here the log :
Logfile of HijackThis v1.99.1
Scan saved at 9:42:10 AM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Vkk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\DOCUME~1\Princess\LOCALS~1\Temp\tmp3E.tmp
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Princess\My Documents\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [Hop] C:\WINDOWS\Kdp.exe
O4 - HKLM\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
O4 - HKLM\..\Run: [Jmr] C:\WINDOWS\Rac.exe
O4 - HKLM\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
O4 - HKLM\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
O4 - HKLM\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
O4 - HKLM\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
O4 - HKLM\..\Run: [ezax] C:\WINDOWS\ezax.exe
O4 - HKLM\..\Run: [Hih] C:\WINDOWS\Ugn.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\Moo.exe
O4 - HKLM\..\Run: [Jok] C:\WINDOWS\Qjk.exe
O4 - HKLM\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
O4 - HKLM\..\Run: [Sso] C:\WINDOWS\Voo.exe
O4 - HKLM\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
O4 - HKLM\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Esn.exe
O4 - HKLM\..\Run: [Gip] C:\WINDOWS\Avc.exe
O4 - HKLM\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
O4 - HKLM\..\Run: [Vrc] C:\WINDOWS\Iin.exe
O4 - HKLM\..\Run: [Ahn] C:\WINDOWS\Plo.exe
O4 - HKLM\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
O4 - HKLM\..\Run: [Iig] C:\WINDOWS\Pku.exe
O4 - HKLM\..\Run: [Vai] C:\WINDOWS\Efa.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
O4 - HKLM\..\Run: [Elv] C:\WINDOWS\Nom.exe
O4 - HKLM\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
O4 - HKLM\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
O4 - HKLM\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Hlu.exe
O4 - HKLM\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
O4 - HKLM\..\Run: [Dbm] C:\WINDOWS\Idb.exe
O4 - HKLM\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
O4 - HKLM\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
O4 - HKLM\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Kjn] C:\WINDOWS\System32\Vkk.exe
O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Princess\Application Data\mbsi.exe
O4 - HKCU\..\Run: [Hop] C:\WINDOWS\Kdp.exe
O4 - HKCU\..\Run: [Snq] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Sne] C:\WINDOWS\System32\Hmf.exe
O4 - HKCU\..\Run: [Jmr] C:\WINDOWS\Rac.exe
O4 - HKCU\..\Run: [Dbt] C:\WINDOWS\System32\Caf.exe
O4 - HKCU\..\Run: [Seb] C:\WINDOWS\System32\Utp.exe
O4 - HKCU\..\Run: [Esh] C:\WINDOWS\System32\Sab.exe
O4 - HKCU\..\Run: [Vhn] C:\WINDOWS\Gbi.exe
O4 - HKCU\..\Run: [Fue] C:\WINDOWS\System32\Anj.exe
O4 - HKCU\..\Run: [Aqi] C:\WINDOWS\Cqc.exe
O4 - HKCU\..\Run: [Hih] C:\WINDOWS\Ugn.exe
O4 - HKCU\..\Run: [Tad] C:\WINDOWS\Moo.exe
O4 - HKCU\..\Run: [Jok] C:\WINDOWS\Qjk.exe
O4 - HKCU\..\Run: [Hnc] C:\WINDOWS\System32\Uoi.exe
O4 - HKCU\..\Run: [Sso] C:\WINDOWS\Voo.exe
O4 - HKCU\..\Run: [Air] C:\WINDOWS\System32\Dld.exe
O4 - HKCU\..\Run: [Nkm] C:\WINDOWS\Nvt.exe
O4 - HKCU\..\Run: [Jkd] C:\WINDOWS\Esn.exe
O4 - HKCU\..\Run: [Gip] C:\WINDOWS\Avc.exe
O4 - HKCU\..\Run: [Kvp] C:\WINDOWS\System32\Ngd.exe
O4 - HKCU\..\Run: [Vrc] C:\WINDOWS\Iin.exe
O4 - HKCU\..\Run: [Ahn] C:\WINDOWS\Plo.exe
O4 - HKCU\..\Run: [Ucf] C:\WINDOWS\System32\Clr.exe
O4 - HKCU\..\Run: [Iig] C:\WINDOWS\Pku.exe
O4 - HKCU\..\Run: [Vai] C:\WINDOWS\Efa.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Hkr.exe
O4 - HKCU\..\Run: [Elv] C:\WINDOWS\Nom.exe
O4 - HKCU\..\Run: [Huu] C:\WINDOWS\System32\Lai.exe
O4 - HKCU\..\Run: [Oid] C:\WINDOWS\System32\Jbe.exe
O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\System32\Kla.exe
O4 - HKCU\..\Run: [Etu] C:\WINDOWS\System32\Hlr.exe
O4 - HKCU\..\Run: [Sov] C:\WINDOWS\Hlu.exe
O4 - HKCU\..\Run: [Oln] C:\WINDOWS\System32\Ufq.exe
O4 - HKCU\..\Run: [Dbm] C:\WINDOWS\Idb.exe
O4 - HKCU\..\Run: [Kjc] C:\WINDOWS\System32\Vjq.exe
O4 - HKCU\..\Run: [Iqf] C:\WINDOWS\System32\Efg.exe
O4 - HKCU\..\Run: [Ivl] C:\WINDOWS\System32\Kmg.exe
O4 - Startup: winupdate56565616[1].exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3BD4B218-42AA-4287-80A1-11893B952242} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DC85A81-E61C-4CF8-985C-F5B6C2A85ACB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AB8B398D-380C-484C-9515-3505273F0A25} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C854F0E8-FD35-4CDD-8490-7DC6A0897FA2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DAE7700C-A425-41F0-A031-A9327203FD88} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E34A3D2F-52CE-46C3-98F8-FFA74E9942BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtange...ave/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://horse-active....ang/loader2.ocx
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo....cab?refid=4604
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ise/install.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v5.cab
O16 - DPF: {E20352D0-48EF-49E6-A042-981AA9958EE2} (Launcher Control) - http://hyperrelay.ed...TWOLauncher.cab
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O21 - SSODL: NTDBGTOOL - {CF51D466-1BDC-4681-965D-3D74E79D76C4} - C:\WINDOWS\System32\ntmscdm.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe