Bifrose.da

[dekdek]

I'm sorry I posted without the HJT log.

I've got the following problem,

Spybot S&D found Bifrose.da:

Win32.Bifrose.da: [SBI $753ADD34] Data (Bestand, nothing done)
C:\WINDOWS\system32\SysPr.prx
(For what it's worth, formatting my C: didn't work)

Thanks for helping me in advance,

This is the HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:04, on 5-9-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WInUpdate16] C:\WINDOWS\system32\udate32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1220292017168
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 5380 bytes

[Blade81]

Hi


Disable Spybot's TeaTimer

• Run Spybot-S&D in Advanced Mode
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
• On the left hand side, click on Tools
• Then click on the Resident icon in the list
• Uncheck
  Resident TeaTimer
  and OK any prompts.
• Restart your computer

Download
SDFix
and save it to your desktop. (If you can't download with this computer try to get it downloaded on some other one.)

Please then reboot your computer in Safe Mode by doing the
following :

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press
  Enter
  .
• Choose your usual account.

• In Safe Mode, double click the SDFix.exe file. Click Install in appearing window,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log

[dekdek]

Report.txt


SDFix: Version 1.223
Run by Derek on wo 10-09-2008 at 22:52

Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\SysPr.prx - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 22:54:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:54,35,bd,28,cb,cc,08,99,49,61,1b,34,13,1e,d8,b5,19,b9,0e,cc,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c5,72,e2,17,b3,3b,f9,6d,85,2f,d9,5e,c3,94,e5,c2,bb,..
"khjeh"=hex:bb,da,71,22,cf,40,61,71,4b,a8,7f,9c,bc,01,c0,a1,97,86,ed,d3,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b4,66,35,d5,10,c8,c2,86,86,db,52,b0,20,5e,8a,6b,69,45,ae,16,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:54,35,bd,28,cb,cc,08,99,49,61,1b,34,13,1e,d8,b5,19,b9,0e,cc,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c5,72,e2,17,b3,3b,f9,6d,85,2f,d9,5e,c3,94,e5,c2,bb,..
"khjeh"=hex:bb,da,71,22,cf,40,61,71,4b,a8,7f,9c,bc,01,c0,a1,97,86,ed,d3,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b4,66,35,d5,10,c8,c2,86,86,db,52,b0,20,5e,8a,6b,69,45,ae,16,e1,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 20 Jun 2007 1,312,966 A..H. --- "C:\WINDOWS\system32\udate32.exe"
Mon 1 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 1 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\45c9d37fecf09513d2579b1277d94a52\BITC.tmp"

Finished!

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:08, on 10-9-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows NT\Bureau-accessoires\WORDPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WInUpdate16] C:\WINDOWS\system32\udate32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1220292017168
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 5394 bytes

[Blade81]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\utorrent

Empty Recycle Bin.

After that:

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[dekdek]

log:
Logfile of random's system information tool (written by random/random)
Run by Derek at 2008-09-11 15:35:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (41%) free of 20 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:58, on 11-9-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Derek\Bureaublad\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Derek.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WInUpdate16] C:\WINDOWS\system32\udate32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1220292017168
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 5268 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-09-27 2635472]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-01 5724184]
"WInUpdate16"=C:\WINDOWS\system32\udate32.exe [2007-06-20 1312966]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

List of files/folders created in the last three months

2008-09-11 15:35:52 ----D---- C:\rsit
2008-09-11 01:14:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 01:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 22:51:15 ----D---- C:\WINDOWS\ERUNT
2008-09-10 22:49:39 ----D---- C:\SDFix
2008-09-10 22:46:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-09 19:23:29 ----A---- C:\WINDOWS\Goya.INI
2008-09-08 23:32:59 ----D---- C:\Documents and Settings\Derek\Application Data\Media Player Classic
2008-09-08 20:46:52 ----D---- C:\Program Files\Guitar Pro 5
2008-09-07 18:42:25 ----D---- C:\Documents and Settings\Derek\Application Data\WinRAR
2008-09-07 15:41:07 ----D---- C:\Program Files\WinRAR
2008-09-05 12:56:34 ----D---- C:\Program Files\Trend Micro
2008-09-03 19:51:47 ----A---- C:\WINDOWS\WORDPAD.INI
2008-09-03 18:56:34 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-03 18:56:24 ----D---- C:\Program Files\Common Files\Adobe
2008-09-03 18:56:24 ----D---- C:\Program Files\Adobe
2008-09-03 00:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-03 00:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-03 00:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-03 00:33:58 ----D---- C:\Program Files\MSXML 4.0
2008-09-03 00:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-03 00:29:30 ----D---- C:\Documents and Settings\Derek\Application Data\Apple Computer
2008-09-03 00:29:18 ----D---- C:\Program Files\iPod
2008-09-03 00:29:15 ----D---- C:\Program Files\iTunes
2008-09-03 00:29:08 ----D---- C:\Program Files\Bonjour
2008-09-03 00:28:49 ----D---- C:\Program Files\QuickTime
2008-09-03 00:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-03 00:28:40 ----D---- C:\Program Files\Apple Software Update
2008-09-03 00:28:21 ----D---- C:\Program Files\Common Files\Apple
2008-09-03 00:28:21 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-02 23:43:00 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-02 21:24:08 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-02 21:17:45 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-02 21:10:37 ----A---- C:\WINDOWS\system32\L6tpgx.dll
2008-09-02 21:10:01 ----D---- C:\Program Files\Common Files\Digidesign
2008-09-02 21:10:01 ----D---- C:\Documents and Settings\Derek\Application Data\Line 6
2008-09-02 21:10:01 ----D---- C:\Documents and Settings\All Users\Application Data\Line 6
2008-09-02 21:10:01 ----A---- C:\WINDOWS\GearBox.ini
2008-09-02 21:09:55 ----D---- C:\Program Files\Line6
2008-09-02 19:22:11 ----A---- C:\WINDOWS\wininit.ini
2008-09-02 18:45:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-02 18:45:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-02 18:29:33 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-02 18:29:33 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-02 18:29:33 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-02 00:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-01 23:03:58 ----D---- C:\Documents and Settings\Derek\Application Data\Macromedia
2008-09-01 23:03:58 ----D---- C:\Documents and Settings\Derek\Application Data\Adobe
2008-09-01 22:27:21 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-09-01 22:27:21 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-09-01 22:26:09 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2008-09-01 22:25:10 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-09-01 21:48:37 ----A---- C:\WINDOWS\system32\h323log.txt
2008-09-01 21:44:52 ----A---- C:\WINDOWS\system32\usbui.dll
2008-09-01 21:44:27 ----A---- C:\WINDOWS\imsins.BAK
2008-09-01 21:44:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-01 21:44:24 ----D---- C:\Program Files\Common Files\ODBC
2008-09-01 21:44:24 ----A---- C:\WINDOWS\ODBCINST.INI
2008-09-01 21:44:22 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-09-01 21:44:21 ----RD---- C:\Program Files
2008-09-01 21:44:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-01 21:44:21 ----D---- C:\Program Files\Common Files
2008-09-01 21:44:20 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-09-01 21:44:19 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-09-01 21:44:19 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-09-01 21:44:18 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-09-01 21:44:16 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-09-01 21:44:15 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-09-01 21:44:15 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-09-01 21:44:15 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-09-01 21:44:15 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-09-01 21:44:15 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-09-01 21:44:13 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-09-01 21:44:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-09-01 21:44:11 ----A---- C:\WINDOWS\system32\irclass.dll
2008-09-01 21:44:11 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-09-01 21:44:11 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-09-01 21:44:10 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-09-01 21:44:09 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-09-01 21:44:08 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-09-01 21:44:08 ----A---- C:\WINDOWS\system32\storprop.dll
2008-09-01 21:44:08 ----A---- C:\WINDOWS\system32\batt.dll
2008-09-01 21:44:08 ----A---- C:\WINDOWS\notepad.exe
2008-09-01 21:44:05----ASH----C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-09-01 21:44:02 ----RA---- C:\WINDOWS\SET7.tmp
2008-09-01 21:44:00 ----RA---- C:\WINDOWS\SET3.tmp
2008-09-01 21:43:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-01 21:43:55 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-01 21:43:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-01 21:43:38 ----A---- C:\WINDOWS\setuplog.txt
2008-09-01 21:43:35 ----D---- C:\Documents and Settings
2008-09-01 21:42:28 ----RASH---- C:\boot.ini
2008-09-01 21:39:20 ----D---- C:\WINDOWS\OemDir
2008-09-01 21:39:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-01 21:39:18 ----RSD---- C:\WINDOWS\Fonts
2008-09-01 21:39:18 ----RD---- C:\WINDOWS\Web
2008-09-01 21:39:18 ----HD---- C:\WINDOWS\inf
2008-09-01 21:39:18 ----D---- C:\WINDOWS\WinSxS
2008-09-01 21:39:18 ----D---- C:\WINDOWS\twain_32
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Temp
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\wins
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\wbem
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\usmt
