0

Please help me take a look at my log file. My homepage has been changed to http:/// Everytime i changes the homepage, it will change back to http:/// in about 5secs. Tried many programs like Windows Defender, Spyware Doctor, Malwarebytes anti-malware and problem still persists.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:02 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NoeNoeJetma.vbs
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\onenotem.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11050 bytes

4
Contributors
20
Replies
21
Views
8 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Download[B][URL="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"] ComboFix[/URL][/B], You will get a prompt asking if you want to run or save the file. Choose [B]SAVE[/B] and save it to the desk top.[B] DO NOT RUN it YET [/B] We are almost ready to start ComboFix, but before we do so, we need to take some preventative … Read More

  • Ok. That did not reveal what I thought it would. You can delete smitfraudfix now. 1. Please [b][u]open Notepad[/u][/b][list] [*] Click [b]Start[/b] , then [b]Run[/b] [*]Type[b] notepad.exe[/b] in the Run Box.[/list] 2. Now [b]copy/paste[/b] the entire content of the codebox below into the Notepad window: [CODE] KillAll:: File:: c:\windows\system32\NoeNoeJetma.vbs [/CODE] … Read More

0

I am sorry, here is it.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/12/2009 10:36:17 PM
mbam-log-2009-08-12 (22-36-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 163047
Time elapsed: 24 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Ok, the MBA-M database was out of date when you ran it. Always update MBA-M before each run. This program has updates daily, at the very least, sometimes more than once a day so that is a rule everyone should just make standard, update before each and every scan. I would advise that you update now and run another Full Scan, just to be sure. If something is found, Remove it and reboot the computer and then run a new HJT scan and post back with both logs. If nothing is found just post back with that information.

I recommend that you TURN off Windows Defender, Spyware Doctor, and Ashampoo Magical Defrag 2. The first two are, in my opinion anyway, way over rated. Windows Defender just hasn't shown to be the "defender" it claims to be. Spyware Doctor is really questionable in it's ability to protect and remove also, especially if you are using the FREE version. It just is not fully functional and also has tendencies to flag harmless cookies as potential threats and fails to give more than generic information on items found. There are other better programs out there. As for the Magical Defrag program, there is no reason to be constantly defragging a system. Unless one uses the computer for very intensive work which moves a lot of files and folders around all the time just doing a maybe monthly defrag certainly would be sufficient. This program is also known to cause major slow-downs on some computers while running all the time in the background.
Judy

0

I've removed those programs, also did a new scan, nothing was found.

Malwarebytes' Anti-Malware 1.40
Database version: 2618
Windows 5.1.2600 Service Pack 3

8/14/2009 9:56:28 AM
mbam-log-2009-08-14 (09-56-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165788
Time elapsed: 22 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:41 AM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\rsm\rsm\RapidShareManager_0_1_0_248\RapidShareManager.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NoeNoeJetma.vbs
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\onenotem.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10148 bytes

0

Run HJT again and place a check mark next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NoeNoeJetma.vbs
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
When you have placed the check marks click the Fix Checked button.
Exit HJT.
Reboot.
Go to Add/Remove and look for AskBar. If you find it, uninstall it.
Then do a new HJT scan and post the log here.

0

Here's the new log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:23 AM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NoeNoeJetma.vbs
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\onenotem.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9516 bytes

0

Did you put the check mark in this entry as requested?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NoeNoeJetma.vbs

1

Download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

Votes + Comments
Good work :)
0

Here's the ComboFix log file.

