.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:39:35 on 2012-06-13
Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.1215.980 [GMT 2:00]
.
AV: Norman Endpoint Protection *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [gemstrmw] c:\windows\system32\gemstrmw.exe /r
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [<NO NAME>] 
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [cfxwmhwdtqugrrc] c:\documents and settings\all users\application data\cfxwmhwd.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184748027993
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221063510936
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {BD1C418C-953D-11D4-B14B-0060089EF400} - hxxps://www.easyflex.net/tpactivex/tp32.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{F2B9D74A-8E5F-4A6C-82A9-98771A124A51} : NameServer = 192.168.20.254
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2011-5-2 31632]
S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2011-5-2 26744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
S2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\ndiskio.sys [2011-5-2 22880]
S2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\zanda.exe [2010-9-16 427888]
S2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2011-5-2 100336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257696]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2011-6-21 21888]
S3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2011-5-2 50576]
S3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\norman\ngs\bin\nnetsecc.sys [2011-5-2 29968]
S3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\nsesvc.exe [2011-6-10 288072]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\nvcoas.exe [2011-5-2 196608]
S3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2011-5-2 99312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-13 10:11:52	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-13 10:04:28	--------	d-sh--w-	c:\documents and settings\administrator.selectin-2\IECompatCache
2012-06-13 10:04:00	--------	d-sh--w-	c:\documents and settings\administrator.selectin-2\PrivacIE
2012-06-13 10:01:16	--------	d-sh--w-	c:\documents and settings\administrator.selectin-2\IETldCache
2012-06-13 06:41:33	12288	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2012-06-13 06:41:33	12288	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-06-13 06:41:20	10368	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys
2012-06-13 06:41:20	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2012-06-12 10:51:26	53248	------w-	c:\documents and settings\all users\application data\nxqbbnvc.exe
2012-06-12 10:51:21	53248	----a-w-	c:\documents and settings\all users\application data\cfxwmhwd.exe
2012-06-12 10:51:20	53248	------w-	c:\documents and settings\all users\application data\bxqzaxmc.exe
2012-06-12 10:50:29	--------	d-----w-	c:\documents and settings\all users\application data\jipewlfiolrrbwc
2012-06-12 10:50:20	53248	------w-	c:\documents and settings\all users\application data\uhebtkrj.exe
2012-06-04 14:16:04	--------	d-----w-	C:\kandidaten
.
==================== Find3M  ====================
.
2012-05-31 13:22:05	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-05 07:53:10	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 07:53:10	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-01 06:17:39	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-05-01 06:17:39	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-01 06:17:38	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-11 13:55:27	2073472	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55:17	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:55:04	2196992	----a-w-	c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 13:40:41,98 ===============