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\spool
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\ShellExt
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\Setup
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\ras
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\oobe
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\npp
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\mui
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\IME
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\icsxml
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\ias
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\export
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\drivers
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\dhcp
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\config
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\3com_dmi
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\3076
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\2052
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1054
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1043
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1042
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1041
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1037
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1033
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1031
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1028
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32\1025
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system32
2008-09-01 21:39:18 ----D---- C:\WINDOWS\system
2008-09-01 21:39:18 ----D---- C:\WINDOWS\security
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Resources
2008-09-01 21:39:18 ----D---- C:\WINDOWS\repair
2008-09-01 21:39:18 ----D---- C:\WINDOWS\mui
2008-09-01 21:39:18 ----D---- C:\WINDOWS\msapps
2008-09-01 21:39:18 ----D---- C:\WINDOWS\msagent
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Media
2008-09-01 21:39:18 ----D---- C:\WINDOWS\java
2008-09-01 21:39:18 ----D---- C:\WINDOWS\ime
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Help
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Driver Cache
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Debug
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Cursors
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Connection Wizard
2008-09-01 21:39:18 ----D---- C:\WINDOWS\Config
2008-09-01 21:39:18 ----D---- C:\WINDOWS\AppPatch
2008-09-01 21:39:18 ----D---- C:\WINDOWS\addins
2008-09-01 21:39:18 ----D---- C:\WINDOWS
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\TTIC32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\TTI32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\STRING32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\MXRestore.exe
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLIX.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2008-09-01 21:31:30 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2008-09-01 21:31:26 ----D---- C:\Program Files\Common Files\MAGIX Shared
2008-09-01 21:29:08 ----D---- C:\Program Files\MAGIX
2008-09-01 21:29:08 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-09-01 21:29:08 ----A---- C:\WINDOWS\system32\INETWH32.dll
2008-09-01 21:29:08 ----A---- C:\WINDOWS\system32\HtmlWH.dll
2008-09-01 21:28:41 ----D---- C:\WINDOWS\system32\MAGIX
2008-09-01 21:28:41 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2008-09-01 21:28:41 ----A---- C:\WINDOWS\mgxoschk.ini
2008-09-01 21:27:24 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-01 21:24:42 ----D---- C:\Documents and Settings\Derek\Application Data\DAEMON Tools
2008-09-01 21:22:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-01 21:22:29 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-01 21:22:21 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-01 21:22:16 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-01 21:21:56 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-01 21:21:44 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-01 21:21:41 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-01 21:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-01 21:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-01 21:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-01 21:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-01 21:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-01 21:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-01 21:15:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-01 21:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-01 21:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-01 21:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-01 21:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-01 21:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-01 21:15:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-01 21:09:04 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-09-01 21:09:03 ----D---- C:\Program Files\Sygate
2008-09-01 21:08:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-01 21:08:51 ----AH---- C:\WINDOWS\system32\udate32.exe
2008-09-01 21:04:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-01 21:00:51 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-01 21:00:48 ----D---- C:\Program Files\Windows Live
2008-09-01 21:00:42 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-01 20:55:50 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-09-01 20:55:39 ----D---- C:\Program Files\C-Media
2008-09-01 20:55:39 ----A---- C:\WINDOWS\CMISETUP.INI
2008-09-01 20:55:39 ----A---- C:\WINDOWS\CMCDPLAY.INI
2008-09-01 20:51:32 ----D---- C:\WINDOWS\nview
2008-09-01 20:51:32 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-01 20:51:24 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-01 20:51:22 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-01 20:51:18 ----D---- C:\NVIDIA
2008-09-01 20:44:57 ----SHD---- C:\RECYCLER
2008-09-01 20:44:33 ----D---- C:\Documents and Settings\Derek\Application Data\Mozilla
2008-09-01 20:44:27 ----D---- C:\Program Files\Mozilla Firefox
2008-09-01 20:41:49 ----D---- C:\WINDOWS\Prefetch
2008-09-01 20:39:14 ----D---- C:\WINDOWS\system32\nl-nl
2008-09-01 20:39:14 ----D---- C:\WINDOWS\system32\nl
2008-09-01 20:39:14 ----D---- C:\WINDOWS\l2schemas
2008-09-01 20:37:30 ----D---- C:\WINDOWS\network diagnostic
