When I try to browse to anothr site, I get directed to some sites that I don't know, including som adult sites. This is one of the sites I get dircted to: //www.av-onlinescan.org/l2/index.html?ref_id=9082
I guess my computer is infected by some spyware or malware. Below is the DDS.TXT report. I have also attached the Attach.txt file.
Thank you very much for your time and all your help.
DDS.TXT:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Hicham at 15:06:15.71 on Sat 01/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.322 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\norton~1\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\Promon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Athan\Athan.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Hicham\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Flash Module: {87c0ba52-f363-4419-8ac1-d7270a668687} - ktask.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\hicham\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [A00F25A4B.exe] c:\docume~1\hicham\locals~1\temp\_A00F25A4B.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [Promon.exe] Promon.exe
mRun: [ConfigSafe] c:\cfgsafe\NTFSCLUP.EXE
mRun: [CSScheduleCheck] c:\cfgsafe\SCHWIZEX.EXE -CHECK
mRun: [NAV Agent] c:\progra~1\norton~1\navapw32.exe
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?fa837bffc6d2402e9b55f929014740bf
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?fa837bffc6d2402e9b55f929014740bf
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} - hxxps://my.sabre.com/jars/TMinReqX.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192976377827
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192976563873
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: c061bc90517 - c:\windows\system32\dplayx32.dll
Notify: UpdateNf - updatenf.dll
Notify: __c00AB949 - c:\windows\system32\__c00AB949.dat
AppInit_DLLs: c:\windows\system32\dplayx32.dll
SEH: ShowHook Class: {1dd7cbed-2f05-11d3-a521-00400514c916} - c:\cfgsafe\CSHOOK.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hicham\applic~1\mozilla\firefox\profiles\qbmmqpd4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
============= SERVICES / DRIVERS ===============
R3 NAVAP;NAVAP;c:\windows\system32\drivers\NAVAP.SYS [2001-8-3 182896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071205.009\NAVENG.Sys [2007-12-9 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071205.009\NavEx15.Sys [2007-12-9 865904]
R4 navapsvc;Norton AntiVirus Auto Protect Service;c:\progra~1\norton~1\navapsvc.exe [2001-8-16 115792]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-8 33752]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S4 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-11-29 113952]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]
============== File Associations ===============
scrfile="%1" %*
=============== Created Last 30 ================
2009-01-23 20:27 6,565 a------- c:\windows\GnuHashes.ini
2009-01-23 20:20 24,576 a------- c:\windows\system32\__c00AB949.dat
2009-01-23 20:19 1,599 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-01-23 20:19 <DIR> --dsh--- c:\windows\system32\GroupPolicyManifest
2009-01-23 20:19 373,760 a--sh--- c:\windows\system32\1.tmp
2009-01-20 20:59 135,168 a------- c:\windows\system32\dplayx32.dll
2009-01-20 20:32 <DIR> --d----- c:\program files\Bonjour
2009-01-20 20:27 16 a------- c:\windows\system32\api.dat
2009-01-20 20:27 297,472 a------- c:\windows\system32\raidmg.dll
2009-01-20 20:27 43,520 a------- c:\windows\system32\updatenf.dll
2009-01-20 20:27 162,304 a------- c:\windows\system32\api32.dll
2009-01-20 20:09 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-01-20 13:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-20 13:43 <DIR> --d----- c:\documents and settings\hicham\DesktopWinZip
2009-01-20 10:49 <DIR> --d----- c:\docume~1\hicham\applic~1\LimeWire
2009-01-20 10:48 <DIR> --d----- c:\program files\LimeWire
==================== Find3M ====================
2009-01-20 21:01 1,744 a------- c:\windows\system32\d3d9caps.dat
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-07 16:45 2,174,976 -------- c:\windows\system32\dllcache\WMVCore.dll
2008-04-24 16:51 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-08-30 15:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat
============= FINISH: 15:08:57.57 ===============
Attached Files
Edited by KoanYorel, 24 January 2009 - 04:58 PM.
To disable hot link URL above