ComboFix 09-08-10.06 - Wilfred Ang 08/14/2009 12:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1417 [GMT 8:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-12 14:04 . 2009-08-12 14:04 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-12 14:04 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 14:04 . 2009-08-12 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 14:04 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 15:14 . 2009-08-14 00:27 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-09 12:57 . 2009-08-09 12:57 -------- d-----w- c:\documents and settings\Wilfred Ang\.housecall6.6
2009-08-09 12:57 . 2009-08-09 12:57 152576 ----a-w- c:\documents and settings\Wilfred Ang\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 12:15 . 2009-08-09 12:15 -------- d-----w- c:\program files\Trend Micro
2009-08-09 12:01 . 2009-08-14 00:27 -------- d-----w- c:\program files\Spyware Doctor
2009-08-09 11:48 . 2005-09-22 23:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-08-09 11:40 . 2009-08-09 11:41 -------- d-----w- c:\program files\AskBarDis
2009-08-09 11:40 . 2009-08-09 11:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-09 04:56 . 2009-08-09 04:56 -------- d-----w- c:\program files\Photomatix
2009-08-09 04:56 . 2007-11-04 08:41 274432 ----a-w- c:\windows\system32\Photomatix25Lib2.dll
2009-08-09 04:56 . 2007-10-16 05:41 278528 ----a-w- c:\windows\system32\Photomatix25Lib.dll
2009-08-09 04:56 . 2007-09-05 20:35 95525 ----a-w- c:\windows\system32\Photomatix25Lib3.dll
2009-08-09 04:56 . 2007-06-28 06:09 446464 ----a-w- c:\windows\system32\Photomatix_jpg.dll
2009-08-09 04:56 . 2007-01-02 05:13 274432 ----a-w- c:\windows\system32\lcms.dll
2009-08-09 04:56 . 2006-11-29 03:55 204288 ----a-w- c:\windows\system32\pmtf3.dll
2009-08-09 04:56 . 2006-02-05 08:23 205824 ----a-w- c:\windows\system32\pmtf1.dll
2009-08-09 04:56 . 2006-02-05 07:27 353280 ----a-w- c:\windows\system32\pmtf2.dll
2009-08-09 04:56 . 2004-12-14 04:19 53248 ----a-w- c:\windows\system32\pmexr.dll
2009-08-09 04:56 . 2004-06-04 13:22 782336 ----a-w- c:\windows\system32\IlmImf.dll
2009-08-09 04:56 . 2003-11-26 02:47 11776 ----a-w- c:\windows\system32\pmbm.dll
2009-07-31 15:57 . 2009-07-31 15:58 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\GetRightToGo
2009-07-29 08:27 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 08:27 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-26 14:09 . 2009-07-26 14:09 199168 ----a-w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\tsMuxeR.exe
2009-07-26 14:09 . 2009-07-26 14:09 1638400 ----a-w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\ImgBurn.exe
2009-07-25 03:18 . 2009-07-25 03:18 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Malwarebytes
2009-07-25 03:18 . 2009-07-25 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-24 09:19 . 2009-07-31 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-24 09:08 . 2009-07-24 09:08 -------- dc-h--w- c:\windows\ie8
2009-07-24 09:07 . 2009-07-24 09:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-21 02:34 . 2009-07-21 02:34 -------- d-----w- c:\program files\MSXML 4.0
2009-07-20 08:19 . 2007-11-10 00:52 37888 ----a-r- c:\documents and settings\All Users\Application Data\Autodesk\RAC 2008\Rendering\AccuRenderRedist\Bin\ar3icons.dll
2009-07-20 08:19 . 2007-11-10 00:52 157696 ----a-r- c:\documents and settings\All Users\Application Data\Autodesk\RAC 2008\Rendering\AccuRenderRedist\Bin\MapPicker.dll
2009-07-20 08:19 . 2007-11-10 00:52 133120 ----a-r- c:\documents and settings\All Users\Application Data\Autodesk\RAC 2008\Rendering\AccuRenderRedist\Bin\ar3res.dll
2009-07-20 07:49 . 2009-07-20 07:53 -------- d-----w- c:\program files\Revit Architecture 2008
2009-07-19 07:21 . 2009-07-19 07:21 8254 --sha-r- c:\windows\system32\NoeNoeJetma.vbs
2009-07-18 09:19 . 2009-07-24 09:03 -------- d-----w- c:\program files\FlashGet
2009-07-18 09:13 . 2009-07-18 09:13 167376 ----a-w- c:\documents and settings\Wilfred Ang\Application Data\Mozilla\Firefox\Profiles\wx1c39ou.default\FlashGot.exe
2009-07-18 08:49 . 2009-07-18 08:54 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\RapidShare
2009-07-18 08:47 . 2009-07-19 10:08 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\Deployment
2009-07-18 08:35 . 2009-07-18 08:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-17 08:47 . 2009-07-17 08:47 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\CAPCOM
2009-07-17 07:55 . 2009-07-17 07:55 -------- d-----w- c:\program files\CAPCOM
2009-07-17 07:55 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-17 07:55 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-17 07:55 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-17 07:55 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-17 07:55 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-17 07:55 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-17 07:55 . 2009-07-17 07:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-17 07:55 . 2009-07-17 07:55 -------- d-----w- c:\windows\system32\xlive
2009-07-17 06:27 . 2009-07-17 06:27 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-17 06:27 . 2009-07-17 06:27 -------- d-----w- c:\program files\Real
2009-07-17 06:27 . 2009-07-17 06:27 -------- d-----w- c:\program files\Common Files\Real
2009-07-17 05:44 . 2009-07-17 05:44 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-07-16 13:38 . 2009-07-16 13:38 0 ----a-w- c:\windows\nsreg.dat
2009-07-16 13:38 . 2009-07-16 13:38 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 04:03 . 2009-06-18 13:45 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\foobar2000
2009-08-14 03:54 . 2009-07-07 04:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-13 15:10 . 2009-06-21 07:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-13 14:01 . 2009-06-18 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-13 01:22 . 2009-08-13 01:22 506376 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-09 12:58 . 2009-06-19 07:43 -------- d-----w- c:\program files\Java
2009-08-09 11:39 . 2009-08-09 11:39 -------- d-----w- c:\program files\Zone Labs
2009-08-06 00:48 . 2009-06-18 12:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2008-04-14 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 13:55 . 2009-07-06 14:52 -------- d-----w- c:\program files\iTunes
2009-07-31 16:04 . 2009-07-03 20:13 1930008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-31 15:45 . 2009-06-24 10:14 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-07-31 15:45 . 2009-06-24 10:14 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Autodesk
2009-07-31 13:53 . 2009-06-18 13:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 13:46 . 2009-06-26 10:38 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\U3
