------- C:\WINDOWS\nsreg.dat
2008-06-03 06:06 . 2008-06-27 22:51 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 06:06 . 2008-06-03 06:06 <DIR> d-------- C:\Program Files\AVG
2008-06-03 06:06 . 2008-06-07 21:07 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\AVGTOOLBAR
2008-06-03 06:06 . 2008-06-03 06:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 06:06 . 2008-06-03 06:06 96,520 --------- C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-03 06:06 . 2008-06-03 06:06 75,272 --------- C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-03 06:06 . 2008-06-03 06:06 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll
2008-06-03 01:09 . 2008-06-03 01:09 <DIR> d-------- C:\Program Files\CCleaner
2008-06-03 00:39 . 2008-06-03 00:39 <DIR> d-------- C:\WINDOWS\provisioning

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-15 06:13 --------- d-----w C:\Program Files\MSI
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 22:35 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-04 22:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 15:58 --------- d-----w C:\Program Files\Realtek
2008-05-16 03:58 12,632 ------w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20 15,648 ------w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ------w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ------w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-07 08:06 9,715,200 ------r C:\WINDOWS\RTLCPL.exe
2008-04-07 08:06 86,016 ------r C:\WINDOWS\SoundMan.exe
2008-04-07 08:06 69,632 ------r C:\WINDOWS\Alcmtr.exe
2008-04-07 08:06 520,192 ------r C:\WINDOWS\RtlExUpd.dll
2008-04-07 08:06 49,152 ------r C:\WINDOWS\system32\ChCfg.exe
2008-04-07 08:06 2,808,832 ------r C:\WINDOWS\alcwzrd.exe
2008-04-07 08:06 2,165,760 ------r C:\WINDOWS\MicCal.exe
2008-04-07 08:06 1,826,816 ------r C:\WINDOWS\SkyTel.exe
2008-04-07 08:06 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-03-06 15:52 1130496]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 17:39 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-05-23 14:51 688217]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2008-03-25 11:15 380928]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16:06 16859136 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2008-03-24 19:52 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-03 06:06 1177368]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2008-05-17 00:50 36640]
"DelReg"="C:\Program Files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 19:26 196608]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 18:30 498176]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 13:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2002-08-29 05:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2002-08-29 05:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2002-08-29 05:39 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-06-15 14:13:19 192512]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Games\\PES 2008\\PES2008.exe"=
"C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20648:TCP"= 20648:TCP:BitComet 20648 TCP
"20648:UDP"= 20648:UDP:BitComet 20648 UDP

R0 pe3anmue;Ubersoldier 2 Environment Driver (pe3anmue);C:\WINDOWS\system32\drivers\pe3anmue.sy s [2008-02-21 16:38]
R0 ps7anmue;Ubersoldier 2 Synchronization Driver (ps7anmue);C:\WINDOWS\system32\drivers\ps7anmue.sy s [2008-02-21 16:37]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-03 06:06]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.s ys [2006-06-14 13:44]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-03 06:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-03 06:06]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-03 06:06]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2008-03-25 11:15]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2008-03-25 11:15]
S2 pr2anmue;Ubersoldier 2 Drivers Auto Removal (pr2anmue);C:\WINDOWS\system32\pr2anmue.exe svc []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20af4ecd-39c2-11dd-b50d-0019dbf62813}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - DUALCORECENTER
*Newly Created Service* - RUSHTOPDEVICE2
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 15:41:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-28 15:41:52
ComboFix-quarantined-files.txt 2008-06-28 07:41:42

Pre-Run: 8,656,551,936 bytes free
Post-Run: 8,642,269,184 bytes free

252 --- E O F --- 2008-06-25 16:12:07

-------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:31 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul Chong\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212424268984
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 8611 bytes

-----------------------------------------------------------------------
SDFix: Version 1.198
Run by Paul Chong on 06/28/2008 Sat at 03:55 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\Setup_ver1.1336.0.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 16:01:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1d,32,bc,90,40,58,a2,d2,96,e7,41,14,79 ,ed,93,90,87,5e,28,38,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,2e,46,44,cc,06,2d,db,eb,92,f7 ,cd,6d,0e,9e,7c,79,40,..
"khjeh"=hex:f0,db,5e,60,cf,74,75,2c,c6,8b,2e,d8,3d ,97,b8,4d,b0,d1,7f,10,89,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:a3,2a,54,e9,52,f6,b2,a0,a3,42,53,44,53 ,e3,27,b4,91,f6,7a,34,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:23,67,1c,46,ee,30,29,35,a6,d6,05,74,1e ,61,1a,b8,e9,56,5c,71,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42]
"khjeh"=hex:23,67,1c,46,ee,30,29,35,a6,d6,05,74,1e ,61,1a,b8,e9,56,5c,71,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43]
"khjeh"=hex:23,67,1c,46,ee,30,29,35,a6,d6,05,74,1e ,61,1a,b8,e9,56,5c,71,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1d,32,bc,90,40,58,a2,d2,96,e7,41,14,79 ,ed,93,90,87,5e,28,38,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2e,46,44,cc,06,2d,db,eb,92,f7 ,cd,6d,0e,9e,7c,79,40,..
"khjeh"=hex:f0,db,5e,60,cf,74,75,2c,c6,8b,2e,d8,3d ,97,b8,4d,b0,d1,7f,10,89,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:a3,2a,54,e9,52,f6,b2,a0,a3,42,53,44,53 ,e3,27,b4,91,f6,7a,34,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:23,67,1c,46,ee,30,29,35,a6,d6,05,74,1e ,61,1a,b8,e9,56,5c,71,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42]
"khjeh"=hex:23,67,1c,46,ee,30,29,35,a6,d6,05,74,1e ,61,1a,b8,e9,56,5c,71,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43]
"khjeh"=hex:23,67,1c,46,ee,30,29,35,a6,d6,05,74,1e ,61,1a,b8,e9,56,5c,71,e9,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Games\\PES 2008\\PES2008.exe"="D:\\Games\\PES 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "="C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe :*:Enabled:PowerSoccer"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 5 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 4 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc261 2ebcefc90e7dee4c276ee95e\BIT9.tmp"
Wed 11 Jun 2008 95,315,977 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8e4c50b d1c41feac24607e18c5505bd\BIT5A.tmp"

Finished!

Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Here are the log.

ComboFix 08-06-20.4 - Paul Chong 2008-06-29 14:36:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2819 [GMT 8:00]
Running from: C:\Documents and Settings\Paul Chong\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Chong\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 15:52 . 2008-06-28 15:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-28 15:49 . 2008-06-28 16:04 <DIR> d-------- C:\SDFix
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\SUPERAntiSpyware.com
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Malwarebytes
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 15:06 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 15:06 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 11:21 . 2008-06-28 11:21 <DIR> d-------- C:\Deckard
2008-06-28 09:48 . 2008-06-28 09:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhc7btj0el6j
2008-06-28 09:33 . 2008-06-28 09:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-28 09:25 . 2008-06-28 09:25 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-28 00:39 . 2008-06-28 00:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\rhc7btj0el6j
2008-06-26 22:57 . 2008-06-26 22:57 <DIR> dr-h----- C:\Documents and Settings\Paul Chong\Application Data\SecuROM
2008-06-26 22:57 . 2008-06-26 22:57 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-26 22:53 . 2008-06-26 22:53 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-26 22:52 . 2008-06-26 22:52 <DIR> d--h----- C:\Documents and Settings\Paul Chong\InstallAnywhere
2008-06-26 22:51 . 2008-06-27 18:07 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Sports Interactive
2008-06-22 16:36 . 2008-06-22 16:36 <DIR> d-------- C:\Program Files\Open Workbench
2008-06-22 16:30 . 2008-06-22 16:30 <DIR> d-------- C:\Program Files\Java
2008-06-22 16:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-22 16:29 . 2008-06-22 16:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-22 11:48 . 2008-06-22 11:48 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQDoctor
2008-06-22 11:02 . 2008-06-22 11:02 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQUpdate
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\WINDOWS\system32\qqedit
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-21 18:14 . 2008-06-22 11:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Tencent
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQ
2008-06-20 19:23 . 2001-08-23 20:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 07:45 . 2008-06-20 07:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-06-20 07:38 . 2008-06-20 07:45 <DIR> d-------- C:\Program Files\Macromedia
2008-06-20 07:38 . 2008-06-20 07:43 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-06-20 07:37 . 2008-06-20 07:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-19 16:23 . 2008-06-19 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-19 16:17 . 2008-06-19 16:17 <DIR> d-------- C:\Program Files\Bonjour
2008-06-19 16:12 . 2008-06-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-19 16:07 . 2008-06-19 16:07 <DIR> d-------- C:\Program Files\MagicISO
2008-06-15 16:27 . 2008-06-15 16:27 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-15 09:29 . 2008-06-22 16:37 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\U3
2008-06-13 10:12 . 2008-06-13 10:12 <DIR> d-------- C:\WINDOWS\Close Combat - Modern Tactics
2008-06-11 19:25 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 07:42 . 2008-06-26 14:35 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\TeamViewer
2008-06-10 07:40 . 2008-06-10 07:40 <DIR> d-------- C:\Documents and Settings\Paul Chong\temp
2008-06-07 14:33 . 2008-06-15 20:50 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\PowerChallenge
2008-06-07 13:45 . 2001-08-23 20:00 173,602 --a--c--- C:\WINDOWS\system32\dllcache\c_10008.nls
2008-06-07 13:45 . 2001-08-23 20:00 173,602 --a------ C:\WINDOWS\system32\c_10008.nls
2008-06-06 07:20 . 2008-06-06 07:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-06 07:02 . 2008-06-06 07:02 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\DAEMON Tools
2008-06-06 07:02 . 2008-06-06 07:02 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-05 23:48 . 2008-05-22 08:12 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-05 23:48 . 2008-05-22 08:12 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-05 23:48 . 2008-05-28 06:22 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-05 23:48 . 2008-05-22 08:12 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-05 23:48 . 2008-05-28 06:22 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-05 23:48 . 2008-05-28 06:21 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-05 23:48 . 2008-05-28 06:21 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-05 23:14 . 2008-06-22 11:39 <DIR> d-------- C:\Program Files\NJStar Communicator
2008-06-05 23:14 . 2008-06-22 11:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\NJStar
2008-06-05 22:17 . 2008-06-05 22:17 1,222 --a------ C:\WINDOWS\checkip.dat
2008-06-05 06:44 . 2008-06-05 06:44 <DIR> d-------- C:\Program Files\EASEUS
2008-06-05 03:53 . 2008-06-05 03:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-05 03:53 . 2006-10-04 22:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-05 03:53 . 2006-10-04 22:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-05 03:53 . 2006-10-04 22:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-05 03:52 . 2008-06-05 03:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-05 03:52 . 2008-06-05 03:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-05 02:45 . 2008-06-09 06:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 07:42 . 2008-06-05 21:49 <DIR> d-------- C:\Documents and Settings\Paul Chong\Contacts
2008-06-04 07:33 . 2008-06-04 07:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 07:32 . 2008-06-04 07:42 <DIR> d-------- C:\Program Files\Windows Live
2008-06-04 07:32 . 2008-06-04 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-04 07:29 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-04 07:29 . 2008-06-24 23:35 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-04 07:28 . 2008-06-04 07:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 07:28 . 2008-06-04 07:28 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-04 07:27 . 2008-06-04 07:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-04 07:27 . 2008-06-17 23:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-04 07:26 . 2008-06-04 07:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-04 07:25 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-04 07:25 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-04 07:25 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-04 07:25 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-04 07:25 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-04 07:25 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-04 07:25 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-04 07:25 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-04 07:25 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-04 07:23 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-04 01:33 . 2008-06-04 01:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-04 01:18 . 2008-06-04 01:18 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-04 01:17 . 2008-06-04 01:32 <DIR> d-------- C:\Program Files\BitComet
2008-06-04 01:17 . 2007-07-09 21:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-04 01:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-04 01:11 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 22:44 . 2008-06-03 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-03 22:04 . 2008-06-03 22:04 <DIR> d-------- C:\Program Files\RegSupreme Pro
2008-06-03 22:04 . 2008-06-03 22:04 23 --------- C:\WINDOWS\system32\dfaded8_d.ocx
2008-06-03 21:59 . 2008-06-28 00:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 21:59 . 2008-06-28 02:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 21:59 . 2005-04-15 19:58 1,071,088 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-03 21:59 . 2005-08-25 18:18 118,784 --------- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-03 21:59 . 2005-08-25 18:19 115,920 --------- C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:56 . 2008-06-23 22:55 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\SiteAdvisor
2008-06-03 21:56 . 2008-06-29 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-03 21:56 . 2008-06-03 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-03 21:51 . 2008-06-03 21:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-03 21:51 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 21:51 . 2008-06-03 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 21:35 . 2008-06-03 21:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-03 06:36 . 2008-06-28 15:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-03 06:17 . 2008-06-03 06:17 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Talkback
2008-06-03 06:17 . 2008-06-03 06:17 0 --------- C:\WINDOWS\nsreg.dat
2008-06-03 06:06 . 2008-06-29 13:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 06:06 . 2008-06-03 06:06 <DIR> d-------- C:\Program Files\AVG
2008-06-03 06:06 . 2008-06-07 21:07 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\AVGTOOLBAR
2008-06-03 06:06 . 2008-06-03 06:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 06:06 . 2008-06-03 06:06 96,520 --------- C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-03 06:06 . 2008-06-03 06:06 75,272 --------- C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-03 06:06 . 2008-06-03 06:06 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll
2008-06-03 01:09 . 2008-06-03 01:09 <DIR> d-------- C:\Program Files\CCleaner
2008-06-03 00:39 . 2008-06-03 00:39 <DIR> d-------- C:\WINDOWS\provisioning

