Please Help !!!!!

[nishikamae]

I Don't Know what 2 do . I'm not good at english very much before i post this topic i tried to read about the deal but i don't understand much ... take a look at this log file thank you very much

Logfile of HijackThis v1.99.1
Scan saved at 14:23:30, on 13/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

[Shaba]

Hi nishikamae

Rename HijackThis.exe to nishikamae.exe and post back a fresh HijackThis log, please

[nishikamae]

Thank You ... Here is a new log file

Logfile of HijackThis v1.99.1
Scan saved at 20:51:31, on 14/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\SeUpdateDb.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\HijackThis\nishikamae.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

[Shaba]

Hi

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

[nishikamae]

Here is a new HijackThis log file ....


Logfile of HijackThis v1.99.1
Scan saved at 21:46:05, on 14/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\nishikamae.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKLM\..\Run: [smcss] C:\WINDOWS\smcss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtec...iGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

[nishikamae]

Here is a combofix log file thank you.

ComboFix 07-10-11.1 - user 10/14/2007 21:39:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.353 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Desktop\internet.lnk
C:\Program Files\WinAble

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 09:39 153,642 ----a-w C:\WINDOWS\smcss.exe
2007-10-15 09:39 153,642 ----a-w C:\Installer.exe
2007-10-15 09:37 --------- d-----w C:\Program Files\ViStart
2007-10-15 09:34 350 ----a-w C:\sccfg.sys
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 09:15 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-13 03:30 16,384 ----a-w C:\WINDOWS\xlavra3.exe
2007-10-13 03:21 340,992 ----a-w C:\WINDOWS\system32\lasse.exe
2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-12 06:09 16,384 ----a-w C:\WINDOWS\xlavra2.exe
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-29 07:04 --------- d-----w C:\Program Files\Bug Doctor
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 09:32 4,608 ----a-w C:\WINDOWS\chkdsk32_.exe
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-20 02:25 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-06-27 09:38 178,999 ----a-w C:\Documents and Settings\user\dodolook020.exe
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 81,472 2007-10-13 05:51:05 C:\WINDOWS\system32\Restore\rstrlog.dat
.
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.