2009-07-26 03:39 . 2009-06-18 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-25 13:59 . 2009-07-06 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-24 21:23 . 2009-06-19 07:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 08:15 . 2009-06-24 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-07-18 03:05 . 2009-06-18 12:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 13:18 . 2009-06-18 11:51 76208 ----a-w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 06:27 . 2006-07-11 10:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-13 15:43 . 2008-04-14 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 03:01 . 2009-07-13 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Indent 2
2009-07-08 02:37 . 2009-07-07 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-07 04:39 . 2009-07-07 04:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-07 04:39 . 2009-07-07 04:39 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-06 14:53 . 2009-07-06 14:53 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Apple Computer
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\program files\iPod
2009-07-06 14:52 . 2009-07-06 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\program files\Bonjour
2009-07-06 14:52 . 2009-07-06 14:51 -------- d-----w- c:\program files\QuickTime
2009-07-06 14:51 . 2009-07-06 14:51 -------- d-----w- c:\program files\Apple Software Update
2009-07-06 14:51 . 2009-07-06 14:51 -------- d-----w- c:\program files\Common Files\Apple
2009-07-03 19:54 . 2009-07-03 19:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-07-03 19:54 . 2009-06-18 13:31 -------- d-----w- c:\program files\Uniblue
2009-07-03 17:09 . 2008-04-14 11:00 892928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 03:08 . 2009-07-03 19:54 2838462 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-06-25 16:41 . 2009-06-25 16:02 -------- d-----w- c:\program files\PhotoScape
2009-06-25 16:03 . 2009-06-25 16:02 -------- d-----w- c:\program files\Google
2009-06-25 08:49 . 2009-06-25 08:48 -------- d-----w- c:\program files\Garena
2009-06-24 10:15 . 2009-06-24 10:10 -------- d-----w- c:\program files\Revit Architecture 2009
2009-06-24 04:57 . 2009-06-18 11:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 02:01 . 2009-06-18 12:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 02:01 . 2009-06-18 12:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 06:52 . 2009-06-21 06:52 -------- d-----w- c:\program files\Activision
2009-06-20 04:24 . 2009-06-19 16:00 -------- d-----w- c:\program files\iColorFolder
2009-06-20 02:04 . 2009-06-19 16:01 -------- d-----w- c:\program files\Tiger System Preferences v2
2009-06-20 01:59 . 2009-06-18 14:14 -------- d-----w- c:\program files\Stardock
2009-06-20 01:55 . 2009-06-19 16:01 -------- d-----w- c:\program files\YzShadow
2009-06-20 01:55 . 2009-06-19 16:01 -------- d-----w- c:\program files\UberIcon
2009-06-20 01:54 . 2008-04-14 11:00 2102784 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-20 01:54 . 2008-04-14 00:01 1981440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-19 15:26 . 2009-06-19 02:37 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\DAEMON Tools Lite
2009-06-19 14:37 . 2009-06-19 14:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-19 11:04 . 2009-06-19 11:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-19 07:43 . 2009-06-19 07:43 152576 ----a-w- c:\documents and settings\Wilfred Ang\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-19 07:39 . 2009-06-19 03:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-19 03:09 . 2009-06-19 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-19 03:09 . 2009-06-19 03:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-19 02:37 . 2009-06-19 02:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-18 14:56 . 2009-06-18 14:56 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 14:56 . 2009-06-18 13:18 -------- d-----w- c:\program files\MSBuild
2009-06-18 14:55 . 2009-06-18 14:55 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 14:54 . 2009-06-18 14:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 14:46 . 2009-06-18 14:46 -------- d-----w- c:\program files\Common Files\Stardock
2009-06-18 14:14 . 2009-06-18 14:14 -------- d-----w- c:\program files\Microsoft
2009-06-18 14:14 . 2009-06-18 14:14 -------- d-----w- c:\program files\Windows Live
2009-06-18 14:14 . 2009-06-18 14:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-18 14:12 . 2009-06-18 14:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-18 14:03 . 2009-06-18 14:03 -------- d-----w- c:\program files\Gabest
2009-06-18 14:02 . 2009-06-18 14:02 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Media Player Classic
2009-06-18 14:00 . 2009-06-18 14:00 -------- d-----w- c:\program files\Haali
2009-06-18 13:59 . 2009-06-18 13:59 -------- d-----w- c:\program files\CoreCodec
2009-06-18 13:55 . 2009-06-18 13:55 -------- d-----w- c:\program files\CCleaner
2009-06-18 13:54 . 2009-06-18 13:54 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Megaupload
2009-06-18 13:54 . 2009-06-18 13:54 -------- d-----w- c:\program files\Megaupload
2009-06-18 13:51 . 2009-06-18 13:51 -------- d-----w- c:\program files\ffdshow
2009-06-18 13:45 . 2009-06-18 13:45 -------- d-----w- c:\program files\foobar2000
2009-06-18 13:31 . 2009-06-18 13:31 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Uniblue
2009-06-18 13:31 . 2009-06-18 13:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\program files\Razer
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\InstallShield
2009-06-18 13:18 . 2009-06-18 13:18 -------- d-----w- c:\program files\Reference Assemblies
2009-06-18 13:11 . 2009-06-18 13:11 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-18 12:47 . 2009-06-18 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashampoo
2009-06-18 12:42 . 2009-06-18 12:40 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-18 12:40 . 2009-06-18 12:40 -------- d-----w- c:\program files\AVG
2009-06-18 12:36 . 2009-06-18 12:36 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 12:35 . 2009-06-18 12:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 12:14 . 2009-06-18 12:14 -------- d-----w- c:\program files\Realtek
2009-06-18 12:12 . 2009-06-18 12:12 315392 ----a-w- c:\windows\HideWin.exe
2009-06-18 12:12 . 2009-06-18 12:12 -------- d-----w- c:\program files\Marvell
2009-06-18 11:55 . 2009-06-18 11:55 -------- d-----w- c:\program files\Intel
2009-06-18 11:34 . 2009-06-18 11:34 -------- d-----w- c:\program files\microsoft frontpage
2009-06-18 11:31 . 2009-06-18 11:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-16 14:36 . 2008-04-14 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-04-14 11:00 . 2009-06-20 01:54 60416 --sha-w- c:\windows\FlyakiteOSX\Backup\msimn.exe
2008-04-13 21:42 . 2009-06-20 01:53 1695232 --sha-w- c:\windows\FlyakiteOSX\Backup\msmsgs.exe
.

------- Sigcheck -------

[7] 2008-04-14 11:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\FlyakiteOSX\Backup\user32.dll
[-] 2008-04-14 11:00 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\user32.dll
[-] 2008-04-14 11:00 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\dllcache\user32.dll

[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:06 915456 38114DAB42FB2EB84D1726C42B8D80C5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\FlyakiteOSX\Backup\wininet.dll
[7] 2008-04-14 11:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie8\wininet.dll
[7] 2009-03-07 20:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:15 892928 8512B0CE9E148E3908C1437C50E99AA6 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-07-03 17:09 892928 9B53E5ED4EA058DC90574B1A0B6646EC c:\windows\system32\wininet.dll
[-] 2009-07-03 17:09 892928 9B53E5ED4EA058DC90574B1A0B6646EC c:\windows\system32\dllcache\wininet.dll

[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 11:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-07 11:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
[-] 2009-06-20 01:54 1981440 5C4DFC696D52CAE2F02837BD83FE2113 c:\windows\system32\ntkrnlpa.exe
[-] 2009-06-20 01:54 1981440 5C4DFC696D52CAE2F02837BD83FE2113 c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-07 11:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 11:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
[-] 2009-06-20 01:54 2102784 B8B361F91FB4EABCF3C67DFD66D0B914 c:\windows\system32\ntoskrnl.exe
[-] 2009-06-20 01:54 2102784 B8B361F91FB4EABCF3C67DFD66D0B914 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 11:00 2823168 5BC7FC5A4ED6658868F97040DD906E07 c:\windows\explorer.exe
[7] 2008-04-14 11:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 11:00 2823168 5BC7FC5A4ED6658868F97040DD906E07 c:\windows\system32\dllcache\explorer.exe

[7] 2009-04-29 04:21 3069440 06CF679E3D24C3DF270556456A0F1EDA c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:17 5938176 F25D866DD486AD30E05E5596CB363C3E c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:18 5937152 5A32B43A48D6DCA339BF24105D9A028F c:\windows\FlyakiteOSX\Backup\mshtml.dll
[7] 2008-04-14 11:00 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\ie8\mshtml.dll
[7] 2009-03-07 20:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-05-13 05:15 6280704 0CF496FAD5A0B0546AC66DF68AAC46DF c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-07-19 13:18 6281728 CE05ED80E639D651EF8863978920BA67 c:\windows\system32\mshtml.dll
[-] 2009-07-19 13:18 6281728 CE05ED80E639D651EF8863978920BA67 c:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 11:00 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\FlyakiteOSX\Backup\comres.dll
[-] 2008-04-14 11:00 1262080 6F2D9DE0605D2EE7FAA0EA356359C631 c:\windows\system32\comres.dll
[-] 2008-04-14 11:00 1262080 6F2D9DE0605D2EE7FAA0EA356359C631 c:\windows\system32\dllcache\comres.dll

[7] 2008-04-14 11:00 617472 06F247492BC786CE5C24A23E178C711A c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2008-04-14 11:00 629760 0235E6C41328F5A77A572A4ECA5737C0 c:\windows\system32\comctl32.dll
[-] 2008-04-14 11:00 629760 0235E6C41328F5A77A572A4ECA5737C0 c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 11:00 919552 3DB20630FBA2A7B03CA25105B0149129 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 11:00 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-07-05 06:56 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]

c:\documents and settings\Wilfred Ang\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\onenotem.exe [2006-10-26 216392]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-18 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 02:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRoll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2009 8:40 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2009 8:40 PM 108552]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/9/2009 7:40 PM 464264]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/18/2009 8:40 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/18/2009 8:40 PM 298776]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 6:40 PM 84992]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [6/18/2009 9:25 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyServer = proxy.singnet.com.sg:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\documents and settings\Wilfred Ang\Application Data\Mozilla\Firefox\Profiles\wx1c39ou.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 12:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(5708)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\YzShadow\YzShadow.dll
c:\program files\UberIcon\UberIcon.dll
c:\windows\system32\COMRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\System32\cscui.dll
c:\windows\system32\shimgvw.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-14 12:29
ComboFix-quarantined-files.txt 2009-08-14 04:29

Pre-Run: 21,117,714,432 bytes free
Post-Run: 21,103,489,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

398 --- E O F --- 2009-08-13 14:02

0

Seems like the problem is solved, thank you so much!

0

Doesn't look like it. That vbs file is still showing in the log.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

0

Okay here's the report,

SmitFraudFix v2.423

Scan done at 13:05:57.10, Fri 08/14/2009
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wilfred Ang


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WILFRE~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wilfred Ang\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WILFRE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1D9F3D49-0C2D-4F0D-835A-7770FC3EF8F1}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1D9F3D49-0C2D-4F0D-835A-7770FC3EF8F1}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1D9F3D49-0C2D-4F0D-835A-7770FC3EF8F1}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

1

Ok. That did not reveal what I thought it would. You can delete smitfraudfix now.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\NoeNoeJetma.vbs

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Votes + Comments
Good work! :)
0

Here it is,

ComboFix 09-08-10.06 - Wilfred Ang 08/14/2009 15:04.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1343 [GMT 8:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\NoeNoeJetma.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\NoeNoeJetma.vbs
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-12 14:04 . 2009-08-12 14:04 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-12 14:04 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 14:04 . 2009-08-12 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 14:04 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 15:14 . 2009-08-14 00:27 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-09 12:57 . 2009-08-09 12:57 -------- d-----w- c:\documents and settings\Wilfred Ang\.housecall6.6
2009-08-09 12:57 . 2009-08-09 12:57 152576 ----a-w- c:\documents and settings\Wilfred Ang\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 12:15 . 2009-08-09 12:15 -------- d-----w- c:\program files\Trend Micro
2009-08-09 12:01 . 2009-08-14 00:27 -------- d-----w- c:\program files\Spyware Doctor
2009-08-09 11:48 . 2005-09-22 23:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-08-09 11:40 . 2009-08-09 11:41 -------- d-----w- c:\program files\AskBarDis
2009-08-09 11:40 . 2009-08-09 11:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-09 04:56 . 2009-08-14 04:45 -------- d-----w- c:\program files\Photomatix
2009-08-09 04:56 . 2007-11-04 08:41 274432 ----a-w- c:\windows\system32\Photomatix25Lib2.dll
2009-08-09 04:56 . 2007-10-16 05:41 278528 ----a-w- c:\windows\system32\Photomatix25Lib.dll
2009-08-09 04:56 . 2007-09-05 20:35 95525 ----a-w- c:\windows\system32\Photomatix25Lib3.dll
2009-08-09 04:56 . 2007-06-28 06:09 446464 ----a-w- c:\windows\system32\Photomatix_jpg.dll
2009-08-09 04:56 . 2007-01-02 05:13 274432 ----a-w- c:\windows\system32\lcms.dll
2009-08-09 04:56 . 2006-11-29 03:55 204288 ----a-w- c:\windows\system32\pmtf3.dll
2009-08-09 04:56 . 2006-02-05 08:23 205824 ----a-w- c:\windows\system32\pmtf1.dll
2009-08-09 04:56 . 2006-02-05 07:27 353280 ----a-w- c:\windows\system32\pmtf2.dll
2009-08-09 04:56 . 2004-12-14 04:19 53248 ----a-w- c:\windows\system32\pmexr.dll
2009-08-09 04:56 . 2004-06-04 13:22 782336 ----a-w- c:\windows\system32\IlmImf.dll
2009-08-09 04:56 . 2003-11-26 02:47 11776 ----a-w- c:\windows\system32\pmbm.dll
2009-07-31 15:57 . 2009-07-31 15:58 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\GetRightToGo
2009-07-29 08:27 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 08:27 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-26 14:09 . 2009-07-26 14:09 199168 ----a-w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\tsMuxeR.exe
2009-07-26 14:09 . 2009-07-26 14:09 1638400 ----a-w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\ImgBurn.exe
2009-07-25 03:18 . 2009-07-25 03:18 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Malwarebytes
2009-07-25 03:18 . 2009-07-25 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-24 09:19 . 2009-07-31 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-24 09:08 . 2009-07-24 09:08 -------- dc-h--w- c:\windows\ie8
2009-07-24 09:07 . 2009-07-24 09:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-21 02:34 . 2009-07-21 02:34 -------- d-----w- c:\program files\MSXML 4.0
2009-07-20 08:19 . 2007-11-10 00:52 37888 ----a-r- c:\documents and settings\All Users\Application Data\Autodesk\RAC 2008\Rendering\AccuRenderRedist\Bin\ar3icons.dll
2009-07-20 08:19 . 2007-11-10 00:52 157696 ----a-r- c:\documents and settings\All Users\Application Data\Autodesk\RAC 2008\Rendering\AccuRenderRedist\Bin\MapPicker.dll
2009-07-20 08:19 . 2007-11-10 00:52 133120 ----a-r- c:\documents and settings\All Users\Application Data\Autodesk\RAC 2008\Rendering\AccuRenderRedist\Bin\ar3res.dll
2009-07-20 07:49 . 2009-07-20 07:53 -------- d-----w- c:\program files\Revit Architecture 2008
2009-07-18 09:19 . 2009-07-24 09:03 -------- d-----w- c:\program files\FlashGet
2009-07-18 09:13 . 2009-07-18 09:13 167376 ----a-w- c:\documents and settings\Wilfred Ang\Application Data\Mozilla\Firefox\Profiles\wx1c39ou.default\FlashGot.exe
2009-07-18 08:49 . 2009-07-18 08:54 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\RapidShare
2009-07-18 08:47 . 2009-07-19 10:08 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\Deployment
2009-07-18 08:35 . 2009-07-18 08:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-17 08:47 . 2009-07-17 08:47 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\CAPCOM
2009-07-17 07:55 . 2009-07-17 07:55 -------- d-----w- c:\program files\CAPCOM
2009-07-17 07:55 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-17 07:55 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-17 07:55 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-17 07:55 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-17 07:55 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-17 07:55 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-17 07:55 . 2009-07-17 07:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-17 07:55 . 2009-07-17 07:55 -------- d-----w- c:\windows\system32\xlive
2009-07-17 06:27 . 2009-07-17 06:27 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-17 06:27 . 2009-07-17 06:27 -------- d-----w- c:\program files\Real
2009-07-17 06:27 . 2009-07-17 06:27 -------- d-----w- c:\program files\Common Files\Real
2009-07-17 05:44 . 2009-07-17 05:44 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-07-16 13:38 . 2009-07-16 13:38 0 ----a-w- c:\windows\nsreg.dat
2009-07-16 13:38 . 2009-07-16 13:38 -------- d-----w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 06:41 . 2009-06-18 13:45 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\foobar2000
2009-08-14 03:54 . 2009-07-07 04:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-13 15:10 . 2009-06-21 07:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-13 14:01 . 2009-06-18 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-13 01:22 . 2009-08-13 01:22 506376 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-09 12:58 . 2009-06-19 07:43 -------- d-----w- c:\program files\Java
2009-08-09 11:39 . 2009-08-09 11:39 -------- d-----w- c:\program files\Zone Labs
2009-08-06 00:48 . 2009-06-18 12:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2008-04-14 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 13:55 . 2009-07-06 14:52 -------- d-----w- c:\program files\iTunes
2009-07-31 16:04 . 2009-07-03 20:13 1930008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-31 15:45 . 2009-06-24 10:14 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-07-31 15:45 . 2009-06-24 10:14 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Autodesk
2009-07-31 13:53 . 2009-06-18 13:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 13:46 . 2009-06-26 10:38 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\U3
2009-07-26 03:39 . 2009-06-18 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-25 13:59 . 2009-07-06 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-24 21:23 . 2009-06-19 07:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 08:15 . 2009-06-24 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-07-18 03:05 . 2009-06-18 12:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 13:18 . 2009-06-18 11:51 76208 ----a-w- c:\documents and settings\Wilfred Ang\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 06:27 . 2006-07-11 10:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-13 15:43 . 2008-04-14 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 03:01 . 2009-07-13 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Indent 2
2009-07-08 02:37 . 2009-07-07 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-07 04:39 . 2009-07-07 04:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-07 04:39 . 2009-07-07 04:39 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-06 14:53 . 2009-07-06 14:53 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Apple Computer
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\program files\iPod
2009-07-06 14:52 . 2009-07-06 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\program files\Bonjour
2009-07-06 14:52 . 2009-07-06 14:51 -------- d-----w- c:\program files\QuickTime
2009-07-06 14:51 . 2009-07-06 14:51 -------- d-----w- c:\program files\Apple Software Update
2009-07-06 14:51 . 2009-07-06 14:51 -------- d-----w- c:\program files\Common Files\Apple
2009-07-03 19:54 . 2009-07-03 19:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-07-03 19:54 . 2009-06-18 13:31 -------- d-----w- c:\program files\Uniblue
2009-07-03 17:09 . 2008-04-14 11:00 892928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 03:08 . 2009-07-03 19:54 2838462 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-06-25 16:41 . 2009-06-25 16:02 -------- d-----w- c:\program files\PhotoScape
2009-06-25 16:03 . 2009-06-25 16:02 -------- d-----w- c:\program files\Google
2009-06-25 08:49 . 2009-06-25 08:48 -------- d-----w- c:\program files\Garena
2009-06-24 10:15 . 2009-06-24 10:10 -------- d-----w- c:\program files\Revit Architecture 2009
2009-06-24 04:57 . 2009-06-18 11:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 02:01 . 2009-06-18 12:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 02:01 . 2009-06-18 12:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 06:52 . 2009-06-21 06:52 -------- d-----w- c:\program files\Activision
2009-06-20 04:24 . 2009-06-19 16:00 -------- d-----w- c:\program files\iColorFolder
2009-06-20 02:04 . 2009-06-19 16:01 -------- d-----w- c:\program files\Tiger System Preferences v2
2009-06-20 01:59 . 2009-06-18 14:14 -------- d-----w- c:\program files\Stardock
2009-06-20 01:55 . 2009-06-19 16:01 -------- d-----w- c:\program files\YzShadow
2009-06-20 01:55 . 2009-06-19 16:01 -------- d-----w- c:\program files\UberIcon
2009-06-20 01:54 . 2008-04-14 11:00 2102784 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-20 01:54 . 2008-04-14 00:01 1981440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-19 15:26 . 2009-06-19 02:37 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\DAEMON Tools Lite
2009-06-19 14:37 . 2009-06-19 14:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-19 11:04 . 2009-06-19 11:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-19 07:43 . 2009-06-19 07:43 152576 ----a-w- c:\documents and settings\Wilfred Ang\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-19 07:39 . 2009-06-19 03:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-19 03:09 . 2009-06-19 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-19 03:09 . 2009-06-19 03:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-19 02:37 . 2009-06-19 02:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-18 14:56 . 2009-06-18 14:56 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 14:56 . 2009-06-18 13:18 -------- d-----w- c:\program files\MSBuild
2009-06-18 14:55 . 2009-06-18 14:55 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 14:54 . 2009-06-18 14:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 14:46 . 2009-06-18 14:46 -------- d-----w- c:\program files\Common Files\Stardock
2009-06-18 14:14 . 2009-06-18 14:14 -------- d-----w- c:\program files\Microsoft
2009-06-18 14:14 . 2009-06-18 14:14 -------- d-----w- c:\program files\Windows Live
2009-06-18 14:14 . 2009-06-18 14:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-18 14:12 . 2009-06-18 14:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-18 14:03 . 2009-06-18 14:03 -------- d-----w- c:\program files\Gabest
2009-06-18 14:02 . 2009-06-18 14:02 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Media Player Classic
2009-06-18 14:00 . 2009-06-18 14:00 -------- d-----w- c:\program files\Haali
2009-06-18 13:59 . 2009-06-18 13:59 -------- d-----w- c:\program files\CoreCodec
2009-06-18 13:55 . 2009-06-18 13:55 -------- d-----w- c:\program files\CCleaner
2009-06-18 13:54 . 2009-06-18 13:54 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Megaupload
2009-06-18 13:54 . 2009-06-18 13:54 -------- d-----w- c:\program files\Megaupload
2009-06-18 13:51 . 2009-06-18 13:51 -------- d-----w- c:\program files\ffdshow
2009-06-18 13:45 . 2009-06-18 13:45 -------- d-----w- c:\program files\foobar2000
2009-06-18 13:31 . 2009-06-18 13:31 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\Uniblue
2009-06-18 13:31 . 2009-06-18 13:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\program files\Razer
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Wilfred Ang\Application Data\InstallShield
2009-06-18 13:18 . 2009-06-18 13:18 -------- d-----w- c:\program files\Reference Assemblies
2009-06-18 13:11 . 2009-06-18 13:11 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-18 12:47 . 2009-06-18 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashampoo
2009-06-18 12:42 . 2009-06-18 12:40 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-18 12:40 . 2009-06-18 12:40 -------- d-----w- c:\program files\AVG
2009-06-18 12:36 . 2009-06-18 12:36 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 12:35 . 2009-06-18 12:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 12:14 . 2009-06-18 12:14 -------- d-----w- c:\program files\Realtek
2009-06-18 12:12 . 2009-06-18 12:12 315392 ----a-w- c:\windows\HideWin.exe
2009-06-18 12:12 . 2009-06-18 12:12 -------- d-----w- c:\program files\Marvell
2009-06-18 11:55 . 2009-06-18 11:55 -------- d-----w- c:\program files\Intel
2009-06-18 11:34 . 2009-06-18 11:34 -------- d-----w- c:\program files\microsoft frontpage
2009-06-18 11:31 . 2009-06-18 11:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-16 14:36 . 2008-04-14 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-04-14 11:00 . 2009-06-20 01:54 60416 --sha-w- c:\windows\FlyakiteOSX\Backup\msimn.exe
2008-04-13 21:42 . 2009-06-20 01:53 1695232 --sha-w- c:\windows\FlyakiteOSX\Backup\msmsgs.exe
.

------- Sigcheck -------

[7] 2008-04-14 11:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\FlyakiteOSX\Backup\user32.dll
[-] 2008-04-14 11:00 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\user32.dll
[-] 2008-04-14 11:00 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\dllcache\user32.dll

[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:06 915456 38114DAB42FB2EB84D1726C42B8D80C5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\FlyakiteOSX\Backup\wininet.dll
[7] 2008-04-14 11:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie8\wininet.dll
[7] 2009-03-07 20:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:15 892928 8512B0CE9E148E3908C1437C50E99AA6 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-07-03 17:09 892928 9B53E5ED4EA058DC90574B1A0B6646EC c:\windows\system32\wininet.dll
[-] 2009-07-03 17:09 892928 9B53E5ED4EA058DC90574B1A0B6646EC c:\windows\system32\dllcache\wininet.dll

[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 11:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-07 11:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
[-] 2009-06-20 01:54 1981440 5C4DFC696D52CAE2F02837BD83FE2113 c:\windows\system32\ntkrnlpa.exe
[-] 2009-06-20 01:54 1981440 5C4DFC696D52CAE2F02837BD83FE2113 c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-07 11:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 11:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
[-] 2009-06-20 01:54 2102784 B8B361F91FB4EABCF3C67DFD66D0B914 c:\windows\system32\ntoskrnl.exe
[-] 2009-06-20 01:54 2102784 B8B361F91FB4EABCF3C67DFD66D0B914 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 11:00 2823168 5BC7FC5A4ED6658868F97040DD906E07 c:\windows\explorer.exe
[7] 2008-04-14 11:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 11:00 2823168 5BC7FC5A4ED6658868F97040DD906E07 c:\windows\system32\dllcache\explorer.exe

[7] 2009-04-29 04:21 3069440 06CF679E3D24C3DF270556456A0F1EDA c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:17 5938176 F25D866DD486AD30E05E5596CB363C3E c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:18 5937152 5A32B43A48D6DCA339BF24105D9A028F c:\windows\FlyakiteOSX\Backup\mshtml.dll
[7] 2008-04-14 11:00 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\ie8\mshtml.dll
[7] 2009-03-07 20:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-05-13 05:15 6280704 0CF496FAD5A0B0546AC66DF68AAC46DF c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-07-19 13:18 6281728 CE05ED80E639D651EF8863978920BA67 c:\windows\system32\mshtml.dll
[-] 2009-07-19 13:18 6281728 CE05ED80E639D651EF8863978920BA67 c:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 11:00 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\FlyakiteOSX\Backup\comres.dll
[-] 2008-04-14 11:00 1262080 6F2D9DE0605D2EE7FAA0EA356359C631 c:\windows\system32\comres.dll
[-] 2008-04-14 11:00 1262080 6F2D9DE0605D2EE7FAA0EA356359C631 c:\windows\system32\dllcache\comres.dll

[7] 2008-04-14 11:00 617472 06F247492BC786CE5C24A23E178C711A c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2008-04-14 11:00 629760 0235E6C41328F5A77A572A4ECA5737C0 c:\windows\system32\comctl32.dll
[-] 2008-04-14 11:00 629760 0235E6C41328F5A77A572A4ECA5737C0 c:\windows\system32\dllcache\comctl32.dll
[-] 2008-04-14 11:00 919552 3DB20630FBA2A7B03CA25105B0149129 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 11:00 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-07-05 06:56 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_04.29.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 07:07 . 2009-08-14 07:07 16384 c:\windows\temp\Perflib_Perfdata_260.dat
+ 2009-08-14 07:07 . 2009-08-14 07:07 16384 c:\windows\temp\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]

c:\documents and settings\Wilfred Ang\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\onenotem.exe [2006-10-26 216392]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-18 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 02:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2009 8:40 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2009 8:40 PM 108552]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/9/2009 7:40 PM 464264]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/18/2009 8:40 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/18/2009 8:40 PM 298776]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 6:40 PM 84992]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [6/18/2009 9:25 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sg/
uInternet Settings,ProxyServer = proxy.singnet.com.sg:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\documents and settings\Wilfred Ang\Application Data\Mozilla\Firefox\Profiles\wx1c39ou.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\YzShadow\YzShadow.dll
c:\program files\UberIcon\UberIcon.dll
c:\windows\system32\COMRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\System32\cscui.dll
c:\windows\system32\shimgvw.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\snmp.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-14 15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 07:09
ComboFix2.txt 2009-08-14 04:29

Pre-Run: 21,029,687,296 bytes free
Post-Run: 21,047,152,640 bytes free

420 --- E O F --- 2009-08-13 14:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:52 PM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\onenotem.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9326 bytes

0

It looks good to me also. You do need to get that AskBar off of there.
Go to Start, Control Panel, Administrative Tools, Services. Double click to open. Scroll down to ASKService. Double click to open. Stop the Service. Then in the middle where it says Start up type, change that to Disabled.
Close out Services.
Then go to C:\Program Files\
look for the AskBarDis folder and Delete it.
Then reboot and run a new HJT scan. Post back with that log.
Judy

0

Hi, I have the same problem:
During startup, window script error msg about noenoejetma
And IE shows http:///
USB drive autorun will be infected by Trojan Noenoejetma

What should i do?
Thanks!

-Val

0

vallsf, you need to begin your own thread giving all information about your system, your anti-virus program and steps you have taken to remove the problem. Then somebody will help you. We only help one person in each thread.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.