hi, this is the DDS.txt
DDS (Ver_09-10-26.01) - NTFSx86
Run by Thanhtu. Nguyen at 14:16:53.68 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -8:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thanhtu. Nguyen\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US
ee://aol/imAppuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\thanht~1.ngu\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear wg311v2 adapter\wlancfg5.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {88D969C0-F192-11D4-A65F-0040963251E5} -
file://c:\tempei4\ei40_4\msxml4.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091028.004\IDSXpx86.sys [2009-10-28 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-8 117640]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~3\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-25 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S0 fjm30dd;fjm30dd;\SystemRoot\\SystemRoot\System32\drivers\fjm30dd.sys --> \SystemRoot\\SystemRoot\System32\drivers\fjm30dd.sys [?]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S1 52802f2d.sys;52802f2d.sys;\??\c:\windows\system32\drivers\52802f2d.sys --> c:\windows\system32\drivers\52802f2d.sys [?]
S4 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]
=============== Created Last 30 ================
2009-11-02 05:25:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 05:25:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 05:25:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 07:52:33 0 d-----w- c:\program files\Trend Micro
2009-10-28 07:54:22 0 d-----w- c:\documents and settings\thanhtu. nguyen\DoctorWeb
2009-10-06 02:57:39 0 d-----w- c:\program files\DivX
==================== Find3M ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 05:25:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 06:11:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2004-07-02 19:19:02 40960 ----a-w- c:\windows\inf\wg311v2\imdinst.exe
2004-06-18 06:41:16 386688 ----a-w- c:\windows\inf\wg311v2\netwg311_XP.sys
2004-04-04 20:07:40 84912 ----a-w- c:\windows\inf\wg311v2\FwRad17.bin
2004-04-04 20:07:36 83320 ----a-w- c:\windows\inf\wg311v2\FwRad16.bin
2004-02-04 19:53:26 62865 ----a-w- c:\windows\inf\wg311v2\odysseyIM3.sys
2004-02-04 19:53:22 12739 ----a-w- c:\windows\inf\wg311v2\odNetInstall.dll
2009-07-06 16:53:05 0 --sha-w- c:\windows\system32\babopise.dll
2009-07-06 16:54:08 0 --sha-w- c:\windows\system32\bamekoro.dll
2009-07-06 16:53:05 0 --sha-w- c:\windows\system32\biwodasa.dll
2009-07-06 16:50:23 0 --sha-w- c:\windows\system32\dazukepu.dll
2009-07-06 16:52:06 0 --sha-w- c:\windows\system32\faniyoko.dll
2009-07-06 16:55:06 0 --sha-w- c:\windows\system32\hatukame.dll
2009-07-06 16:51:14 0 --sha-w- c:\windows\system32\jalaloju.dll
2009-07-06 16:53:05 0 --sha-w- c:\windows\system32\jarigoja.dll
2009-07-06 16:51:14 0 --sha-w- c:\windows\system32\lekosasa.dll
2009-07-06 16:50:23 0 --sha-w- c:\windows\system32\mazelosi.dll
2009-07-06 16:54:08 0 --sha-w- c:\windows\system32\muditufi.dll
2009-07-06 16:52:06 0 --sha-w- c:\windows\system32\neyeriyi.dll
2009-07-06 16:56:34 0 --sha-w- c:\windows\system32\nilayuti.dll
2009-07-06 16:54:08 0 --sha-w- c:\windows\system32\nivibuke.dll
2009-07-06 16:52:06 0 --sha-w- c:\windows\system32\pimiheba.dll
2009-07-06 16:55:06 0 --sha-w- c:\windows\system32\talukota.dll
2009-07-06 16:50:23 0 --sha-w- c:\windows\system32\vewowoge.dll
2009-07-06 16:51:14 0 --sha-w- c:\windows\system32\wodayagu.dll
2009-07-06 16:56:34 0 --sha-w- c:\windows\system32\wuguyibu.dll
2009-07-06 16:55:06 0 --sha-w- c:\windows\system32\zasovore.dll
============= FINISH: 14:17:33.75 ===============