1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Not sure if I'm infected or computer just acting up?

Discussion in 'Virus & Other Malware Removal' started by Emmaline3435, Jan 10, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    My computer was designed for Vista but it was downgraded to XP.
    In the past few days it has been acting jerky - when playing mp3s every now and then it would skip (similar to a CD skipping) and the mouse would drag across the screen. At first I ignored it but it got progressively worse until it would take a few seconds to select something. I couldn't find anything wrong but then command prompt flashed up and then disappeared again, and I opened task manager I noticed these programs running which I've never seen before:
    mshta.exe
    hotfixinstaller.exe
    and at least two instances of mscorsvw.exe at the same time.

    This started happening after I was redirected from a link on Google to an unknown site.

    My antivirus (Norman) and Malwarebytes didn't pick anything up.

    This has never happened before and now it's acting normal again, I was wondering if it's malware or just a glitch?

    Here is the Hijack This log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:54:44 PM, on 10/01/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    C:\Program Files\Norman\Ngs\Bin\Nnf.exe
    C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\Program Files\Norman\npm\bin\nvoy.exe
    C:\Program Files\Norman\npf\bin\npfsvc32.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Norman\Nvc\bin\nhs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Norman\Npm\Bin\scheduler.exe
    C:\Program Files\Norman\Npm\Bin\Njeeves.exe
    C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
    C:\Documents and Settings\Admin\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband\bpwbb2ad.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
    O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe" -tsr
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-73586283-1580818891-1801674531-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Admin')
    O4 - HKUS\S-1-5-21-73586283-1580818891-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Admin')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Norman Hash Server (NHS) - Unknown owner - C:\Program Files\Norman\Nvc\bin\nhs.exe
    O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
    O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
    O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
    O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
    O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

    --
    End of file - 7250 bytes
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,916
    First Name:
    Karen
    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.


    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  3. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    Here's the dds log, and I zipped and attached the attach log. My browser wouldn't open the site for the second program.

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Computer Admin at 22:32:34 on 2013-01-14
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2940.2500 [GMT 10.5:30]
    .
    AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
    FW: Norman Security Suite *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    C:\Program Files\Norman\Ngs\Bin\Nnf.exe
    C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\Program Files\Norman\npm\bin\nvoy.exe
    C:\Program Files\Norman\npf\bin\npfsvc32.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Norman\Nvc\bin\nhs.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Norman\Npm\Bin\Njeeves.exe
    C:\Program Files\Norman\Npm\Bin\scheduler.exe
    C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Norman\Npm\Bin\ZLH.EXE
    C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Norman\Nvc\Bin\cclaw.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: BigPond Wireless Broadband 2.0 Auto Dial: {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - c:\program files\telstra\bigpond wireless broadband\bpwbb2ad.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
    mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband\BigPond_CM.exe" -tsr
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\computer admin\application data\mozilla\firefox\profiles\5z8isnmw.default\
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iastor8;iastor8;c:\windows\system32\drivers\iastor8.sys [2011-2-15 354840]
    R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-2-15 13616]
    R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-2-15 5632]
    R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-2-15 13616]
    R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2011-5-9 46816]
    R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2011-5-9 26744]
    R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2011-5-9 91136]
    R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2011-5-9 457048]
    R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\ndiskio.sys [2011-5-9 22880]
    R2 NHS;Norman Hash Server;c:\program files\norman\nvc\bin\nhs.exe [2012-6-2 793520]
    R2 NNFSVC;Norman Network Filtering service;c:\program files\norman\ngs\bin\nnf.exe [2011-5-9 231216]
    R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\zanda.exe [2010-5-19 431320]
    R2 NPFSvc32;Norman Personal Firewall Service;c:\program files\norman\npf\bin\npfsvc32.exe [2011-5-9 356904]
    R2 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2011-5-9 90144]
    R2 nregsec;Norman Registry Security driver;c:\program files\norman\ngs\bin\nregsec.sys [2011-5-9 61496]
    R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2011-5-9 100936]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-4-29 5888]
    R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2011-5-9 53928]
    R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\norman\ngs\bin\nnetsecc.sys [2011-5-9 53160]
    R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\nsesvc.exe [2012-8-23 288104]
    R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\nvcoas.exe [2012-7-5 287312]
    R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2011-5-9 99312]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-9 7680]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-5-9 114688]
    S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-7 153600]
    S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-7 121856]
    .
    =============== Created Last 30 ================
    .
    2013-01-10 13:13:04 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-01-10 11:58:56 -------- d-----w- c:\windows\pss
    2013-01-09 16:34:43 -------- d-----w- C:\27f345087e8d496825385a5156f375e3
    .
    ==================== Find3M ====================
    .
    2013-01-10 13:13:14 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-10 13:13:14 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-29 08:31:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-29 08:31:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-29 08:31:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-29 08:31:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:15:50 920064 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:15:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-10-31 23:39:31 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 22:33:05.20 ===============
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,916
    First Name:
    Karen
    You didn't attach the second log from DDS but please just copy and paste it in a reply for easier reference rather than attaching it.

    Also, please do the following:

    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  5. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    Here is the attach log
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/04/2011 4:01:15 AM
    System Uptime: 14/01/2013 10:29:19 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel Pentium III Xeon processor | CPU | 1994/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 52.098 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Modem Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11790001&REV_1002\4&1760F043&0&0101
    Manufacturer:
    Name: Modem Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11790001&REV_1002\4&1760F043&0&0101
    Service:
    .
    ==== System Restore Points ===================
    .
    RP241: 23/10/2012 10:42:43 PM - System Checkpoint
    RP242: 10/11/2012 12:19:26 PM - System Checkpoint
    RP243: 11/11/2012 8:58:11 PM - System Checkpoint
    RP244: 12/11/2012 9:23:56 PM - System Checkpoint
    RP245: 14/11/2012 6:01:07 PM - System Checkpoint
    RP246: 15/11/2012 8:24:18 PM - Software Distribution Service 3.0
    RP247: 19/11/2012 4:40:05 PM - System Checkpoint
    RP248: 23/11/2012 8:05:06 PM - System Checkpoint
    RP249: 26/11/2012 7:07:05 PM - System Checkpoint
    RP250: 29/11/2012 7:01:27 PM - Installed Java 7 Update 9
    RP251: 4/12/2012 9:48:31 PM - System Checkpoint
    RP252: 9/12/2012 7:35:29 PM - System Checkpoint
    RP253: 13/12/2012 8:37:23 PM - System Checkpoint
    RP254: 14/12/2012 1:19:07 PM - Software Distribution Service 3.0
    RP255: 19/12/2012 6:21:19 PM - System Checkpoint
    RP256: 22/12/2012 1:43:09 AM - Software Distribution Service 3.0
    RP257: 26/12/2012 12:34:38 PM - System Checkpoint
    RP258: 30/12/2012 12:07:17 AM - System Checkpoint
    RP259: 2/01/2013 4:54:12 PM - System Checkpoint
    RP260: 3/01/2013 6:01:59 PM - System Checkpoint
    RP261: 5/01/2013 3:57:38 PM - Software Distribution Service 3.0
    RP262: 9/01/2013 8:21:14 PM - System Checkpoint
    RP263: 10/01/2013 3:00:23 AM - Software Distribution Service 3.0
    RP264: 10/01/2013 2:17:46 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.3.1
    Atheros Driver Installation Program
    BigPond Broadband ADSL
    BigPond Wireless Broadband
    Compatibility Pack for the 2007 Office system
    EPSON Scan
    EPSON TX120 NX120 Series Manual
    EPSON TX120 NX120 Series Printer Uninstall
    Google Update Helper
    Guitar Pro 5.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Intel(R) Graphics Media Accelerator Driver
    iriver plus 3 (remove only)
    Japanese Language Support
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office XP Professional with FrontPage
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    Norman Security Suite
    OpenAL
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    REALTEK RTL8187B Wireless LAN Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB941569)
    Segoe UI
    TOSHIBA Controls
    Unlocker 1.9.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB971029)
    VCRedistSetup
    WebFldrs XP
    Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
    Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
    Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
    Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinZip 15.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/01/2013 9:17:06 PM, error: Dhcp [1002] - The IP address lease 58.165.67.150 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 58.165.81.138 (The DHCP Server sent a DHCPNACK message).
    9/01/2013 11:40:45 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    8/01/2013 8:52:57 PM, error: Dhcp [1002] - The IP address lease 58.165.23.77 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 124.185.47.5 (The DHCP Server sent a DHCPNACK message).
    8/01/2013 12:43:11 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/01/2013 12:43:11 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    8/01/2013 12:22:03 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
    8/01/2013 12:13:12 AM, error: Service Control Manager [7016] - The Norman Scanner Engine Service service has reported an invalid current state 0.
    7/01/2013 11:47:15 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
    7/01/2013 11:47:11 PM, error: Dhcp [1002] - The IP address lease 58.170.105.156 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 124.181.17.153 (The DHCP Server sent a DHCPNACK message).
    10/01/2013 3:08:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm NGS
    10/01/2013 3:07:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/01/2013 3:01:02 AM, error: Dhcp [1002] - The IP address lease 58.165.81.137 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 60.231.3.205 (The DHCP Server sent a DHCPNACK message).
    10/01/2013 1:29:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/01/2013 1:16:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips iastor8 intelppm NGS
    10/01/2013 1:14:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================

    And here is the TDSSKiller log file
    17:26:10.0078 1264 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    17:26:12.0078 1264 ============================================================
    17:26:12.0078 1264 Current date / time: 2013/01/15 17:26:12.0078
    17:26:12.0078 1264 SystemInfo:
    17:26:12.0078 1264
    17:26:12.0078 1264 OS Version: 5.1.2600 ServicePack: 3.0
    17:26:12.0078 1264 Product type: Workstation
    17:26:12.0078 1264 ComputerName: EMCOMPUTER
    17:26:12.0078 1264 UserName: Computer Admin
    17:26:12.0078 1264 Windows directory: C:\WINDOWS
    17:26:12.0078 1264 System windows directory: C:\WINDOWS
    17:26:12.0078 1264 Processor architecture: Intel x86
    17:26:12.0078 1264 Number of processors: 2
    17:26:12.0078 1264 Page size: 0x1000
    17:26:12.0078 1264 Boot type: Normal boot
    17:26:12.0078 1264 ============================================================
    17:26:13.0375 1264 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    17:26:13.0390 1264 ============================================================
    17:26:13.0390 1264 \Device\Harddisk0\DR0:
    17:26:13.0390 1264 MBR partitions:
    17:26:13.0390 1264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E0321
    17:26:13.0390 1264 ============================================================
    17:26:13.0406 1264 C: <-> \Device\Harddisk0\DR0\Partition1
    17:26:13.0406 1264 ============================================================
    17:26:13.0406 1264 Initialize success
    17:26:13.0406 1264 ============================================================
    17:26:30.0171 3596 ============================================================
    17:26:30.0171 3596 Scan started
    17:26:30.0171 3596 Mode: Manual;
    17:26:30.0171 3596 ============================================================
    17:26:30.0296 3596 ================ Scan system memory ========================
    17:26:31.0125 3596 System memory - ok
    17:26:31.0125 3596 ================ Scan services =============================
    17:26:31.0265 3596 Abiosdsk - ok
    17:26:31.0265 3596 abp480n5 - ok
    17:26:31.0296 3596 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:26:31.0390 3596 ACPI - ok
    17:26:31.0406 3596 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    17:26:31.0437 3596 ACPIEC - ok
    17:26:31.0515 3596 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    17:26:31.0640 3596 AdobeFlashPlayerUpdateSvc - ok
    17:26:31.0640 3596 adpu160m - ok
    17:26:31.0671 3596 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    17:26:31.0718 3596 aec - ok
    17:26:31.0750 3596 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    17:26:31.0796 3596 AFD - ok
    17:26:31.0812 3596 Aha154x - ok
    17:26:31.0812 3596 aic78u2 - ok
    17:26:31.0812 3596 aic78xx - ok
    17:26:31.0843 3596 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    17:26:31.0890 3596 Alerter - ok
    17:26:31.0906 3596 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    17:26:32.0046 3596 ALG - ok
    17:26:32.0046 3596 AliIde - ok
    17:26:32.0046 3596 amsint - ok
    17:26:32.0093 3596 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    17:26:32.0171 3596 AppMgmt - ok
    17:26:32.0234 3596 [ 0297AF4B89769159058B996C21218421 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
    17:26:32.0343 3596 AR5416 - ok
    17:26:32.0343 3596 asc - ok
    17:26:32.0343 3596 asc3350p - ok
    17:26:32.0359 3596 asc3550 - ok
    17:26:32.0437 3596 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    17:26:32.0531 3596 aspnet_state - ok
    17:26:32.0578 3596 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:26:32.0609 3596 AsyncMac - ok
    17:26:32.0609 3596 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
    17:26:32.0687 3596 atapi - ok
    17:26:32.0687 3596 Atdisk - ok
    17:26:32.0718 3596 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:26:32.0781 3596 Atmarpc - ok
    17:26:32.0812 3596 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    17:26:32.0875 3596 AudioSrv - ok
    17:26:32.0906 3596 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:26:32.0937 3596 audstub - ok
    17:26:32.0968 3596 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    17:26:33.0000 3596 Beep - ok
    17:26:33.0046 3596 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    17:26:33.0343 3596 BITS - ok
    17:26:33.0390 3596 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    17:26:33.0421 3596 Browser - ok
    17:26:33.0437 3596 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:26:33.0468 3596 cbidf2k - ok
    17:26:33.0484 3596 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:26:33.0500 3596 CCDECODE - ok
    17:26:33.0500 3596 cd20xrnt - ok
    17:26:33.0531 3596 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:26:33.0546 3596 Cdaudio - ok
    17:26:33.0593 3596 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    17:26:33.0609 3596 Cdfs - ok
    17:26:33.0625 3596 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:26:33.0656 3596 Cdrom - ok
    17:26:33.0671 3596 Changer - ok
    17:26:33.0687 3596 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    17:26:33.0718 3596 CiSvc - ok
    17:26:33.0718 3596 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    17:26:33.0781 3596 ClipSrv - ok
    17:26:33.0843 3596 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:26:34.0000 3596 clr_optimization_v2.0.50727_32 - ok
    17:26:34.0046 3596 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    17:26:34.0062 3596 CmBatt - ok
    17:26:34.0062 3596 CmdIde - ok
    17:26:34.0078 3596 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    17:26:34.0093 3596 Compbatt - ok
    17:26:34.0093 3596 COMSysApp - ok
    17:26:34.0109 3596 Cpqarray - ok
    17:26:34.0125 3596 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    17:26:34.0156 3596 CryptSvc - ok
    17:26:34.0156 3596 dac2w2k - ok
    17:26:34.0171 3596 dac960nt - ok
    17:26:34.0203 3596 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    17:26:34.0218 3596 DcomLaunch - ok
    17:26:34.0234 3596 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    17:26:34.0281 3596 Dhcp - ok
    17:26:34.0281 3596 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    17:26:34.0312 3596 Disk - ok
    17:26:34.0312 3596 dmadmin - ok
    17:26:34.0343 3596 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    17:26:34.0406 3596 dmboot - ok
    17:26:34.0453 3596 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    17:26:34.0500 3596 dmio - ok
    17:26:34.0515 3596 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    17:26:34.0531 3596 dmload - ok
    17:26:34.0562 3596 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    17:26:34.0578 3596 dmserver - ok
    17:26:34.0609 3596 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    17:26:34.0656 3596 DMusic - ok
    17:26:34.0671 3596 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    17:26:34.0703 3596 Dnscache - ok
    17:26:34.0718 3596 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    17:26:34.0937 3596 Dot3svc - ok
    17:26:34.0937 3596 dpti2o - ok
    17:26:34.0953 3596 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    17:26:34.0968 3596 drmkaud - ok
    17:26:35.0000 3596 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    17:26:35.0031 3596 EapHost - ok
    17:26:35.0125 3596 [ 05CC05C83EFAE4E98EEAE223DC22234F ] eLoggerSvc6 C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    17:26:35.0250 3596 eLoggerSvc6 - ok
    17:26:35.0296 3596 [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    17:26:35.0515 3596 EPSON_EB_RPCV4_04 - ok
    17:26:35.0515 3596 [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    17:26:35.0562 3596 EPSON_PM_RPCV4_04 - ok
    17:26:35.0562 3596 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    17:26:35.0593 3596 ERSvc - ok
    17:26:35.0625 3596 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    17:26:35.0796 3596 Eventlog - ok
    17:26:35.0812 3596 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    17:26:35.0875 3596 EventSystem - ok
    17:26:35.0921 3596 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    17:26:35.0953 3596 Fastfat - ok
    17:26:35.0984 3596 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    17:26:36.0031 3596 FastUserSwitchingCompatibility - ok
    17:26:36.0031 3596 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    17:26:36.0062 3596 Fdc - ok
    17:26:36.0062 3596 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    17:26:36.0093 3596 Fips - ok
    17:26:36.0109 3596 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    17:26:36.0125 3596 Flpydisk - ok
    17:26:36.0156 3596 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    17:26:36.0203 3596 FltMgr - ok
    17:26:36.0265 3596 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    17:26:36.0296 3596 FontCache3.0.0.0 - ok
    17:26:36.0328 3596 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:26:36.0343 3596 Fs_Rec - ok
    17:26:36.0359 3596 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:26:36.0375 3596 Ftdisk - ok
    17:26:36.0390 3596 [ 4D52C52101492C450518124C592D8925 ] FwLnk C:\WINDOWS\system32\DRIVERS\FwLnk.sys
    17:26:36.0421 3596 FwLnk - ok
    17:26:36.0453 3596 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:26:36.0500 3596 Gpc - ok
    17:26:36.0500 3596 gupdate - ok
    17:26:36.0500 3596 gupdatem - ok
    17:26:36.0515 3596 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    17:26:36.0578 3596 HDAudBus - ok
    17:26:36.0640 3596 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    17:26:36.0671 3596 helpsvc - ok
    17:26:36.0718 3596 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    17:26:36.0734 3596 HidServ - ok
    17:26:36.0765 3596 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:26:36.0781 3596 HidUsb - ok
    17:26:36.0812 3596 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    17:26:36.0859 3596 hkmsvc - ok
    17:26:36.0859 3596 hpn - ok
    17:26:36.0890 3596 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    17:26:36.0968 3596 HTTP - ok
    17:26:37.0000 3596 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    17:26:37.0046 3596 HTTPFilter - ok
    17:26:37.0046 3596 i2omgmt - ok
    17:26:37.0046 3596 i2omp - ok
    17:26:37.0078 3596 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:26:37.0109 3596 i8042prt - ok
    17:26:37.0296 3596 [ F592A1B020723CFBD3D2722514066449 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    17:26:37.0750 3596 ialm - ok
    17:26:37.0796 3596 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
    17:26:37.0796 3596 iaStor - ok
    17:26:37.0828 3596 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iastor8 C:\WINDOWS\system32\drivers\iastor8.sys
    17:26:37.0828 3596 iastor8 - ok
    17:26:37.0921 3596 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    17:26:38.0109 3596 idsvc - ok
    17:26:38.0125 3596 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:26:38.0156 3596 Imapi - ok
    17:26:38.0171 3596 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    17:26:38.0359 3596 ImapiService - ok
    17:26:38.0359 3596 ini910u - ok
    17:26:38.0484 3596 [ FEBB470BF0DE4DBEBBF72B79DF993C5F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    17:26:38.0859 3596 IntcAzAudAddService - ok
    17:26:38.0875 3596 IntelIde - ok
    17:26:38.0875 3596 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    17:26:38.0906 3596 intelppm - ok
    17:26:38.0921 3596 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    17:26:38.0968 3596 Ip6Fw - ok
    17:26:38.0984 3596 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:26:39.0046 3596 IpFilterDriver - ok
    17:26:39.0046 3596 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:26:39.0078 3596 IpInIp - ok
    17:26:39.0109 3596 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:26:39.0140 3596 IpNat - ok
    17:26:39.0156 3596 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:26:39.0218 3596 IPSec - ok
    17:26:39.0250 3596 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:26:39.0281 3596 IRENUM - ok
    17:26:39.0312 3596 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:26:39.0343 3596 isapnp - ok
    17:26:39.0406 3596 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    17:26:39.0484 3596 JavaQuickStarterService - ok
    17:26:39.0515 3596 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:26:39.0546 3596 Kbdclass - ok
    17:26:39.0562 3596 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    17:26:39.0593 3596 kbdhid - ok
    17:26:39.0625 3596 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    17:26:39.0671 3596 kmixer - ok
    17:26:39.0703 3596 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    17:26:39.0734 3596 KSecDD - ok
    17:26:39.0765 3596 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    17:26:39.0812 3596 LanmanServer - ok
    17:26:39.0828 3596 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    17:26:39.0890 3596 lanmanworkstation - ok
    17:26:39.0890 3596 lbrtfdc - ok
    17:26:39.0921 3596 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    17:26:39.0953 3596 LmHosts - ok
    17:26:39.0984 3596 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\WINDOWS\system32\DRIVERS\mcvidrv.sys
    17:26:40.0046 3596 ManyCam - ok
    17:26:40.0078 3596 [ 59F57B06D1E3C7A3F22D62C7C5B4C3C3 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
    17:26:40.0109 3596 massfilter - ok
    17:26:40.0109 3596 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\WINDOWS\system32\drivers\mcaudrv.sys
    17:26:40.0156 3596 mcaudrv_simple - ok
    17:26:40.0171 3596 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    17:26:40.0234 3596 Messenger - ok
    17:26:40.0265 3596 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    17:26:40.0296 3596 mnmdd - ok
    17:26:40.0328 3596 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    17:26:40.0375 3596 mnmsrvc - ok
    17:26:40.0390 3596 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    17:26:40.0421 3596 Modem - ok
    17:26:40.0437 3596 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:26:40.0468 3596 Mouclass - ok
    17:26:40.0500 3596 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:26:40.0531 3596 mouhid - ok
    17:26:40.0562 3596 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    17:26:40.0609 3596 MountMgr - ok
    17:26:40.0656 3596 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    17:26:40.0750 3596 MozillaMaintenance - ok
    17:26:40.0750 3596 mraid35x - ok
    17:26:40.0765 3596 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:26:40.0828 3596 MRxDAV - ok
    17:26:40.0890 3596 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:26:40.0937 3596 MRxSmb - ok
    17:26:40.0968 3596 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    17:26:41.0000 3596 MSDTC - ok
    17:26:41.0015 3596 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    17:26:41.0046 3596 Msfs - ok
    17:26:41.0046 3596 MSIServer - ok
    17:26:41.0062 3596 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:26:41.0078 3596 MSKSSRV - ok
    17:26:41.0078 3596 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:26:41.0109 3596 MSPCLOCK - ok
    17:26:41.0125 3596 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    17:26:41.0140 3596 MSPQM - ok
    17:26:41.0156 3596 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:26:41.0171 3596 mssmbios - ok
    17:26:41.0187 3596 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    17:26:41.0218 3596 MSTEE - ok
    17:26:41.0218 3596 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    17:26:41.0250 3596 Mup - ok
    17:26:41.0265 3596 [ 4578F2D91309BC360B4F67C8A513BC77 ] mv61xxmm C:\WINDOWS\system32\drivers\mv61xxmm.sys
    17:26:41.0281 3596 mv61xxmm - ok
    17:26:41.0281 3596 [ 6090786DAA545A3EC7D34A46A8CD1661 ] mv64xxmm C:\WINDOWS\system32\drivers\mv64xxmm.sys
    17:26:41.0296 3596 mv64xxmm - ok
    17:26:41.0312 3596 [ F3376EFEC7D3FD00F577067AD2A0B194 ] mvxxmm C:\WINDOWS\system32\drivers\mvxxmm.sys
    17:26:41.0328 3596 mvxxmm - ok
    17:26:41.0343 3596 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:26:41.0390 3596 NABTSFEC - ok
    17:26:41.0421 3596 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    17:26:41.0609 3596 napagent - ok
    17:26:41.0640 3596 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    17:26:41.0671 3596 NDIS - ok
    17:26:41.0687 3596 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:26:41.0718 3596 NdisIP - ok
    17:26:41.0781 3596 [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS
    17:26:41.0796 3596 Ndiskio - ok
    17:26:41.0828 3596 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:26:41.0843 3596 NdisTapi - ok
    17:26:41.0890 3596 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:26:41.0906 3596 Ndisuio - ok
    17:26:41.0921 3596 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:26:41.0968 3596 NdisWan - ok
    17:26:41.0968 3596 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    17:26:42.0015 3596 NDProxy - ok
    17:26:42.0031 3596 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:26:42.0046 3596 NetBIOS - ok
    17:26:42.0062 3596 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:26:42.0109 3596 NetBT - ok
    17:26:42.0140 3596 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    17:26:42.0281 3596 NetDDE - ok
    17:26:42.0281 3596 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    17:26:42.0281 3596 NetDDEdsdm - ok
    17:26:42.0328 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    17:26:42.0343 3596 Netlogon - ok
    17:26:42.0359 3596 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    17:26:42.0406 3596 Netman - ok
    17:26:42.0453 3596 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:26:42.0468 3596 NetTcpPortSharing - ok
    17:26:42.0546 3596 [ 0D439F6337ADC15B1393060D108CA8D8 ] NGS c:\program files\norman\ngs\bin\ngs.sys
    17:26:42.0578 3596 NGS - ok
    17:26:42.0640 3596 [ AF6AF4685FBA9EF80589B688C231CBAA ] NHS C:\Program Files\Norman\Nvc\bin\nhs.exe
    17:26:42.0937 3596 NHS - ok
    17:26:42.0953 3596 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    17:26:42.0953 3596 Nla - ok
    17:26:42.0968 3596 [ A22F51BC86AC93A69163B5A296AA0EF0 ] nnetsec C:\WINDOWS\system32\DRIVERS\nnetsec.sys
    17:26:43.0000 3596 nnetsec - ok
    17:26:43.0000 3596 [ 7FF3CF57660E17B928D78D8F086E9912 ] NNetSecC C:\Program Files\Norman\ngs\bin\nnetsecc.sys
    17:26:43.0046 3596 NNetSecC - ok
    17:26:43.0062 3596 [ EFB8638C018CD428B9DD78B7F89E2FAF ] NNFSVC C:\Program Files\Norman\Ngs\Bin\Nnf.exe
    17:26:43.0265 3596 NNFSVC - ok
    17:26:43.0312 3596 [ C4D2D678F08F11F0EDB3BB4E89CE2B7A ] Norman NJeeves C:\Program Files\Norman\Npm\Bin\Njeeves.exe
    17:26:43.0468 3596 Norman NJeeves - ok
    17:26:43.0500 3596 [ 88CA218696CF13B260DB003787AB65AE ] Norman ZANDA C:\Program Files\Norman\Npm\Bin\Zanda.exe
    17:26:43.0718 3596 Norman ZANDA - ok
    17:26:43.0765 3596 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    17:26:43.0781 3596 Npfs - ok
    17:26:43.0796 3596 [ 6B4345BA4059D72026D3B530F6A675A5 ] NPFSvc32 C:\Program Files\Norman\npf\bin\npfsvc32.exe
    17:26:44.0000 3596 NPFSvc32 - ok
    17:26:44.0046 3596 [ 0FDDFE0CF41B5EB87689E465E34DDD18 ] NPROSEC C:\Program Files\Norman\Ngs\Bin\nprosec.sys
    17:26:44.0093 3596 NPROSEC - ok
    17:26:44.0109 3596 [ A7C274DAB79D0F50BD4202A678684A71 ] NPROSECSVC C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
    17:26:44.0265 3596 NPROSECSVC - ok
    17:26:44.0281 3596 [ 82A058999D0CFB5C285FC22856E235C2 ] nregsec C:\Program Files\Norman\Ngs\Bin\nregsec.sys
    17:26:44.0328 3596 nregsec - ok
    17:26:44.0343 3596 [ 8634779EC283D55EEAFA9101733C6E93 ] nsesvc C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
    17:26:44.0531 3596 nsesvc - ok
    17:26:44.0562 3596 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    17:26:44.0640 3596 Ntfs - ok
    17:26:44.0656 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    17:26:44.0656 3596 NtLmSsp - ok
    17:26:44.0687 3596 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    17:26:44.0750 3596 NtmsSvc - ok
    17:26:44.0781 3596 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    17:26:44.0796 3596 Null - ok
    17:26:44.0812 3596 [ 82A6CB5DB459404678127D55E26ED440 ] NvcMFlt C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
    17:26:44.0843 3596 NvcMFlt - ok
    17:26:44.0890 3596 [ FF04B683F1260468789804C95077E1D4 ] nvcoas C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
    17:26:45.0093 3596 nvcoas - ok
    17:26:45.0140 3596 [ 98CDB972FD946B904CD1C6D5ECF2E878 ] NVOY C:\Program Files\Norman\npm\bin\nvoy.exe
    17:26:45.0234 3596 NVOY - ok
    17:26:45.0265 3596 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:26:45.0281 3596 NwlnkFlt - ok
    17:26:45.0296 3596 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:26:45.0328 3596 NwlnkFwd - ok
    17:26:45.0359 3596 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    17:26:45.0406 3596 Parport - ok
    17:26:45.0421 3596 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    17:26:45.0453 3596 PartMgr - ok
    17:26:45.0468 3596 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    17:26:45.0484 3596 ParVdm - ok
    17:26:45.0515 3596 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys
    17:26:45.0546 3596 PCASp50 - ok
    17:26:45.0562 3596 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    17:26:45.0593 3596 PCI - ok
    17:26:45.0593 3596 PCIDump - ok
    17:26:45.0593 3596 PCIIde - ok
    17:26:45.0609 3596 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:26:45.0656 3596 Pcmcia - ok
    17:26:45.0656 3596 PDCOMP - ok
    17:26:45.0656 3596 PDFRAME - ok
    17:26:45.0671 3596 PDRELI - ok
    17:26:45.0671 3596 PDRFRAME - ok
    17:26:45.0671 3596 perc2 - ok
    17:26:45.0687 3596 perc2hib - ok
    17:26:45.0718 3596 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    17:26:45.0718 3596 PlugPlay - ok
    17:26:45.0734 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    17:26:45.0734 3596 PolicyAgent - ok
    17:26:45.0765 3596 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:26:45.0796 3596 PptpMiniport - ok
    17:26:45.0812 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    17:26:45.0812 3596 ProtectedStorage - ok
    17:26:45.0828 3596 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    17:26:45.0875 3596 PSched - ok
    17:26:45.0906 3596 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:26:45.0937 3596 Ptilink - ok
    17:26:45.0937 3596 ql1080 - ok
    17:26:45.0937 3596 Ql10wnt - ok
    17:26:45.0953 3596 ql12160 - ok
    17:26:45.0953 3596 ql1240 - ok
    17:26:45.0953 3596 ql1280 - ok
    17:26:45.0968 3596 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:26:45.0984 3596 RasAcd - ok
    17:26:46.0015 3596 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    17:26:46.0062 3596 RasAuto - ok
    17:26:46.0078 3596 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:26:46.0125 3596 Rasl2tp - ok
    17:26:46.0140 3596 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    17:26:46.0187 3596 RasMan - ok
    17:26:46.0187 3596 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:26:46.0234 3596 RasPppoe - ok
    17:26:46.0234 3596 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:26:46.0250 3596 Raspti - ok
    17:26:46.0265 3596 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:26:46.0296 3596 Rdbss - ok
    17:26:46.0296 3596 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:26:46.0328 3596 RDPCDD - ok
    17:26:46.0375 3596 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:26:46.0421 3596 rdpdr - ok
    17:26:46.0468 3596 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    17:26:46.0531 3596 RDPWD - ok
    17:26:46.0546 3596 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    17:26:46.0656 3596 RDSessMgr - ok
    17:26:46.0671 3596 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:26:46.0687 3596 redbook - ok
    17:26:46.0734 3596 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    17:26:46.0765 3596 RemoteAccess - ok
    17:26:46.0812 3596 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    17:26:46.0843 3596 RemoteRegistry - ok
    17:26:46.0859 3596 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    17:26:46.0953 3596 RpcLocator - ok
    17:26:46.0968 3596 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    17:26:46.0984 3596 RpcSs - ok
    17:26:47.0015 3596 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    17:26:47.0109 3596 RSVP - ok
    17:26:47.0140 3596 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    17:26:47.0187 3596 RTLE8023xp - ok
    17:26:47.0203 3596 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    17:26:47.0218 3596 SamSs - ok
    17:26:47.0234 3596 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    17:26:47.0359 3596 SCardSvr - ok
    17:26:47.0406 3596 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    17:26:47.0453 3596 Schedule - ok
    17:26:47.0500 3596 [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler C:\Program Files\Norman\Npm\Bin\scheduler.exe
    17:26:47.0656 3596 Scheduler - ok
    17:26:47.0687 3596 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:26:47.0703 3596 Secdrv - ok
    17:26:47.0734 3596 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    17:26:47.0750 3596 seclogon - ok
    17:26:47.0765 3596 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    17:26:47.0796 3596 SENS - ok
    17:26:47.0796 3596 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    17:26:47.0828 3596 Serial - ok
    17:26:47.0859 3596 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:26:47.0875 3596 Sfloppy - ok
    17:26:47.0890 3596 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    17:26:47.0968 3596 SharedAccess - ok
    17:26:47.0968 3596 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    17:26:47.0968 3596 ShellHWDetection - ok
    17:26:47.0984 3596 Simbad - ok
    17:26:48.0000 3596 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:26:48.0031 3596 SLIP - ok
    17:26:48.0031 3596 Sparrow - ok
    17:26:48.0046 3596 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    17:26:48.0062 3596 splitter - ok
    17:26:48.0093 3596 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    17:26:48.0218 3596 Spooler - ok
    17:26:48.0265 3596 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    17:26:48.0281 3596 sr - ok
    17:26:48.0296 3596 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    17:26:48.0343 3596 srservice - ok
    17:26:48.0406 3596 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    17:26:48.0468 3596 Srv - ok
    17:26:48.0484 3596 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    17:26:48.0531 3596 SSDPSRV - ok
    17:26:48.0578 3596 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    17:26:48.0640 3596 stisvc - ok
    17:26:48.0656 3596 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:26:48.0687 3596 streamip - ok
    17:26:48.0703 3596 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:26:48.0718 3596 swenum - ok
    17:26:48.0734 3596 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    17:26:48.0765 3596 swmidi - ok
    17:26:48.0765 3596 SwPrv - ok
    17:26:48.0781 3596 symc810 - ok
    17:26:48.0781 3596 symc8xx - ok
    17:26:48.0781 3596 sym_hi - ok
    17:26:48.0796 3596 sym_u3 - ok
    17:26:48.0828 3596 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    17:26:48.0859 3596 sysaudio - ok
    17:26:48.0875 3596 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    17:26:48.0984 3596 SysmonLog - ok
    17:26:49.0015 3596 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    17:26:49.0062 3596 TapiSrv - ok
    17:26:49.0109 3596 [ F01D70C9DCCA4C1B6ED794B0DDD1AE8F ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    17:26:49.0218 3596 TAPPSRV - ok
    17:26:49.0265 3596 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:26:49.0328 3596 Tcpip - ok
    17:26:49.0375 3596 [ 15B59A42B169A137B5F05D6644091C94 ] tdi_nf C:\WINDOWS\system32\drivers\tdi_nf.sys
    17:26:49.0437 3596 tdi_nf - ok
    17:26:49.0468 3596 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:26:49.0500 3596 TDPIPE - ok
    17:26:49.0515 3596 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    17:26:49.0546 3596 TDTCP - ok
    17:26:49.0562 3596 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:26:49.0593 3596 TermDD - ok
    17:26:49.0640 3596 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    17:26:49.0703 3596 TermService - ok
    17:26:49.0734 3596 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    17:26:49.0734 3596 Themes - ok
    17:26:49.0765 3596 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    17:26:49.0906 3596 TlntSvr - ok
    17:26:49.0906 3596 TosIde - ok
    17:26:49.0937 3596 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    17:26:49.0968 3596 TrkWks - ok
    17:26:49.0984 3596 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    17:26:50.0015 3596 Udfs - ok
    17:26:50.0015 3596 ultra - ok
    17:26:50.0078 3596 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
    17:26:50.0093 3596 UnlockerDriver5 - ok
    17:26:50.0140 3596 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    17:26:50.0171 3596 Update - ok
    17:26:50.0203 3596 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    17:26:50.0250 3596 upnphost - ok
    17:26:50.0281 3596 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    17:26:50.0359 3596 UPS - ok
    17:26:50.0375 3596 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:26:50.0406 3596 usbccgp - ok
    17:26:50.0453 3596 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:26:50.0484 3596 usbehci - ok
    17:26:50.0500 3596 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:26:50.0531 3596 usbhub - ok
    17:26:50.0562 3596 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:26:50.0593 3596 usbprint - ok
    17:26:50.0640 3596 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:26:50.0656 3596 usbscan - ok
    17:26:50.0656 3596 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:26:50.0687 3596 usbstor - ok
    17:26:50.0703 3596 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:26:50.0734 3596 usbuhci - ok
    17:26:50.0765 3596 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    17:26:50.0812 3596 usbvideo - ok
    17:26:50.0828 3596 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    17:26:50.0843 3596 VgaSave - ok
    17:26:50.0843 3596 ViaIde - ok
    17:26:50.0859 3596 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    17:26:50.0875 3596 VolSnap - ok
    17:26:50.0906 3596 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    17:26:51.0015 3596 VSS - ok
    17:26:51.0046 3596 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    17:26:51.0046 3596 W32Time - ok
    17:26:51.0046 3596 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:26:51.0078 3596 Wanarp - ok
    17:26:51.0093 3596 WDICA - ok
    17:26:51.0109 3596 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    17:26:51.0125 3596 wdmaud - ok
    17:26:51.0171 3596 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    17:26:51.0203 3596 WebClient - ok
    17:26:51.0281 3596 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    17:26:51.0375 3596 winmgmt - ok
    17:26:51.0421 3596 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    17:26:51.0453 3596 WmdmPmSN - ok
    17:26:51.0500 3596 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    17:26:51.0515 3596 Wmi - ok
    17:26:51.0531 3596 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    17:26:51.0640 3596 WmiApSrv - ok
    17:26:51.0734 3596 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    17:26:52.0000 3596 WMPNetworkSvc - ok
    17:26:52.0015 3596 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    17:26:52.0046 3596 WpdUsb - ok
    17:26:52.0078 3596 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:26:52.0093 3596 WS2IFSL - ok
    17:26:52.0140 3596 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    17:26:52.0171 3596 wscsvc - ok
    17:26:52.0203 3596 [ 21AC4F228F3D36876A42277C76A766C0 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
    17:26:52.0234 3596 WSIMD - ok
    17:26:52.0250 3596 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:26:52.0281 3596 WSTCODEC - ok
    17:26:52.0312 3596 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    17:26:52.0343 3596 wuauserv - ok
    17:26:52.0375 3596 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:26:52.0406 3596 WudfPf - ok
    17:26:52.0421 3596 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:26:52.0484 3596 WudfRd - ok
    17:26:52.0500 3596 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    17:26:52.0531 3596 WudfSvc - ok
    17:26:52.0546 3596 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    17:26:52.0640 3596 WZCSVC - ok
    17:26:52.0656 3596 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    17:26:52.0703 3596 xmlprov - ok
    17:26:52.0718 3596 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
    17:26:52.0750 3596 ZTEusbmdm6k - ok
    17:26:52.0750 3596 [ AFFB019346A4498DAE672663FBD0B716 ] ZTEusbnet C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
    17:26:52.0796 3596 ZTEusbnet - ok
    17:26:52.0812 3596 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
    17:26:52.0843 3596 ZTEusbnmea - ok
    17:26:52.0843 3596 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
    17:26:52.0875 3596 ZTEusbser6k - ok
    17:26:52.0890 3596 ================ Scan global ===============================
    17:26:52.0921 3596 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    17:26:52.0968 3596 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    17:26:53.0031 3596 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    17:26:53.0046 3596 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    17:26:53.0062 3596 [Global] - ok
    17:26:53.0062 3596 ================ Scan MBR ==================================
    17:26:53.0078 3596 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    17:26:53.0281 3596 \Device\Harddisk0\DR0 - ok
    17:26:53.0281 3596 ================ Scan VBR ==================================
    17:26:53.0281 3596 [ C0A338B3497E05861D3E2233F79B297C ] \Device\Harddisk0\DR0\Partition1
    17:26:53.0281 3596 \Device\Harddisk0\DR0\Partition1 - ok
    17:26:53.0281 3596 ============================================================
    17:26:53.0281 3596 Scan finished
    17:26:53.0281 3596 ============================================================
    17:26:53.0296 0704 Detected object count: 0
    17:26:53.0296 0704 Actual detected object count: 0
    17:27:45.0437 3280 Deinitialize success
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,916
    First Name:
    Karen
    Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

    Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

    http://www.eset.com/online-scanner

    Accept the Terms of Use and then press the Start button

    Allow the ActiveX control to be installed.

    Put a check by Remove found threats and then run the scan.

    When the scan is finished, you will see the results in a window.

    A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

    Open the log file with Notepad and copy and paste the contents here please.
     
  7. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    Here is the log, and thank your for all your help

    [email protected] as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=8
    # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6889
    # api_version=3.0.2
    # EOSSerial=eacd2c3edb19b346abdf472f2f9031ad
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2013-01-16 12:08:40
    # local_time=2013-01-16 10:38:40 (+0930, Cen. Australia Daylight Time)
    # country="Australia"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=5379 16777213 100 92 0 133571460 0 0
    # scanned=45150
    # found=0
    # cleaned=0
    # scan_time=2186
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,916
    First Name:
    Karen
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  9. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    OTL logfile created on: 17/01/2013 2:41:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Computer Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.59% Memory free 7.11 Gb Paging File | 6.58 Gb Available in Paging File | 92.62% Paging File free Paging file location(s): C:\pagefile.sys 4500 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.44 Gb Total Space | 52.17 Gb Free Space | 44.81% Space Free | Partition Type: NTFS Computer Name: EMCOMPUTER | User Name: Computer Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/17 14:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe PRC - [2012/12/03 17:26:06 | 000,350,120 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zlh.exe PRC - [2012/11/29 19:01:34 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/06/26 19:38:46 | 000,288,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\nsesvc.exe PRC - [2012/05/14 23:41:20 | 000,356,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe PRC - [2012/02/14 02:31:55 | 000,431,320 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zanda.exe PRC - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe PRC - [2011/11/14 20:57:02 | 000,231,216 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe PRC - [2011/10/28 17:51:00 | 000,125,152 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\nse.exe PRC - [2011/10/24 20:29:21 | 000,076,232 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe PRC - [2011/10/19 21:37:18 | 000,100,936 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe PRC - [2011/09/30 23:02:08 | 000,090,144 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe PRC - [2011/04/11 19:08:22 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe PRC - [2010/07/05 06:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2009/11/28 03:42:20 | 002,400,768 | ---- | M] (Telstra) -- C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe PRC - [2008/05/28 02:53:42 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe PRC - [2008/04/15 10:13:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe PRC - [2008/04/14 21:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/19 12:55:10 | 000,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe ========== Modules (No Company Name) ========== MOD - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe MOD - [2012/01/06 23:44:36 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Temp\CmdLineExt02.dll MOD - [2011/02/14 20:05:39 | 001,069,048 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\libxml2.dll MOD - [2010/10/18 20:35:24 | 010,896,384 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\nqtcore4.dll MOD - [2010/07/05 08:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2010/07/05 08:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2010/07/05 06:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe MOD - [2009/09/03 20:40:48 | 000,210,432 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\lua.dll MOD - [2007/04/04 11:51:34 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) SRV - [2013/01/10 23:44:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/10 23:14:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/29 19:01:34 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/06/28 21:38:14 | 000,287,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas) SRV - [2012/06/26 19:38:46 | 000,288,104 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\nsesvc.exe -- (nsesvc) SRV - [2012/05/14 23:41:20 | 000,356,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe -- (NPFSvc32) SRV - [2012/05/10 18:47:05 | 000,793,520 | ---- | M] () [Auto | Running] -- C:\Program Files\Norman\Nvc\Bin\nhs.exe -- (NHS) SRV - [2012/02/14 02:31:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\zanda.exe -- (Norman ZANDA) SRV - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\njeeves.exe -- (Norman NJeeves) SRV - [2011/11/14 20:57:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nnf.exe -- (NNFSVC) SRV - [2011/10/24 20:29:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6) SRV - [2011/10/19 21:37:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\nvoy.exe -- (NVOY) SRV - [2011/09/30 23:02:08 | 000,090,144 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe -- (NPROSECSVC) SRV - [2011/04/11 19:08:22 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler) SRV - [2009/09/14 23:30:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009/09/14 23:30:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) SRV - [2008/04/15 10:13:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/08/16 19:56:03 | 000,046,816 | ---- | M] (Norman ASA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt) DRV - [2012/02/22 21:04:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012/01/11 16:41:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011/12/02 21:13:21 | 000,053,160 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\Program Files\Norman\Ngs\Bin\nnetsecc.sys -- (NNetSecC) DRV - [2011/11/12 02:22:31 | 000,061,496 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec) DRV - [2011/11/12 02:18:19 | 000,091,136 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC) DRV - [2011/11/12 01:59:52 | 000,457,048 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdi_nf.sys -- (tdi_nf) DRV - [2011/08/26 18:33:28 | 000,053,928 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nnetsec.sys -- (nnetsec) DRV - [2011/07/12 21:06:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS) DRV - [2011/02/15 05:37:00 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm) DRV - [2011/02/15 05:37:00 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm) DRV - [2011/02/15 05:36:59 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm) DRV - [2011/02/15 05:36:56 | 000,354,840 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor8.sys -- (iastor8) DRV - [2010/12/09 21:18:03 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\ndiskio.sys -- (Ndiskio) DRV - [2010/07/05 06:21:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009/11/21 08:39:32 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009/11/21 08:39:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/11/21 08:39:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/11/21 08:39:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/09/06 11:35:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2009/09/06 11:35:08 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008/08/29 07:54:04 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/04/09 12:15:42 | 001,309,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/02/09 03:16:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2008/01/04 18:40:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/04/05 02:26:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 58 63 79 D5 F3 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/10 23:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/29 18:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer Admin\Application Data\Mozilla\Extensions [2012/11/29 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer Admin\Application Data\Mozilla\Firefox\Profiles\5z8isnmw.default\extensions [2012/12/10 23:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/10 23:14:26 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/06 19:19:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/11/29 18:34:09 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2008/04/14 21:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband\bpwbb2ad.dll (Telstra) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe (Telstra) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.134.49 61.9.133.193 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19EAEF9D-6F76-492B-8D58-4EC85FB12790}: DhcpNameServer = 61.9.134.49 61.9.133.193 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/24 04:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 14:36:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe [2013/01/16 21:07:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Computer Admin\PrivacIE [2013/01/15 17:24:11 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Computer Admin\Desktop\tdsskiller.exe [2013/01/14 23:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer Admin\Application Data\Malwarebytes [2013/01/14 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer Admin\Local Settings\Application Data\Sun [2013/01/14 22:32:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computer Admin\My Documents\My Videos [2013/01/14 22:32:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computer Admin\Start Menu\Programs\Administrative Tools [2013/01/10 23:43:04 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/01/10 22:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2013/01/10 03:05:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/01/10 03:04:43 | 000,000,000 | ---D | C] -- C:\27f345087e8d496825385a5156f375e3 [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/17 14:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/17 14:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe [2013/01/17 14:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/01/17 14:31:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/17 14:31:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/17 14:31:36 | 3082,801,152 | -HS- | M] () -- C:\hiberfil.sys [2013/01/17 00:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/01/15 17:25:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Computer Admin\Desktop\tdsskiller.exe [2013/01/10 23:43:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/10 23:43:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/10 23:43:05 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/01/10 14:20:06 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/10 14:20:06 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/10 03:04:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/01/08 22:44:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/01/06 16:03:28 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2012/12/22 16:55:52 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/10 22:39:14 | 3082,801,152 | -HS- | C] () -- C:\hiberfil.sys [2012/06/11 20:59:18 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2012/02/15 18:54:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/11/27 22:06:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/05/15 11:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/05/15 10:11:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll [2011/04/29 13:47:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2011/04/29 13:47:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [2011/04/29 13:41:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/04/29 13:41:06 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC1.dat [2011/04/29 13:41:06 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC0.dat [2011/04/29 13:41:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat [2011/04/29 13:41:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat [2011/04/29 13:41:06 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2011/04/29 13:41:06 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2011/04/29 13:36:57 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2011/04/29 13:36:57 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2011/04/29 13:36:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2011/04/29 13:34:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/04/24 05:01:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/04/24 04:56:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/04/23 21:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/04/23 21:51:33 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2011/09/01 11:49:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/15 05:20:42 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2011/02/15 05:20:05 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 21:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Extras logfile created on: 17/01/2013 2:41:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Computer Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.59% Memory free 7.11 Gb Paging File | 6.58 Gb Available in Paging File | 92.62% Paging File free Paging file location(s): C:\pagefile.sys 4500 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.44 Gb Total Space | 52.17 Gb Free Space | 44.81% Space Free | Partition Type: NTFS Computer Name: EMCOMPUTER | User Name: Computer Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĀµTorrent "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus / Vuze ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5 "{CDEDBC83-40F4-4C8B-9BA7-AA95F45246F9}" = BigPond Wireless Broadband "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007) "84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3) "8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7) "EPSON Scanner" = EPSON Scan "EPSON TX120 NX120 Series" = EPSON TX120 NX120 Series Printer Uninstall "EPSON TX120 NX120 Series Manual" = EPSON TX120 NX120 Series Manual "Guitar Pro 5_is1" = Guitar Pro 5.2 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "iriver plus 3" = iriver plus 3 (remove only) "JAIELangPack" = Japanese Language Support "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "OpenAL" = OpenAL "Unlocker" = Unlocker 1.9.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/01/2013 7:31:53 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 7:31:53 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 9:09:31 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. Error - 10/01/2013 9:13:30 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. Error - 10/01/2013 9:13:30 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 9:13:56 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 9:13:56 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. Error - 14/01/2013 8:58:11 AM | Computer Name = EMCOMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 15/01/2013 3:09:30 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. Error - 16/01/2013 7:09:38 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. [ System Events ] Error - 16/01/2013 7:06:33 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:09:03 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:11:17 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:14:33 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:19:03 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:25:32 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:32:33 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 8:35:48 AM | Computer Name = EMCOMPUTER | Source = Dhcp | ID = 1002 Description = The IP address lease 58.170.110.202 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 58.166.67.50 (The DHCP Server sent a DHCPNACK message). Error - 16/01/2013 8:35:52 AM | Computer Name = EMCOMPUTER | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. Error - 17/01/2013 12:04:37 AM | Computer Name = EMCOMPUTER | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. < End of report >
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,916
    First Name:
    Karen
    Oh my! I can't use the log all bunched up like that.

    Please open the log again in Notepad and then click on Format and make sure "word wrap" is unchecked. Then copy and paste the log here.
     
  11. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    Sorry about that! OTL logfile created on: 17/01/2013 2:41:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Computer Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.59% Memory free 7.11 Gb Paging File | 6.58 Gb Available in Paging File | 92.62% Paging File free Paging file location(s): C:\pagefile.sys 4500 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.44 Gb Total Space | 52.17 Gb Free Space | 44.81% Space Free | Partition Type: NTFS Computer Name: EMCOMPUTER | User Name: Computer Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/17 14:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe PRC - [2012/12/03 17:26:06 | 000,350,120 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zlh.exe PRC - [2012/11/29 19:01:34 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/06/26 19:38:46 | 000,288,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\nsesvc.exe PRC - [2012/05/14 23:41:20 | 000,356,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe PRC - [2012/02/14 02:31:55 | 000,431,320 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zanda.exe PRC - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe PRC - [2011/11/14 20:57:02 | 000,231,216 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe PRC - [2011/10/28 17:51:00 | 000,125,152 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\nse.exe PRC - [2011/10/24 20:29:21 | 000,076,232 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe PRC - [2011/10/19 21:37:18 | 000,100,936 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe PRC - [2011/09/30 23:02:08 | 000,090,144 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe PRC - [2011/04/11 19:08:22 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe PRC - [2010/07/05 06:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2009/11/28 03:42:20 | 002,400,768 | ---- | M] (Telstra) -- C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe PRC - [2008/05/28 02:53:42 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe PRC - [2008/04/15 10:13:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe PRC - [2008/04/14 21:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/19 12:55:10 | 000,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe ========== Modules (No Company Name) ========== MOD - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe MOD - [2012/01/06 23:44:36 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Temp\CmdLineExt02.dll MOD - [2011/02/14 20:05:39 | 001,069,048 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\libxml2.dll MOD - [2010/10/18 20:35:24 | 010,896,384 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\nqtcore4.dll MOD - [2010/07/05 08:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2010/07/05 08:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2010/07/05 06:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe MOD - [2009/09/03 20:40:48 | 000,210,432 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\lua.dll MOD - [2007/04/04 11:51:34 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) SRV - [2013/01/10 23:44:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/10 23:14:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/29 19:01:34 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/06/28 21:38:14 | 000,287,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas) SRV - [2012/06/26 19:38:46 | 000,288,104 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\nsesvc.exe -- (nsesvc) SRV - [2012/05/14 23:41:20 | 000,356,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe -- (NPFSvc32) SRV - [2012/05/10 18:47:05 | 000,793,520 | ---- | M] () [Auto | Running] -- C:\Program Files\Norman\Nvc\Bin\nhs.exe -- (NHS) SRV - [2012/02/14 02:31:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\zanda.exe -- (Norman ZANDA) SRV - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\njeeves.exe -- (Norman NJeeves) SRV - [2011/11/14 20:57:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nnf.exe -- (NNFSVC) SRV - [2011/10/24 20:29:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6) SRV - [2011/10/19 21:37:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\nvoy.exe -- (NVOY) SRV - [2011/09/30 23:02:08 | 000,090,144 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe -- (NPROSECSVC) SRV - [2011/04/11 19:08:22 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler) SRV - [2009/09/14 23:30:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009/09/14 23:30:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) SRV - [2008/04/15 10:13:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/08/16 19:56:03 | 000,046,816 | ---- | M] (Norman ASA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt) DRV - [2012/02/22 21:04:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012/01/11 16:41:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011/12/02 21:13:21 | 000,053,160 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\Program Files\Norman\Ngs\Bin\nnetsecc.sys -- (NNetSecC) DRV - [2011/11/12 02:22:31 | 000,061,496 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec) DRV - [2011/11/12 02:18:19 | 000,091,136 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC) DRV - [2011/11/12 01:59:52 | 000,457,048 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdi_nf.sys -- (tdi_nf) DRV - [2011/08/26 18:33:28 | 000,053,928 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nnetsec.sys -- (nnetsec) DRV - [2011/07/12 21:06:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS) DRV - [2011/02/15 05:37:00 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm) DRV - [2011/02/15 05:37:00 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm) DRV - [2011/02/15 05:36:59 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm) DRV - [2011/02/15 05:36:56 | 000,354,840 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor8.sys -- (iastor8) DRV - [2010/12/09 21:18:03 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\ndiskio.sys -- (Ndiskio) DRV - [2010/07/05 06:21:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009/11/21 08:39:32 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009/11/21 08:39:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/11/21 08:39:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/11/21 08:39:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/09/06 11:35:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2009/09/06 11:35:08 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008/08/29 07:54:04 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/04/09 12:15:42 | 001,309,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/02/09 03:16:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2008/01/04 18:40:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/04/05 02:26:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 58 63 79 D5 F3 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/10 23:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/29 18:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer Admin\Application Data\Mozilla\Extensions [2012/11/29 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer Admin\Application Data\Mozilla\Firefox\Profiles\5z8isnmw.default\extensions [2012/12/10 23:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/10 23:14:26 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/06 19:19:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/11/29 18:34:09 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2008/04/14 21:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband\bpwbb2ad.dll (Telstra) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe (Telstra) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.134.49 61.9.133.193 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19EAEF9D-6F76-492B-8D58-4EC85FB12790}: DhcpNameServer = 61.9.134.49 61.9.133.193 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/24 04:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 14:36:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe [2013/01/16 21:07:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Computer Admin\PrivacIE [2013/01/15 17:24:11 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Computer Admin\Desktop\tdsskiller.exe [2013/01/14 23:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer Admin\Application Data\Malwarebytes [2013/01/14 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer Admin\Local Settings\Application Data\Sun [2013/01/14 22:32:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computer Admin\My Documents\My Videos [2013/01/14 22:32:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computer Admin\Start Menu\Programs\Administrative Tools [2013/01/10 23:43:04 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/01/10 22:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2013/01/10 03:05:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/01/10 03:04:43 | 000,000,000 | ---D | C] -- C:\27f345087e8d496825385a5156f375e3 [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/17 14:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/17 14:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe [2013/01/17 14:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/01/17 14:31:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/17 14:31:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/17 14:31:36 | 3082,801,152 | -HS- | M] () -- C:\hiberfil.sys [2013/01/17 00:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/01/15 17:25:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Computer Admin\Desktop\tdsskiller.exe [2013/01/10 23:43:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/10 23:43:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/10 23:43:05 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/01/10 14:20:06 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/10 14:20:06 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/10 03:04:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/01/08 22:44:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/01/06 16:03:28 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2012/12/22 16:55:52 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/10 22:39:14 | 3082,801,152 | -HS- | C] () -- C:\hiberfil.sys [2012/06/11 20:59:18 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2012/02/15 18:54:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/11/27 22:06:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/05/15 11:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/05/15 10:11:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll [2011/04/29 13:47:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2011/04/29 13:47:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [2011/04/29 13:41:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/04/29 13:41:06 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC1.dat [2011/04/29 13:41:06 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC0.dat [2011/04/29 13:41:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat [2011/04/29 13:41:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat [2011/04/29 13:41:06 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2011/04/29 13:41:06 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2011/04/29 13:36:57 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2011/04/29 13:36:57 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2011/04/29 13:36:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2011/04/29 13:34:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/04/24 05:01:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/04/24 04:56:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/04/23 21:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/04/23 21:51:33 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2011/09/01 11:49:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/15 05:20:42 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2011/02/15 05:20:05 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 21:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Extras logfile created on: 17/01/2013 2:41:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Computer Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.59% Memory free 7.11 Gb Paging File | 6.58 Gb Available in Paging File | 92.62% Paging File free Paging file location(s): C:\pagefile.sys 4500 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.44 Gb Total Space | 52.17 Gb Free Space | 44.81% Space Free | Partition Type: NTFS Computer Name: EMCOMPUTER | User Name: Computer Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĀµTorrent "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus / Vuze ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5 "{CDEDBC83-40F4-4C8B-9BA7-AA95F45246F9}" = BigPond Wireless Broadband "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007) "84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3) "8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7) "EPSON Scanner" = EPSON Scan "EPSON TX120 NX120 Series" = EPSON TX120 NX120 Series Printer Uninstall "EPSON TX120 NX120 Series Manual" = EPSON TX120 NX120 Series Manual "Guitar Pro 5_is1" = Guitar Pro 5.2 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "iriver plus 3" = iriver plus 3 (remove only) "JAIELangPack" = Japanese Language Support "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "OpenAL" = OpenAL "Unlocker" = Unlocker 1.9.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/01/2013 7:31:53 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 7:31:53 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 9:09:31 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. Error - 10/01/2013 9:13:30 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. Error - 10/01/2013 9:13:30 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 9:13:56 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. Error - 10/01/2013 9:13:56 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. Error - 14/01/2013 8:58:11 AM | Computer Name = EMCOMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 15/01/2013 3:09:30 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. Error - 16/01/2013 7:09:38 AM | Computer Name = EMCOMPUTER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. [ System Events ] Error - 16/01/2013 7:06:33 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:09:03 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:11:17 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:14:33 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:19:03 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:25:32 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 7:32:33 AM | Computer Name = EMCOMPUTER | Source = Service Control Manager | ID = 7016 Description = The Norman Scanner Engine Service service has reported an invalid current state 0. Error - 16/01/2013 8:35:48 AM | Computer Name = EMCOMPUTER | Source = Dhcp | ID = 1002 Description = The IP address lease 58.170.110.202 for the Network Card with network address 00A0C6000000 has been denied by the DHCP server 58.166.67.50 (The DHCP Server sent a DHCPNACK message). Error - 16/01/2013 8:35:52 AM | Computer Name = EMCOMPUTER | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. Error - 17/01/2013 12:04:37 AM | Computer Name = EMCOMPUTER | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. < End of report >
     