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-15 06:13 --------- d-----w C:\Program Files\MSI
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 22:35 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-04 22:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 15:58 --------- d-----w C:\Program Files\Realtek
2008-05-16 03:58 12,632 ------w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20 15,648 ------w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ------w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ------w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-07 08:06 9,715,200 ------r C:\WINDOWS\RTLCPL.exe
2008-04-07 08:06 86,016 ------r C:\WINDOWS\SoundMan.exe
2008-04-07 08:06 69,632 ------r C:\WINDOWS\Alcmtr.exe
2008-04-07 08:06 520,192 ------r C:\WINDOWS\RtlExUpd.dll
2008-04-07 08:06 49,152 ------r C:\WINDOWS\system32\ChCfg.exe
2008-04-07 08:06 2,808,832 ------r C:\WINDOWS\alcwzrd.exe
2008-04-07 08:06 2,165,760 ------r C:\WINDOWS\MicCal.exe
2008-04-07 08:06 1,826,816 ------r C:\WINDOWS\SkyTel.exe
2008-04-07 08:06 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-03-06 15:52 1130496]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 17:39 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-05-23 14:51 688217]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2008-03-25 11:15 380928]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16:06 16859136 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2008-03-24 19:52 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-03 06:06 1177368]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2008-05-17 00:50 36640]
"DelReg"="C:\Program Files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 19:26 196608]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 18:30 498176]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 13:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2002-08-29 05:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2002-08-29 05:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2002-08-29 05:39 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-06-15 14:13:19 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Games\\PES 2008\\PES2008.exe"=
"C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20648:TCP"= 20648:TCP:BitComet 20648 TCP
"20648:UDP"= 20648:UDP:BitComet 20648 UDP

R0 pe3anmue;Ubersoldier 2 Environment Driver (pe3anmue);C:\WINDOWS\system32\drivers\pe3anmue.sy s [2008-02-21 16:38]
R0 ps7anmue;Ubersoldier 2 Synchronization Driver (ps7anmue);C:\WINDOWS\system32\drivers\ps7anmue.sy s [2008-02-21 16:37]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-03 06:06]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.s ys [2006-06-14 13:44]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-03 06:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-03 06:06]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-03 06:06]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2008-03-25 11:15]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2008-03-25 11:15]
S2 pr2anmue;Ubersoldier 2 Drivers Auto Removal (pr2anmue);C:\WINDOWS\system32\pr2anmue.exe svc []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20af4ecd-39c2-11dd-b50d-0019dbf62813}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 14:37:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-29 14:38:18
ComboFix-quarantined-files.txt 2008-06-29 06:38:16
ComboFix2.txt 2008-06-28 07:41:52

Pre-Run: 8,462,336,000 bytes free
Post-Run: 8,450,371,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

250 --- E O F --- 2008-06-25 16:12:07
-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:34 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Paul Chong\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212424268984
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 8567 bytes

Ok.Last bit...

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Here are the logs.

ComboFix 08-06-20.4 - Paul Chong 2008-06-29 17:50:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2848 [GMT 8:00]
Running from: C:\Documents and Settings\Paul Chong\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Chong\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\rhc7btj0el6j
C:\Documents and Settings\Paul Chong\Application Data\rhc7btj0el6j

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 15:52 . 2008-06-28 15:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-28 15:49 . 2008-06-28 16:04 <DIR> d-------- C:\SDFix
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\SUPERAntiSpyware.com
2008-06-28 15:09 . 2008-06-28 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Malwarebytes
2008-06-28 15:06 . 2008-06-28 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 15:06 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 15:06 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 11:21 . 2008-06-28 11:21 <DIR> d-------- C:\Deckard
2008-06-28 09:33 . 2008-06-28 09:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-28 09:25 . 2008-06-28 09:25 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-26 22:57 . 2008-06-26 22:57 <DIR> dr-h----- C:\Documents and Settings\Paul Chong\Application Data\SecuROM
2008-06-26 22:57 . 2008-06-26 22:57 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-26 22:53 . 2008-06-26 22:53 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-26 22:52 . 2008-06-26 22:52 <DIR> d--h----- C:\Documents and Settings\Paul Chong\InstallAnywhere
2008-06-26 22:51 . 2008-06-27 18:07 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Sports Interactive
2008-06-22 16:36 . 2008-06-22 16:36 <DIR> d-------- C:\Program Files\Open Workbench
2008-06-22 16:30 . 2008-06-22 16:30 <DIR> d-------- C:\Program Files\Java
2008-06-22 16:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-22 16:29 . 2008-06-22 16:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-22 11:48 . 2008-06-22 11:48 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQDoctor
2008-06-22 11:02 . 2008-06-22 11:02 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQUpdate
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\WINDOWS\system32\qqedit
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-21 18:14 . 2008-06-22 11:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Tencent
2008-06-21 18:14 . 2008-06-21 18:14 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\QQ
2008-06-20 19:23 . 2001-08-23 20:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 07:45 . 2008-06-20 07:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-06-20 07:38 . 2008-06-20 07:45 <DIR> d-------- C:\Program Files\Macromedia
2008-06-20 07:38 . 2008-06-20 07:43 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-06-20 07:37 . 2008-06-20 07:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-19 16:23 . 2008-06-19 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-19 16:17 . 2008-06-19 16:17 <DIR> d-------- C:\Program Files\Bonjour
2008-06-19 16:12 . 2008-06-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-19 16:07 . 2008-06-19 16:07 <DIR> d-------- C:\Program Files\MagicISO
2008-06-15 16:27 . 2008-06-15 16:27 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-15 09:29 . 2008-06-22 16:37 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\U3
2008-06-13 10:12 . 2008-06-13 10:12 <DIR> d-------- C:\WINDOWS\Close Combat - Modern Tactics
2008-06-11 19:25 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 07:42 . 2008-06-26 14:35 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\TeamViewer
2008-06-10 07:40 . 2008-06-10 07:40 <DIR> d-------- C:\Documents and Settings\Paul Chong\temp
2008-06-07 14:33 . 2008-06-15 20:50 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\PowerChallenge
2008-06-07 13:45 . 2001-08-23 20:00 173,602 --a--c--- C:\WINDOWS\system32\dllcache\c_10008.nls
2008-06-07 13:45 . 2001-08-23 20:00 173,602 --a------ C:\WINDOWS\system32\c_10008.nls
2008-06-06 07:20 . 2008-06-06 07:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-06 07:02 . 2008-06-06 07:02 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\DAEMON Tools
2008-06-06 07:02 . 2008-06-06 07:02 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-05 23:48 . 2008-05-22 08:12 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-05 23:48 . 2008-05-22 08:12 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-05 23:48 . 2008-05-28 06:22 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-05 23:48 . 2008-05-22 08:12 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-05 23:48 . 2008-05-28 06:22 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-05 23:48 . 2008-05-28 06:21 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-05 23:48 . 2008-05-28 06:21 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-05 23:14 . 2008-06-22 11:39 <DIR> d-------- C:\Program Files\NJStar Communicator
2008-06-05 23:14 . 2008-06-22 11:39 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\NJStar
2008-06-05 22:17 . 2008-06-05 22:17 1,222 --a------ C:\WINDOWS\checkip.dat
2008-06-05 06:44 . 2008-06-05 06:44 <DIR> d-------- C:\Program Files\EASEUS
2008-06-05 03:53 . 2008-06-05 03:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-05 03:53 . 2006-10-04 22:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-05 03:53 . 2006-10-04 22:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-05 03:53 . 2006-10-04 22:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-05 03:52 . 2008-06-05 03:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-05 03:52 . 2008-06-05 03:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-05 02:45 . 2008-06-09 06:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 07:42 . 2008-06-05 21:49 <DIR> d-------- C:\Documents and Settings\Paul Chong\Contacts
2008-06-04 07:33 . 2008-06-04 07:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 07:32 . 2008-06-04 07:42 <DIR> d-------- C:\Program Files\Windows Live
2008-06-04 07:32 . 2008-06-04 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-04 07:29 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-04 07:29 . 2008-06-24 23:35 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-04 07:28 . 2008-06-04 07:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-04 07:28 . 2008-06-04 07:28 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-04 07:27 . 2008-06-04 07:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-04 07:27 . 2008-06-17 23:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-04 07:26 . 2008-06-04 07:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-04 07:25 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-04 07:25 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-04 07:25 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-04 07:25 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-04 07:25 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-04 07:25 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-04 07:25 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-04 07:25 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-04 07:25 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-04 07:23 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-04 01:33 . 2008-06-04 01:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-04 01:18 . 2008-06-04 01:18 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-04 01:17 . 2008-06-04 01:32 <DIR> d-------- C:\Program Files\BitComet
2008-06-04 01:17 . 2007-07-09 21:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-04 01:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-04 01:11 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 22:44 . 2008-06-03 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-06-03 22:11 . 2008-06-03 22:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-03 22:04 . 2008-06-03 22:04 <DIR> d-------- C:\Program Files\RegSupreme Pro
2008-06-03 22:04 . 2008-06-03 22:04 23 --------- C:\WINDOWS\system32\dfaded8_d.ocx
2008-06-03 21:59 . 2008-06-28 00:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 21:59 . 2008-06-28 02:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 21:59 . 2005-04-15 19:58 1,071,088 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-03 21:59 . 2005-08-25 18:18 118,784 --------- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-03 21:59 . 2005-08-25 18:19 115,920 --------- C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:56 . 2008-06-23 22:55 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\SiteAdvisor
2008-06-03 21:56 . 2008-06-29 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-03 21:56 . 2008-06-03 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-03 21:51 . 2008-06-03 21:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-03 21:51 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 21:51 . 2008-06-03 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 21:35 . 2008-06-03 21:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-03 06:36 . 2008-06-28 15:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-03 06:17 . 2008-06-03 06:17 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\Talkback
2008-06-03 06:17 . 2008-06-03 06:17 0 --------- C:\WINDOWS\nsreg.dat
2008-06-03 06:06 . 2008-06-29 13:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 06:06 . 2008-06-03 06:06 <DIR> d-------- C:\Program Files\AVG
2008-06-03 06:06 . 2008-06-07 21:07 <DIR> d-------- C:\Documents and Settings\Paul Chong\Application Data\AVGTOOLBAR
2008-06-03 06:06 . 2008-06-03 06:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 06:06 . 2008-06-03 06:06 96,520 --------- C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-03 06:06 . 2008-06-03 06:06 75,272 --------- C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-03 06:06 . 2008-06-03 06:06 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll
2008-06-03 01:09 . 2008-06-03 01:09 <DIR> d-------- C:\Program Files\CCleaner
2008-06-03 00:39 . 2008-06-03 00:39 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-03 00:39 . 2008-06-03 00:39 <DIR> d-------- C:\WINDOWS\peernet
2008-06-03 00:38 . 2008-06-03 00:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-15 06:13 --------- d-----w C:\Program Files\MSI
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 22:35 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-04 22:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 15:58 --------- d-----w C:\Program Files\Realtek
2008-05-16 03:58 12,632 ------w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20 15,648 ------w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ------w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ------w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-07 08:06 9,715,200 ------r C:\WINDOWS\RTLCPL.exe
2008-04-07 08:06 86,016 ------r C:\WINDOWS\SoundMan.exe
2008-04-07 08:06 69,632 ------r C:\WINDOWS\Alcmtr.exe
2008-04-07 08:06 520,192 ------r C:\WINDOWS\RtlExUpd.dll
2008-04-07 08:06 49,152 ------r C:\WINDOWS\system32\ChCfg.exe
2008-04-07 08:06 2,808,832 ------r C:\WINDOWS\alcwzrd.exe
2008-04-07 08:06 2,165,760 ------r C:\WINDOWS\MicCal.exe
2008-04-07 08:06 1,826,816 ------r C:\WINDOWS\SkyTel.exe
2008-04-07 08:06 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_14.38.10.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 05:16:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 06:43:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-03-06 15:52 1130496]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 17:39 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-05-23 14:51 688217]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2008-03-25 11:15 380928]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16:06 16859136 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2008-03-24 19:52 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-03 06:06 1177368]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2008-05-17 00:50 36640]
"DelReg"="C:\Program Files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 19:26 196608]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 18:30 498176]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 13:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2002-08-29 05:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2002-08-29 05:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2002-08-29 05:39 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-06-15 14:13:19 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Games\\PES 2008\\PES2008.exe"=
"C:\\Documents and Settings\\Paul Chong\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20648:TCP"= 20648:TCP:BitComet 20648 TCP
"20648:UDP"= 20648:UDP:BitComet 20648 UDP

R0 pe3anmue;Ubersoldier 2 Environment Driver (pe3anmue);C:\WINDOWS\system32\drivers\pe3anmue.sy s [2008-02-21 16:38]
R0 ps7anmue;Ubersoldier 2 Synchronization Driver (ps7anmue);C:\WINDOWS\system32\drivers\ps7anmue.sy s [2008-02-21 16:37]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-03 06:06]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.s ys [2006-06-14 13:44]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-03 06:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-03 06:06]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-03 06:06]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2008-03-25 11:15]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2008-03-25 11:15]
S2 pr2anmue;Ubersoldier 2 Drivers Auto Removal (pr2anmue);C:\WINDOWS\system32\pr2anmue.exe svc []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20af4ecd-39c2-11dd-b50d-0019dbf62813}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - DUALCORECENTER
*Newly Created Service* - RUSHTOPDEVICE2
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 17:52:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-29 17:52:53
ComboFix-quarantined-files.txt 2008-06-29 09:52:43
ComboFix2.txt 2008-06-29 06:38:18
ComboFix3.txt 2008-06-28 07:41:52

Pre-Run: 8,492,085,248 bytes free
Post-Run: 8,479,186,944 bytes free

256 --- E O F --- 2008-06-25 16:12:07

-------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:12 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul Chong\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212424268984
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmue) (pr2anmue) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2anmue.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 8561 bytes