2008-09-01 20:33:32 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-01 20:33:31 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-01 20:33:29 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-01 20:33:27 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-01 20:33:27 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-01 20:33:27 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-09-01 20:33:25 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-09-01 20:33:25 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-01 20:33:25 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-01 20:33:23 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-09-01 20:33:20 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-01 20:33:19 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-01 20:33:19 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-01 20:33:18 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-01 20:33:18 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-01 20:33:18 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-01 20:33:18 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-01 20:33:18 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-01 20:33:16 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-01 20:33:13 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-01 20:33:13 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-01 20:33:13 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-01 20:33:13 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-01 20:33:13 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-01 20:33:12 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-01 20:33:12 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-01 20:33:08 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-01 20:33:08 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-01 20:33:08 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-01 20:33:08 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-01 20:33:04 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-01 20:33:04 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-01 20:33:04 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-01 20:33:04 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-01 20:33:04 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-01 20:33:04 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-01 20:32:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-01 20:32:59 ----A---- C:\WINDOWS\004861_.tmp
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-01 20:32:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-01 20:32:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-01 20:32:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-01 20:32:54 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-01 20:32:51 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-01 20:18:32 ----D---- C:\WINDOWS\provisioning
2008-09-01 20:18:32 ----D---- C:\WINDOWS\peernet
2008-09-01 20:17:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-01 20:16:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-01 20:15:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-01 20:15:25 ----D---- C:\WINDOWS\EHome
2008-09-01 20:12:08 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-09-01 20:04:53 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-09-01 20:03:30 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-01 20:02:59 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-01 20:02:59 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-01 20:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-01 20:02:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-01 20:02:49 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-09-01 20:02:43 ----D---- C:\WINDOWS\system32\bits
2008-09-01 20:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-09-01 20:02:20 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-09-01 20:02:20 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-09-01 20:02:20 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-09-01 20:02:20 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wups2.dll
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wups.dll
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-01 20:00:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-09-01 20:00:26 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-01 19:59:35 ----SHD---- C:\WINDOWS\Installer
2008-09-01 19:59:33 ----D---- C:\Documents and Settings\Derek\Application Data\Identities
2008-09-01 19:59:31 ----HD---- C:\Program Files\Uninstall Information
2008-09-01 19:59:28 ----SD---- C:\Documents and Settings\Derek\Application Data\Microsoft
2008-09-01 19:59:28 ----ASH---- C:\Documents and Settings\Derek\Application Data\desktop.ini
2008-09-01 19:59:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-09-01 19:56:55 ----SHD---- C:\System Volume Information
2008-09-01 19:56:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-01 19:53:00 ----D---- C:\WINDOWS\system32\xircom
2008-09-01 19:53:00 ----D---- C:\Program Files\xerox
2008-09-01 19:53:00 ----D---- C:\Program Files\microsoft frontpage
2008-09-01 19:52:56 ----A---- C:\WINDOWS\control.ini
2008-09-01 19:52:56 ----A---- C:\AUTOEXEC.BAT
2008-09-01 19:52:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-01 19:52:51 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-09-01 19:52:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-01 19:52:24 ----RD---- C:\WINDOWS\Offline Web Pages
2008-09-01 19:52:23 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-01 19:52:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-09-01 19:52:07 ----D---- C:\WINDOWS\system32\DirectX
2008-09-01 19:51:44 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-09-01 19:51:44 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-09-01 19:51:44 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-09-01 19:51:44 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-09-01 19:51:43 ----A---- C:\WINDOWS\system32\atrace.dll
2008-09-01 19:51:41 ----A---- C:\WINDOWS\system32\desktop.ini
2008-09-01 19:51:41 ----A---- C:\WINDOWS\desktop.ini
2008-09-01 19:51:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-09-01 19:51:34 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-09-01 19:51:34 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-09-01 19:51:32 ----D---- C:\Program Files\Common Files\Services
2008-09-01 19:51:32 ----A---- C:\WINDOWS\system32\acctres.dll
2008-09-01 19:51:31 ----A---- C:\WINDOWS\system32\inetres.dll
2008-09-01 19:51:28 ----SD---- C:\WINDOWS\Tasks
2008-09-01 19:51:28 ----A---- C:\WINDOWS\system32\isign32.dll
2008-09-01 19:51:28 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-09-01 19:51:28 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-09-01 19:51:28 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-09-01 19:51:27 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-09-01 19:51:25 ----D---- C:\Program Files\Common Files\MSSoap
2008-09-01 19:51:22 ----D---- C:\WINDOWS\srchasst
2008-09-01 19:51:21 ----D---- C:\WINDOWS\system32\Macromed
2008-09-01 19:51:20 ----D---- C:\Program Files\Movie Maker
2008-09-01 19:51:20 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-01 19:51:16 ----D---- C:\WINDOWS\system32\Restore
2008-09-01 19:51:16 ----D---- C:\WINDOWS\PCHealth
2008-09-01 19:51:16 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-09-01 19:51:16 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-09-01 19:51:16 ----A---- C:\WINDOWS\system32\srclient.dll
2008-09-01 19:51:15 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-09-01 19:51:15 ----A---- C:\WINDOWS\system32\msconf.dll
2008-09-01 19:51:15 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-09-01 19:51:15 ----A---- C:\WINDOWS\system32\ils.dll
2008-09-01 19:51:13 ----D---- C:\Program Files\NetMeeting
2008-09-01 19:51:13 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-09-01 19:51:13 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-09-01 19:51:12 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-09-01 19:51:11 ----D---- C:\Program Files\Outlook Express
2008-09-01 19:51:11 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-09-01 19:51:11 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-09-01 19:51:11 ----A---- C:\WINDOWS\system32\mstask.dll
2008-09-01 19:51:09 ----D---- C:\Program Files\Common Files\System
2008-09-01 19:51:04 ----D---- C:\Program Files\Internet Explorer
2008-09-01 19:50:59 ----D---- C:\Program Files\ComPlus Applications
2008-09-01 19:50:59 ----A---- C:\WINDOWS\vbaddin.ini
2008-09-01 19:50:59 ----A---- C:\WINDOWS\vb.ini
2008-09-01 19:50:57 ----D---- C:\WINDOWS\Registration
2008-09-01 19:50:43 ----HD---- C:\Program Files\WindowsUpdate
2008-09-01 19:50:43 ----D---- C:\Program Files\Windows Media Player
2008-09-01 19:50:43 ----D---- C:\Program Files\Online Services
2008-09-01 19:50:41 ----D---- C:\Program Files\Messenger
2008-09-01 19:50:37 ----D---- C:\Program Files\MSN Gaming Zone
2008-09-01 19:50:37 ----A---- C:\WINDOWS\system32\write.exe
2008-09-01 19:50:30 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\hticons.dll
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\avwav.dll
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-09-01 19:50:29 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-09-01 19:50:28 ----A---- C:\WINDOWS\system32\winchat.exe
2008-09-01 19:50:23 ----A---- C:\WINDOWS\system32\getuname.dll
2008-09-01 19:50:22 ----A---- C:\WINDOWS\system32\winmine.exe
2008-09-01 19:50:22 ----A---- C:\WINDOWS\system32\sol.exe
2008-09-01 19:50:22 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-09-01 19:50:22 ----A---- C:\WINDOWS\system32\charmap.exe
2008-09-01 19:50:22 ----A---- C:\WINDOWS\system32\calc.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\tskill.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\tscon.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\shadow.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\reset.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\regini.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-09-01 19:50:21 ----A---- C:\WINDOWS\system32\freecell.exe
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\msg.exe
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\logoff.exe
2008-09-01 19:50:20 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-09-01 19:50:19 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-09-01 19:50:19 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-09-01 19:50:19 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-09-01 19:50:19 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\stclient.dll
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-09-01 19:50:18 ----A---- C:\WINDOWS\system32\colbact.dll
2008-09-01 19:50:17 ----A---- C:\WINDOWS\system32\comuid.dll
2008-09-01 19:50:17 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-09-01 19:50:17 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-09-01 19:50:17 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-09-01 19:50:17 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-09-01 19:50:17 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-09-01 19:50:12 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-09-01 19:50:12 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-09-01 19:50:12 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-09-01 19:50:11 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-09-01 19:50:08 ----D---- C:\Program Files\MSN
2008-09-01 19:50:07 ----D---- C:\Program Files\Windows NT
2008-09-01 19:50:07 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-09-01 19:50:07 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-09-01 19:50:07 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-09-01 19:50:06 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-09-01 19:50:06 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-09-01 19:50:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-09-01 19:50:06 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-09-01 19:50:06 ----A---- C:\WINDOWS\system32\spider.exe
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-09-01 19:50:05 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-09-01 19:50:04 ----D---- C:\WINDOWS\system32\MsDtc
2008-09-01 19:50:04 ----D---- C:\WINDOWS\system32\Com
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-09-01 19:50:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-09-01 19:50:03 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-09-01 19:50:01 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-08-08 21:14:30 ----A---- C:\WINDOWS\system32\udaprop.dll
2008-08-08 21:14:30 ----A---- C:\WINDOWS\system32\cmuda.dll
2008-08-08 21:14:30 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2008-08-08 21:14:30 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2008-08-08 21:14:30 ----A---- C:\WINDOWS\system32\Audio3D.dll
2008-08-08 21:14:30 ----A---- C:\WINDOWS\system32\a3d.dll

List of drivers

R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 ACEDRV09;ACEDRV09; \??\C:\WINDOWS\system32\drivers\ACEDRV09.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg3n.sys []
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg4n.sys []
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg5n.sys []
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg6n.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-11-06 755392]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L6TPortGX;Service - Line 6 TonePort GX; C:\WINDOWS\System32\Drivers\L6TPortGX.sys [2008-06-11 521472]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-06 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 rtl8139;NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SISNIC;Stuurprogramma voor SiS PCI snelle ethernet-adapter; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ag27zm7z;ag27zm7z; C:\WINDOWS\system32\drivers\ag27zm7z.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\catchme.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

List of services

R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SmcService;Sygate Personal Firewall Pro; C:\Program Files\Sygate\SPF\smc.exe [2005-09-27 2635472]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Messenger USN Journal Reader service voor Gedeelde mappen; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
info
info.txt logfile of random's system information tool 2008-09-11 15:35:59

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Beveiligingsupdate for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Beveiligingsupdate voor Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix voor Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Line 6 Uninstaller-->C:\Program Files\Line6\Tools\Line 6 Uninstaller.exe
MAGIX Goya burnR 1.3.1.2 (US)-->C:\Program Files\MAGIX\Goya_burnR\instslct.exe
MAGIX Music Maker 12 deluxe 12.1.0.4 (US)-->C:\Program Files\MAGIX\MusicMaker12deluxe\instslct.exe
MAGIX Music Manager 2007 8.1.1.114 (US)-->C:\Program Files\MAGIX\Music_Manager_2007\instslct.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall Pro-->MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E}
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Update voor Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update voor Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger-->MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Hosts File

127.0.0.1 localhost

Security center information

FW: Sygate Personal Firewall Pro

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

[Blade81]

Hi



Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Upload following file (if found) to http://www.virustotal.com and post back the results:
C:\WINDOWS\system32\drivers\ag27zm7z.sys


Start hjt, do a system scan, check (if found):
O4 - HKCU\..\Run: [WInUpdate16] C:\WINDOWS\system32\udate32.exe

Close browsers and fix checked.




Delete following files if found:
C:\WINDOWS\system32\udate32.exe
C:\WINDOWS\004861_.tmp

Uninstall old Adobe Reader and get the latest one here or get Foxit Reader here.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file & a fresh hjt log in your next reply.

[dekdek]

Malwarebytes' Anti-Malware 1.28
Database versie: 1141
Windows 5.1.2600 Service Pack 3

12-9-2008 14:56:56
mbam-log-2008-09-12 (14-56-56).txt

Scan type: Volledige Scan (C:\|D:\|F:\|)
Objecten gescand: 97808
Verstreken tijd: 1 hour(s), 13 minute(s), 3 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:51, on 12-9-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Bureau-accessoires\WORDPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1220292017168
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 5178 bytes

[Blade81]

Hi

Can't see results of C:\WINDOWS\system32\drivers\ag27zm7z.sys file. Does that mean the file wasn't found?

[dekdek]

hi,

I re-checked and didn't find the file.

thanks for helping me in advance. (could it be a false alarm from spybot it still says I got bifrose.)

[Blade81]

Hi

Do you have complete details (location) of Spybot finding?