  12. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    Ugh sorry I don't know why that's happening, I made sure word wrap was unchecked on both documents. OTL logfile created on: 17/01/2013 2:41:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Computer Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.87 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 74.59% Memory free 7.11 Gb Paging File | 6.58 Gb Available in Paging File | 92.62% Paging File free Paging file location(s): C:\pagefile.sys 4500 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.44 Gb Total Space | 52.17 Gb Free Space | 44.81% Space Free | Partition Type: NTFS Computer Name: EMCOMPUTER | User Name: Computer Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/17 14:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe PRC - [2012/12/03 17:26:06 | 000,350,120 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zlh.exe PRC - [2012/11/29 19:01:34 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/06/26 19:38:46 | 000,288,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\nsesvc.exe PRC - [2012/05/14 23:41:20 | 000,356,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe PRC - [2012/02/14 02:31:55 | 000,431,320 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zanda.exe PRC - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe PRC - [2011/11/14 20:57:02 | 000,231,216 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe PRC - [2011/10/28 17:51:00 | 000,125,152 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\nse.exe PRC - [2011/10/24 20:29:21 | 000,076,232 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe PRC - [2011/10/19 21:37:18 | 000,100,936 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe PRC - [2011/09/30 23:02:08 | 000,090,144 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe PRC - [2011/04/11 19:08:22 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe PRC - [2010/07/05 06:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2009/11/28 03:42:20 | 002,400,768 | ---- | M] (Telstra) -- C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe PRC - [2008/05/28 02:53:42 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe PRC - [2008/04/15 10:13:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe PRC - [2008/04/14 21:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/19 12:55:10 | 000,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe ========== Modules (No Company Name) ========== MOD - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\njeeves.exe MOD - [2012/01/06 23:44:36 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Temp\CmdLineExt02.dll MOD - [2011/02/14 20:05:39 | 001,069,048 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\libxml2.dll MOD - [2010/10/18 20:35:24 | 010,896,384 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\nqtcore4.dll MOD - [2010/07/05 08:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2010/07/05 08:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2010/07/05 06:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe MOD - [2009/09/03 20:40:48 | 000,210,432 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\lua.dll MOD - [2007/04/04 11:51:34 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) SRV - [2013/01/10 23:44:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/10 23:14:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/29 19:01:34 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/06/28 21:38:14 | 000,287,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas) SRV - [2012/06/26 19:38:46 | 000,288,104 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\nsesvc.exe -- (nsesvc) SRV - [2012/05/14 23:41:20 | 000,356,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npf\Bin\npfsvc32.exe -- (NPFSvc32) SRV - [2012/05/10 18:47:05 | 000,793,520 | ---- | M] () [Auto | Running] -- C:\Program Files\Norman\Nvc\Bin\nhs.exe -- (NHS) SRV - [2012/02/14 02:31:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\zanda.exe -- (Norman ZANDA) SRV - [2012/02/03 20:43:36 | 000,116,056 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\njeeves.exe -- (Norman NJeeves) SRV - [2011/11/14 20:57:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nnf.exe -- (NNFSVC) SRV - [2011/10/24 20:29:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6) SRV - [2011/10/19 21:37:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\nvoy.exe -- (NVOY) SRV - [2011/09/30 23:02:08 | 000,090,144 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe -- (NPROSECSVC) SRV - [2011/04/11 19:08:22 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler) SRV - [2009/09/14 23:30:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009/09/14 23:30:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) SRV - [2008/04/15 10:13:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/08/16 19:56:03 | 000,046,816 | ---- | M] (Norman ASA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt) DRV - [2012/02/22 21:04:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012/01/11 16:41:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011/12/02 21:13:21 | 000,053,160 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\Program Files\Norman\Ngs\Bin\nnetsecc.sys -- (NNetSecC) DRV - [2011/11/12 02:22:31 | 000,061,496 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec) DRV - [2011/11/12 02:18:19 | 000,091,136 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC) DRV - [2011/11/12 01:59:52 | 000,457,048 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdi_nf.sys -- (tdi_nf) DRV - [2011/08/26 18:33:28 | 000,053,928 | ---- | M] (Norman ASA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nnetsec.sys -- (nnetsec) DRV - [2011/07/12 21:06:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS) DRV - [2011/02/15 05:37:00 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm) DRV - [2011/02/15 05:37:00 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm) DRV - [2011/02/15 05:36:59 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm) DRV - [2011/02/15 05:36:56 | 000,354,840 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor8.sys -- (iastor8) DRV - [2010/12/09 21:18:03 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\ndiskio.sys -- (Ndiskio) DRV - [2010/07/05 06:21:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009/11/21 08:39:32 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009/11/21 08:39:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/11/21 08:39:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/11/21 08:39:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/09/06 11:35:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2009/09/06 11:35:08 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008/08/29 07:54:04 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/04/09 12:15:42 | 001,309,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/02/09 03:16:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2008/01/04 18:40:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/04/05 02:26:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 58 63 79 D5 F3 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/10 23:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/29 18:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer Admin\Application Data\Mozilla\Extensions [2012/11/29 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer Admin\Application Data\Mozilla\Firefox\Profiles\5z8isnmw.default\extensions [2012/12/10 23:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/10 23:14:26 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/06 19:19:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/11/29 18:34:09 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2008/04/14 21:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband\bpwbb2ad.dll (Telstra) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband\BigPond_CM.exe (Telstra) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.134.49 61.9.133.193 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19EAEF9D-6F76-492B-8D58-4EC85FB12790}: DhcpNameServer = 61.9.134.49 61.9.133.193 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/24 04:59:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 14:36:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe [2013/01/16 21:07:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Computer Admin\PrivacIE [2013/01/15 17:24:11 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Computer Admin\Desktop\tdsskiller.exe [2013/01/14 23:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer Admin\Application Data\Malwarebytes [2013/01/14 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer Admin\Local Settings\Application Data\Sun [2013/01/14 22:32:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computer Admin\My Documents\My Videos [2013/01/14 22:32:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computer Admin\Start Menu\Programs\Administrative Tools [2013/01/10 23:43:04 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/01/10 22:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2013/01/10 03:05:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/01/10 03:04:43 | 000,000,000 | ---D | C] -- C:\27f345087e8d496825385a5156f375e3 [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/17 14:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/17 14:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer Admin\Desktop\OTL.exe [2013/01/17 14:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/01/17 14:31:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/17 14:31:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/17 14:31:36 | 3082,801,152 | -HS- | M] () -- C:\hiberfil.sys [2013/01/17 00:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/01/15 17:25:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Computer Admin\Desktop\tdsskiller.exe [2013/01/10 23:43:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/10 23:43:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/10 23:43:05 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013/01/10 14:20:06 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/10 14:20:06 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/10 03:04:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/01/08 22:44:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/01/06 16:03:28 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2012/12/22 16:55:52 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/10 22:39:14 | 3082,801,152 | -HS- | C] () -- C:\hiberfil.sys [2012/06/11 20:59:18 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2012/02/15 18:54:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/11/27 22:06:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/05/15 11:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/05/15 10:11:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll [2011/04/29 13:47:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2011/04/29 13:47:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [2011/04/29 13:41:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/04/29 13:41:06 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC1.dat [2011/04/29 13:41:06 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC0.dat [2011/04/29 13:41:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat [2011/04/29 13:41:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat [2011/04/29 13:41:06 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2011/04/29 13:41:06 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2011/04/29 13:36:57 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2011/04/29 13:36:57 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2011/04/29 13:36:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2011/04/29 13:34:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/04/24 05:01:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/04/24 04:56:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/04/23 21:52:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/04/23 21:51:33 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2011/09/01 11:49:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/15 05:20:42 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2011/02/15 05:20:05 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 21:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
     
  13. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    I'm sorry I have no idea why it keeps doing that
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,916
    First Name:
    Karen
    Was word wrap checked when you looked and did you uncheck it?

    If so then try running OTL again and posting the new log.
     
  15. Emmaline3435

    Emmaline3435 Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    34
    Word wrap wasn't checked when I looked at them, and just to be sure I checked it then unchecked it. I'll run OTL again and try again.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084533

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice