Mein email Account schickt Spammails

mcpappe · 08.09.2010, 12:00

Hallo,
mein emailaccount bei yahoo schickt spam-mails. Ich habe ein laptop und ein tower-pc bei beiden hab ich jeweils antivir und spybot suchen lassen. antivir hat 1 datei gefunden die ich jedoch geloescht hab, doch trotzdem werden spam-mails verschickt.
was kann ich tun, ausser beide rechner neu aufzusetzten??
MfG
Jannis

kira · 08.09.2010, 12:56

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

- kannst Du die Daten von deinem Laptop mal zeigen, damit wir sehen können, ob da eventuell Malware drauf sein könnte?:

1.
- Lade dir Random's System Information Tool (RSIT) von random/random herunter
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von RSIT installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
Coverflow

mcpappe · 08.09.2010, 19:31

danke fur die schnelle antwort

Tower PC
Info von Rsit
[code]
info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.08 2010-09-14 08:10:38

======Uninstall list======

-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Alpha Protocol-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}\setup.exe" -l0x9  -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9 
Battlefield Vietnam(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9 
Call of Duty Modern Warfare 2-->"C:\Games\CoDmw2\Call of Duty Modern Warfare 2\unins000.exe"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dungeon Keeper 2-->C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\Uninstall.exe
King’s Bounty: The Legend (Nur entfernen)-->"C:\Program Files (x86)\Nobilis\King's Bounty\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9  -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9  -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9  -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9  -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9  -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9  -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9  -removeonly
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9  -removeonly
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
Rapture3D 2.3.22 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Risen-->"C:\Program Files (x86)\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Serious Sam: The Second Encounter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x9 
Singularity(TM)-->"C:\Program Files (x86)\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409  -removeonly
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
The Lord of the Rings - Conquest™-->MsiExec.exe /X{628C3D50-F524-4C49-A958-672CE7953756}
TP-LINK Wireless Client Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{7A2A107B-9695-423F-9462-8F17C178BD35}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
WG111 Smart Wizard-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst

======System event log======

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 535
Source Name: Disk
Time Written: 20100125222712.159179-000
Event Type: Error
User: 

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 532
Source Name: Disk
Time Written: 20100125222711.659179-000
Event Type: Error
User: 

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 531
Source Name: Disk
Time Written: 20100125222711.159179-000
Event Type: Error
User: 

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 530
Source Name: Disk
Time Written: 20100125222710.659179-000
Event Type: Error
User: 

Computer Name: MeinPc
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR2.
Record Number: 528
Source Name: Disk
Time Written: 20100125222710.159179-000
Event Type: Error
User: 

=====Application event log=====

Computer Name: MeinPc
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process. 

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0432e3b3-ba37-4004-9bea-29fb5262f16b}
Record Number: 358
Source Name: VSS
Time Written: 20100126051803.000000-000
Event Type: Error
User: 

Computer Name: MeinPc
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-104217597-776977384-866917408-1000:
Process 436 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-104217597-776977384-866917408-1000

Record Number: 200
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100125221439.668070-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MeinPc
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program. 

 DETAIL - The directory is not empty.

Record Number: 182
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100125221035.280375-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: MeinPc
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=RFQ43
ACID=?
Detailed Error[?]

Record Number: 170
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100125220922.000000-000
Event Type: Error
User: 

Computer Name: MeinPc
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 

Record Number: 115
Source Name: Microsoft-Windows-Search
Time Written: 20100125220846.000000-000
Event Type: Warning
User: 

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
	Security ID:		S-1-5-18
	Account Name:		37L4247E29-32$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7

Group:
	Security ID:		S-1-5-32-551
	Group Name:		Backup Operators
	Group Domain:		Builtin

Changed Attributes:
	SAM Account Name:	-
	SID History:		-

Additional Information:
	Privileges:		-
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.828125-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
	Security ID:		S-1-5-18
	Account Name:		37L4247E29-32$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7

New Group:
	Security ID:		S-1-5-32-551
	Group Name:		Backup Operators
	Group Domain:		Builtin

Attributes:
	SAM Account Name:	Backup Operators
	SID History:		-

Additional Information:
	Privileges:		-
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.828125-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:	0
Policy ID:	0x3096c
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170921.453125-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
	Security ID:		S-1-0-0
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			0

New Logon:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3e7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x4
	Process Name:		

Network Information:
	Workstation Name:	-
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		-
	Authentication Package:	-
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170918.812500-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100125170918.671875-000
Event Type: Audit Success
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303

-----------------EOF-----------------

--- --- ---

Log von rsit
[code]
RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by XXXXXX at 2010-09-14 08:10:01
Microsoft Windows 7 Ultimate  
System drive C: has 7 GB (5%) free of 131 GB
Total RAM: 2047 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:37 AM, on 9/14/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Will SPliff\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Will SPliff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6514 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-09-09 328568]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-14 08:10:01 ----D---- C:\rsit
2010-09-14 08:10:01 ----D---- C:\Program Files (x86)\trend micro
2010-09-13 23:12:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-09-13 23:12:28 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-09-13 06:54:48 ----D---- C:\ProgramData\SEGA Corporation
2010-09-13 06:13:02 ----D---- C:\Program Files (x86)\SEGA
2010-09-11 05:27:36 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-09-11 05:27:28 ----D---- C:\Program Files (x86)\DivX
2010-09-11 05:06:48 ----D---- C:\ProgramData\DivX
2010-09-10 16:38:21 ----D---- C:\Users\Will SPliff\AppData\Roaming\ProtectDISC
2010-09-10 16:16:13 ----D---- C:\Program Files (x86)\Kalypso
2010-09-10 13:54:06 ----D---- C:\Program Files (x86)\Activision
2010-09-10 10:42:47 ----D---- C:\Program Files (x86)\Pidgin
2010-09-09 20:17:55 ----D---- C:\Windows\pss
2010-09-09 02:40:05 ----D---- C:\Program Files (x86)\uTorrent
2010-09-09 02:39:51 ----D---- C:\Users\Will SPliff\AppData\Roaming\uTorrent
2010-09-09 02:22:33 ----D---- C:\Users\Will SPliff\AppData\Roaming\Avira
2010-09-09 02:05:13 ----D---- C:\ProgramData\Avira
2010-09-09 02:05:13 ----D---- C:\Program Files (x86)\Avira
2010-09-09 02:05:13 ----A---- C:\Windows\SysWOW64\drivers\avgntmgr.sys
2010-09-09 02:05:13 ----A---- C:\Windows\SysWOW64\drivers\avgntdd.sys
2010-09-09 01:37:13 ----D---- C:\Users\Will SPliff\AppData\Roaming\Macromedia
2010-09-09 01:37:13 ----D---- C:\Users\Will SPliff\AppData\Roaming\Adobe
2010-09-09 01:35:50 ----D---- C:\Users\Will SPliff\AppData\Roaming\Mozilla
2010-09-09 01:35:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-09-09 01:31:13 ----D---- C:\Windows\Options
2010-09-09 00:39:21 ----D---- C:\ProgramData\TP-LINK
2010-08-24 02:32:58 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-08-24 01:42:16 ----D---- C:\Program Files (x86)\Nobilis
2010-08-24 00:02:56 ----D---- C:\Program Files (x86)\Bethesda Softworks
2010-08-24 00:01:44 ----RHD---- C:\Users\Will SPliff\AppData\Roaming\SecuROM
2010-08-24 00:01:44 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll
2010-08-20 22:53:39 ----D---- C:\Program Files (x86)\Bullfrog

======List of files/folders modified in the last 1 months======

2010-09-14 08:10:02 ----D---- C:\Windows\Temp
2010-09-14 08:10:01 ----RD---- C:\Program Files (x86)
2010-09-14 07:26:10 ----D---- C:\Windows\System32
2010-09-14 07:26:10 ----D---- C:\Windows\inf
2010-09-14 07:20:07 ----D---- C:\ProgramData\NVIDIA
2010-09-13 23:39:44 ----SHD---- C:\System Volume Information
2010-09-13 23:14:25 ----SD---- C:\Users\Will SPliff\AppData\Roaming\Microsoft
2010-09-13 23:12:28 ----HD---- C:\ProgramData
2010-09-13 06:13:16 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-13 06:13:02 ----SHD---- C:\Windows\Installer
2010-09-13 06:11:54 ----RSD---- C:\Windows\assembly
2010-09-13 06:05:01 ----D---- C:\Windows\Prefetch
2010-09-12 07:15:01 ----D---- C:\Windows\Logs
2010-09-11 05:27:57 ----RD---- C:\Program Files
2010-09-11 05:27:54 ----D---- C:\Windows\SysWOW64
2010-09-11 05:27:36 ----D---- C:\Program Files (x86)\Common Files
2010-09-10 16:15:21 ----D---- C:\Games
2010-09-10 14:15:24 ----D---- C:\Windows\winsxs
2010-09-10 14:04:47 ----D---- C:\Windows
2010-09-09 20:16:44 ----D---- C:\Windows\Downloaded Program Files
2010-09-09 02:05:13 ----D---- C:\Windows\SysWOW64\drivers
2010-09-09 01:40:02 ----D---- C:\ProgramData\Codemasters
2010-09-09 01:32:14 ----SD---- C:\ProgramData\Microsoft
2010-08-25 02:40:40 ----D---- C:\Windows\LiveKernelReports
2010-08-24 02:32:54 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-24 00:01:13 ----D---- C:\Program Files (x86)\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SCMNdisP;General NDIS Protocol Driver; C:\Windows\system32\DRIVERS\scmndisp.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 aoy52uyb;aoy52uyb; C:\Windows\SysWOW64\drivers\aoy52uyb.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SCM_Service;SCM_Service; C:\Windows\SysWOW64\WinService.exe [2007-07-18 180224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

--- --- ---

hjtscanlist
[code]

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

  09/14/2010 08:10 AM     C:\rsit --------- 0   
  09/14/2010 08:10 AM     C:\Program Files (x86) --------- 8192   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  09/13/2010 11:39 PM     C:\System Volume Information --------- 20480   
  09/13/2010 11:12 PM     C:\ProgramData --------- 4096   
  09/11/2010 05:27 AM     C:\Program Files --------- 4096   
  09/10/2010 04:15 PM     C:\Games --------- 12288   
  09/10/2010 02:04 PM     C:\Windows --------- 20480   
  02/11/2010 03:59 AM     C:\Users --------- 4096   
  01/26/2010 01:05 AM     C:\OEMSettings --------- 0   
  01/26/2010 12:45 AM     C:\NVIDIA --------- 0   
  01/26/2010 12:10 AM     C:\$Recycle.Bin --------- 0   
  01/26/2010 12:10 AM     C:\Recovery --------- 0   
  07/14/2009 07:08 AM     C:\Documents and Settings --------- 0   
  07/14/2009 05:20 AM     C:\PerfLogs --------- 0   
  11/07/2007 08:12 AM     C:\VC_RED.MSI --------- 232960   
  11/07/2007 08:09 AM     C:\VC_RED.cab --------- 1442522   
  11/07/2007 08:03 AM     C:\install.res.1036.dll --------- 97296   
  11/07/2007 08:03 AM     C:\install.res.1033.dll --------- 91152   
  11/07/2007 08:03 AM     C:\install.res.1031.dll --------- 96272   
  11/07/2007 08:03 AM     C:\install.res.1041.dll --------- 81424   
  11/07/2007 08:03 AM     C:\install.res.1042.dll --------- 79888   
  11/07/2007 08:03 AM     C:\install.res.2052.dll --------- 75792   
  11/07/2007 08:03 AM     C:\install.res.3082.dll --------- 96272   
  11/07/2007 08:03 AM     C:\install.exe --------- 562688   
  11/07/2007 08:03 AM     C:\install.res.1040.dll --------- 95248   
  11/07/2007 08:03 AM     C:\install.res.1028.dll --------- 76304   
  11/07/2007 08:00 AM     C:\eula.1041.txt --------- 118   
  11/07/2007 08:00 AM     C:\eula.1040.txt --------- 17734   
  11/07/2007 08:00 AM     C:\eula.1036.txt --------- 17734   
  11/07/2007 08:00 AM     C:\eula.1033.txt --------- 10134   
  11/07/2007 08:00 AM     C:\eula.2052.txt --------- 17734   
  11/07/2007 08:00 AM     C:\eula.1031.txt --------- 17734   
  11/07/2007 08:00 AM     C:\eula.1028.txt --------- 17734   
  11/07/2007 08:00 AM     C:\eula.3082.txt --------- 17734   
  11/07/2007 08:00 AM     C:\vcredist.bmp --------- 5686   
  11/07/2007 08:00 AM     C:\install.ini --------- 843   
  11/07/2007 08:00 AM     C:\eula.1042.txt --------- 17734   
  11/07/2007 08:00 AM     C:\globdata.ini --------- 1110   
----------------------------------------

 
C:\Windows

  09/14/2010 07:30 AM     C:\Windows\WindowsUpdate.log --------- 878719   
  09/14/2010 07:20 AM     C:\Windows\setupact.log --------- 24445   
  09/14/2010 07:20 AM     C:\Windows\bootstat.dat --------- 67584   
  09/13/2010 06:12 AM     C:\Windows\DirectX.log --------- 395571   
  08/24/2010 02:56 AM     C:\Windows\PFRO.log --------- 1754   
  02/11/2010 07:24 AM     C:\Windows\eReg.dat --------- 767   
  01/26/2010 01:21 AM     C:\Windows\RtlExUpd.dll --------- 838176   
  01/25/2010 07:11 PM     C:\Windows\DtcInstall.log --------- 1774   
  01/25/2010 07:11 PM     C:\Windows\TSSysprep.log --------- 1313   
  07/14/2009 07:09 AM     C:\Windows\win.ini --------- 403   
  07/14/2009 06:54 AM     C:\Windows\WindowsShell.Manifest --------- 749   
  07/14/2009 06:51 AM     C:\Windows\setuperr.log --------- 0   
  07/14/2009 03:39 AM     C:\Windows\write.exe --------- 10240   
  07/14/2009 03:39 AM     C:\Windows\splwow64.exe --------- 61952   
  07/14/2009 03:39 AM     C:\Windows\regedit.exe --------- 427008   
  07/14/2009 03:39 AM     C:\Windows\notepad.exe --------- 193536   
  07/14/2009 03:39 AM     C:\Windows\HelpPane.exe --------- 733696   
  07/14/2009 03:39 AM     C:\Windows\hh.exe --------- 16896   
  07/14/2009 03:39 AM     C:\Windows\fveupdate.exe --------- 15360   
  07/14/2009 03:39 AM     C:\Windows\explorer.exe --------- 2868224   
  07/14/2009 03:38 AM     C:\Windows\bfsvc.exe --------- 71168   
  07/14/2009 03:16 AM     C:\Windows\twain_32.dll --------- 51200   
  07/14/2009 03:14 AM     C:\Windows\winhlp32.exe --------- 9728   
  07/14/2009 03:14 AM     C:\Windows\twunk_32.exe --------- 31232   
  07/14/2009 01:06 AM     C:\Windows\mib.bin --------- 43131   
  06/10/2009 11:41 PM     C:\Windows\twunk_16.exe --------- 49680   
  06/10/2009 11:41 PM     C:\Windows\twain.dll --------- 94784   
  06/10/2009 11:08 PM     C:\Windows\system.ini --------- 219   
  06/10/2009 10:52 PM     C:\Windows\WMSysPr9.prx --------- 316640   
  06/10/2009 10:36 PM     C:\Windows\msdfmap.ini --------- 1405   
  06/10/2009 10:31 PM     C:\Windows\Ultimate.xml --------- 51867   
  06/10/2009 10:31 PM     C:\Windows\Starter.xml --------- 48201   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 09/14/2010 07:26 AM     C:\Windows\system32\perfh009.dat --------- 615122  
 09/14/2010 07:26 AM     C:\Windows\system32\perfc009.dat --------- 103496  
 09/14/2010 07:26 AM     C:\Windows\system32\PerfStringBackup.INI --------- 713888  
 09/14/2010 07:25 AM     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 18000  
 09/14/2010 07:25 AM     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 18000  
 09/13/2010 10:57 PM     C:\Windows\system32\catroot2 --------- 4096  
 09/12/2010 02:56 AM     C:\Windows\system32\config --------- 12288  
 09/09/2010 02:05 AM     C:\Windows\system32\catroot --------- 0  
 09/09/2010 02:05 AM     C:\Windows\system32\drivers --------- 65536  
 09/09/2010 01:31 AM     C:\Windows\system32\DriverStore --------- 4096  
 09/09/2010 12:43 AM     C:\Windows\system32\wdi --------- 4096  
 05/21/2010 11:14 PM     C:\Windows\system32\MpSigStub.exe --------- 270208  
 05/13/2010 06:58 PM     C:\Windows\system32\athurextx.cat --------- 7484  
 04/09/2010 10:51 PM     C:\Windows\system32\en-US --------- 327680  
 04/09/2010 10:51 PM     C:\Windows\system32\slwga.dll --------- 14848  
 04/09/2010 10:51 PM     C:\Windows\system32\systemcpl.dll --------- 419840  
 02/11/2010 12:00 PM     C:\Windows\system32\LogFiles --------- 4096  
 02/11/2010 04:38 AM     C:\Windows\system32\wrap_oal.dll --------- 466520  
 02/11/2010 04:38 AM     C:\Windows\system32\OpenAL32.dll --------- 122968  
 02/11/2010 03:59 AM     C:\Windows\system32\NDF --------- 0  
 02/04/2010 07:01 PM     C:\Windows\system32\XAPOFX1_4.dll --------- 78680  
 02/04/2010 07:01 PM     C:\Windows\system32\XAudio2_6.dll --------- 530776  
 02/04/2010 07:01 PM     C:\Windows\system32\xactengine3_6.dll --------- 176984  
 02/04/2010 07:01 PM     C:\Windows\system32\X3DAudio1_7.dll --------- 24920  
 01/26/2010 07:51 AM     C:\Windows\system32\Tasks --------- 4096  
 01/26/2010 01:21 AM     C:\Windows\system32\WavesGUILib.dll --------- 2719504  
 01/26/2010 01:21 AM     C:\Windows\system32\SRSWOW64.dll --------- 155888  
 01/26/2010 01:21 AM     C:\Windows\system32\SRSTSX64.dll --------- 518896  
 01/26/2010 01:21 AM     C:\Windows\system32\SRSTSH64.dll --------- 211184  
 01/26/2010 01:21 AM     C:\Windows\system32\SRSHP64.dll --------- 198896  
 01/26/2010 01:21 AM     C:\Windows\system32\RTSnMg64.cpl --------- 612384  
 01/26/2010 01:21 AM     C:\Windows\system32\RtPgEx64.dll --------- 1694240  
 01/26/2010 01:21 AM     C:\Windows\system32\RtlCPAPI64.dll --------- 332320  
 01/26/2010 01:21 AM     C:\Windows\system32\RtkCfg64.dll --------- 149536  
 01/26/2010 01:21 AM     C:\Windows\system32\RtkAPO64.dll --------- 1638944  
 01/26/2010 01:21 AM     C:\Windows\system32\RtkApi64.dll --------- 477216  
 01/26/2010 01:21 AM     C:\Windows\system32\RTCOM64.dll --------- 1201184  
 01/26/2010 01:21 AM     C:\Windows\system32\RP3DHT64.dll --------- 307920  
 01/26/2010 01:21 AM     C:\Windows\system32\RP3DAA64.dll --------- 307920  
 01/26/2010 01:21 AM     C:\Windows\system32\RCoInst64.dll --------- 68640  
 01/26/2010 01:21 AM     C:\Windows\system32\MaxxAudioEQ.dll --------- 2197264  
 01/26/2010 01:21 AM     C:\Windows\system32\MaxxAudioAPO20.dll --------- 325904  
 01/26/2010 01:21 AM     C:\Windows\system32\FMAPO64.dll --------- 328096  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSVoiceClarityDLL64.dll --------- 463632  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSS2SpeakerDLL64.dll --------- 1312016  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSS2HeadphoneDLL64.dll --------- 1164560  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSNeoPCDLL64.dll --------- 303888  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSLimiterDLL64.dll --------- 257296  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSLFXAPO64.dll --------- 123664  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSGFXAPO64.dll --------- 121104  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSGainCompensatorDLL64.dll --------- 256784  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSBoostDLL64.dll --------- 1098512  
 01/26/2010 01:21 AM     C:\Windows\system32\DTSBassEnhancementDLL64.dll --------- 491792  
 01/26/2010 01:21 AM     C:\Windows\system32\AERTAC64.dll --------- 168864  
 01/26/2010 01:21 AM     C:\Windows\system32\AERTAR64.dll --------- 108960  
 01/26/2010 12:27 AM     C:\Windows\system32\restore --------- 0  
 01/26/2010 12:10 AM     C:\Windows\system32\Recovery --------- 0  
 01/25/2010 07:23 PM     C:\Windows\system32\CodeIntegrity --------- 0  
 01/25/2010 07:13 PM     C:\Windows\system32\FNTCACHE.DAT --------- 274320  
 01/25/2010 07:12 PM     C:\Windows\system32\license.rtf --------- 42045  
 01/25/2010 07:11 PM     C:\Windows\system32\sysprep --------- 0  
 01/21/2010 07:16 AM     C:\Windows\system32\netathurx.inf --------- 17326  
 01/12/2010 09:19 AM     C:\Windows\system32\nvshext.dll --------- 61032  
 01/12/2010 06:03 AM     C:\Windows\system32\nvcompiler.dll --------- 16051304  
 01/12/2010 06:03 AM     C:\Windows\system32\nvcod189.dll --------- 202344  
 01/12/2010 06:03 AM     C:\Windows\system32\nvudisp.exe --------- 645736  
 01/12/2010 06:03 AM     C:\Windows\system32\OpenCL.dll --------- 65640  
 01/12/2010 06:03 AM     C:\Windows\system32\dpinst.exe --------- 930272  
 01/12/2010 06:03 AM     C:\Windows\system32\nvinfo.pb --------- 9163  
 01/06/2010 04:23 AM     C:\Windows\system32\athurx.sys --------- 1847296  
 12/16/2009 04:26 AM     C:\Windows\system32\RTEEP64A.dll --------- 372936  
 12/16/2009 04:26 AM     C:\Windows\system32\RTEEG64A.dll --------- 76488  
 12/16/2009 04:26 AM     C:\Windows\system32\RTEEL64A.dll --------- 99016  
 12/16/2009 04:26 AM     C:\Windows\system32\RTEED64A.dll --------- 201928  
 09/28/2009 03:24 AM     C:\Windows\system32\nvcpl.cpl --------- 410728  
 09/28/2009 03:24 AM     C:\Windows\system32\nvcplui.exe --------- 3778664  
 09/28/2009 03:23 AM     C:\Windows\system32\nvwss.dll --------- 3746920  
 09/28/2009 03:23 AM     C:\Windows\system32\nvsvs.dll --------- 1646696  
 09/28/2009 03:23 AM     C:\Windows\system32\nvvitvs.dll --------- 4546152  
 09/28/2009 03:23 AM     C:\Windows\system32\nvmobls.dll --------- 1647720  
 09/28/2009 03:23 AM     C:\Windows\system32\nvmccss.dll --------- 289896  
 09/28/2009 03:22 AM     C:\Windows\system32\NvwsApps.xml --------- 68587  
 09/28/2009 03:22 AM     C:\Windows\system32\NvApps.xml --------- 253738  
 09/28/2009 03:22 AM     C:\Windows\system32\nvdisps.dll --------- 5426792  
 09/28/2009 03:22 AM     C:\Windows\system32\nvmctray.dll --------- 82536  
 09/28/2009 03:22 AM     C:\Windows\system32\nvvsvc.exe --------- 383592  
 09/28/2009 03:22 AM     C:\Windows\system32\nvgames.dll --------- 5208168  
 09/28/2009 03:22 AM     C:\Windows\system32\nvcpl.dll --------- 16666728  
 09/28/2009 03:22 AM     C:\Windows\system32\nvsvc64.dll --------- 991848  
 09/28/2009 01:12 AM     C:\Windows\system32\nvcuda.dll --------- 2633320  
 09/28/2009 01:12 AM     C:\Windows\system32\nvencodemft.dll --------- 2152552  
 09/28/2009 01:12 AM     C:\Windows\system32\nvcod.dll --------- 183912  
 09/28/2009 01:12 AM     C:\Windows\system32\nvcod167.dll --------- 183912  
 09/28/2009 01:12 AM     C:\Windows\system32\nvd3dumx.dll --------- 9441384  
 09/28/2009 01:12 AM     C:\Windows\system32\nvdecodemft.dll --------- 335464  
 09/28/2009 01:12 AM     C:\Windows\system32\nvwgf2umx.dll --------- 4599912  
 09/28/2009 01:12 AM     C:\Windows\system32\nvcuvenc.dll --------- 1734248  
 09/28/2009 01:12 AM     C:\Windows\system32\nvoglv64.dll --------- 15387752  
 09/28/2009 01:12 AM     C:\Windows\system32\nvdisp.nvu --------- 14646  
 09/28/2009 01:12 AM     C:\Windows\system32\nvapi64.dll --------- 1322088  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 09/14/2010 07:20 AM     C:\Windows\Tasks\SA.DAT --------- 6  
 07/14/2009 07:08 AM     C:\Windows\Tasks\SCHEDLGU.TXT --------- 17108  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\WILLSP~1\AppData\Local\Temp

 09/14/2010 08:12 AM     C:\Users\WILLSP~1\AppData\Local\Temp\Rar$DI00.676 --------- 0  
 09/14/2010 07:56 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-3 --------- 0  
 09/14/2010 07:20 AM     C:\Users\WILLSP~1\AppData\Local\Temp\WPDNSE --------- 0  
 09/14/2010 07:20 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divAAF5.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{EEDB4D36-1D07-4BF0-A8EC-C061B0315371} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{E09E42F6-62D2-4D57-AF97-558287C7923C} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{DA1C0664-7E0A-4A43-8E6F-846FECA80946} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{9EB614AC-FEAD-44E9-932E-0D952B38C605} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{91839B6C-B26E-4778-A4B1-7EF34AFDD844} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{90FA6AD2-EEEA-4ACF-AC97-95B788DED9D8} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{70FF7DF1-E69E-47df-9AA6-F062FADD6146} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{6CD8DBC8-3F21-49ED-BDAF-1DA0F166C8C7} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{65DEDEC7-688C-4459-9BC2-0888A5597016} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{5D3661B2-F687-4148-A748-8D4DA81AE6D7} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{5007060A-8B71-4A48-B103-0603370CF84E} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{4E248BBA-54B1-4662-9D47-879A746B4A17} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Temp2_wg111v2_3_4_0.zip --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{4BC5C943-F14F-4991-A909-CED8E96A4C7D} --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Temp1_wg111v2_3_4_0.zip --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\ispF64C.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\ispDD9E.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\isp814C.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\isp3ABC.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divF4A1.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\isp3600.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divF1A3.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divDEB9.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divCB66.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divB92E.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divB6CC.tmp --------- 0  
 09/13/2010 11:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\ckz_A1DR --------- 0  
 09/13/2010 07:58 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-2 --------- 0  
 09/13/2010 06:42 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{9F7558F6-3929-4452-8527-EC843CA0736B} --------- 0  
 09/12/2010 07:58 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-1 --------- 0  
 09/10/2010 02:10 PM     C:\Users\WILLSP~1\AppData\Local\Temp\UCDebugger --------- 0  
 09/09/2010 05:30 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp --------- 0  
 09/09/2010 01:40 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{03380CD1-9E95-4B37-89C3-BCF6539C30A1} --------- 0  
 09/09/2010 01:35 AM     C:\Users\WILLSP~1\AppData\Local\Temp\Low --------- 0  
 09/09/2010 01:31 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{E368AB75-F39E-44A2-906C-75D0724B50F1} --------- 0  
 09/09/2010 12:39 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{C34F19B0-ABE3-4E61-ADED-83AB3A5E8ACB} --------- 0  
 09/09/2010 12:39 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{AFED87D1-74BF-4851-8D10-A5EC217FAB17} --------- 0  
 09/09/2010 12:39 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{370FB9C0-76BC-4144-B279-7958D5A2E575} --------- 0  
 08/24/2010 02:33 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{EEAE0423-29D9-4B17-99F0-AA52CAA5ED0B} --------- 0  
 08/24/2010 02:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{14EF48BB-4241-4149-925D-6ADE89F02996} --------- 0  
 08/24/2010 02:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\pftE903.tmp --------- 0  
 08/24/2010 01:56 AM     C:\Users\WILLSP~1\AppData\Local\Temp\Testaware --------- 0  
 08/24/2010 12:22 AM     C:\Users\WILLSP~1\AppData\Local\Temp\bye2C57.tmp --------- 0  
 08/24/2010 12:22 AM     C:\Users\WILLSP~1\AppData\Local\Temp\byeDD1D.tmp --------- 0  
 08/24/2010 12:21 AM     C:\Users\WILLSP~1\AppData\Local\Temp\bye6E27.tmp --------- 0  
 08/24/2010 12:21 AM     C:\Users\WILLSP~1\AppData\Local\Temp\byeF5AB.tmp --------- 0  
 08/24/2010 12:20 AM     C:\Users\WILLSP~1\AppData\Local\Temp\bye8B78.tmp --------- 0  
 08/24/2010 12:20 AM     C:\Users\WILLSP~1\AppData\Local\Temp\bye3A5A.tmp --------- 0  
 08/24/2010 12:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\AUG2005DXREDIST --------- 0  
 08/20/2010 10:55 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{1c19395b-2972-4a0b-bb06-f149c800a3dc} --------- 0  
 04/09/2010 03:10 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{b0105f35-87a0-4a51-8cd4-46aafa96998e} --------- 0  
 02/25/2010 03:06 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Metro 2033_disk1.sim --------- 8974  
 02/11/2010 12:36 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{b96489d4-a438-4ab5-bb54-4e9ea7eb24bf} --------- 0  
 02/11/2010 08:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{d862a78b-bb85-47f2-9af6-bc93ff955f5a} --------- 0  
 02/11/2010 07:24 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65} --------- 0  
 02/11/2010 07:08 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{E35B3C63-E958-4E31-A178-95D22024109A} --------- 0  
 02/11/2010 06:15 AM     C:\Users\WILLSP~1\AppData\Local\Temp\dirt2_Data_DFE --------- 0  
 02/11/2010 03:59 AM     C:\Users\WILLSP~1\AppData\Local\Temp\msdtadmin --------- 0  
 02/11/2010 03:59 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp1704.tmp --------- 0  
 01/28/2010 03:52 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{8d3c4155-d076-4d0c-9d5e-89d6bb88fdf6} --------- 0  
 01/28/2010 03:41 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{a995864b-3323-486f-8649-62fc21e8cb28} --------- 0  
 01/28/2010 03:41 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{533d32a0-40f8-4538-97d4-88cdce6fdd00} --------- 0  
 01/28/2010 03:19 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{50f47146-63bc-4a82-ab42-2712be4a2576} --------- 0  
 01/28/2010 01:40 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{19ACC836-2708-4E5A-86BC-86406636E6D8} --------- 0  
 01/26/2010 01:05 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{0FC5201A-EF90-42E8-97ED-E6D69F4328C2} --------- 0  
 01/26/2010 01:04 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{6cf3fd45-c042-489b-aa24-b2abc80344d8} --------- 0  
 01/26/2010 01:03 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{2FB54804-F368-49B1-B185-20762D0B34D7} --------- 0  
 01/26/2010 01:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{06BC3F63-1C0A-444F-94C2-1BCDF8226A44} --------- 0  
 01/26/2010 01:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{1a4834e2-ccb8-4756-9b9e-424f9f43c73b} --------- 0  
 01/26/2010 01:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{F0787494-9620-4B86-A40D-C67A3246853D} --------- 0  
 01/26/2010 01:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{3A6D79D7-DD8B-468C-AB0E-1B5CB3CD6767} --------- 0  
 01/26/2010 12:53 AM     C:\Users\WILLSP~1\AppData\Local\Temp\pft361B.tmp --------- 0  
 01/26/2010 12:53 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{74aba1d9-6f77-4a7e-8c10-62ce19ad5c65} --------- 0  
 01/26/2010 12:50 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{5D96625A-3AE2-4E9F-8AD4-9935A2177B0B} --------- 0  
 01/26/2010 12:46 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{664830F8-C0F6-4296-AAC2-F39369F5EF03} --------- 0  
 01/26/2010 12:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\{7ce60f85-c90a-4cfa-bcc0-10ae812958b3} --------- 0  
 01/26/2010 12:11 AM     C:\Users\WILLSP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 04/30/2009 04:04 AM     C:\Users\WILLSP~1\AppData\Local\Temp\msvcr80.dll --------- 626688  
 04/30/2009 04:04 AM     C:\Users\WILLSP~1\AppData\Local\Temp\zlib1.dll --------- 75264  
 04/30/2009 04:04 AM     C:\Users\WILLSP~1\AppData\Local\Temp\SimPack.exe --------- 81408  
 07/25/2007 10:51 PM     C:\Users\WILLSP~1\AppData\Local\Temp\set6F19.tmp --------- 4493032  
 07/25/2007 10:51 PM     C:\Users\WILLSP~1\AppData\Local\Temp\set2479.tmp --------- 4493032  
----------------------------------------

 
C:\Program Files

 09/11/2010 05:27 AM     C:\Program Files\DivX --------- 0  
 01/28/2010 12:28 AM     C:\Program Files\WinRAR --------- 4096  
 01/26/2010 01:22 AM     C:\Program Files\Realtek --------- 0  
 01/26/2010 12:50 AM     C:\Program Files\NVIDIA Corporation --------- 0  
 07/14/2009 09:47 AM     C:\Program Files\DVD Maker --------- 4096  
 07/14/2009 09:46 AM     C:\Program Files\Windows Journal --------- 4096  
 07/14/2009 09:46 AM     C:\Program Files\Microsoft Games --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Sidebar --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Mail --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Internet Explorer --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Media Player --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Defender --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Photo Viewer --------- 4096  
 07/14/2009 07:32 AM     C:\Program Files\Windows Portable Devices --------- 0  
 07/14/2009 07:32 AM     C:\Program Files\Windows NT --------- 0  
 07/14/2009 07:32 AM     C:\Program Files\MSBuild --------- 0  
 07/14/2009 07:32 AM     C:\Program Files\Reference Assemblies --------- 0  
 07/14/2009 07:09 AM     C:\Program Files\Uninstall Information --------- 0  
 07/14/2009 06:54 AM     C:\Program Files\desktop.ini --------- 174  
 07/14/2009 05:20 AM     C:\Program Files\Common Files --------- 4096  
----------------------------------------

 
C:\ProgramData\.. 

Will    
Will SPliff    
Administrator    
Public    
Default    
Default User    
All Users    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0      1,712 K
smss.exe                       276 Services                   0        756 K
csrss.exe                      408 Services                   0      3,176 K
wininit.exe                    476 Services                   0      3,280 K
csrss.exe                      508 Console                    1      8,240 K
services.exe                   532 Services                   0      6,736 K
lsass.exe                      556 Services                   0      8,536 K
lsm.exe                        564 Services                   0      3,188 K
winlogon.exe                   624 Console                    1      5,044 K
svchost.exe                    704 Services                   0      6,912 K
nvvsvc.exe                     780 Services                   0      3,012 K
svchost.exe                    820 Services                   0      6,068 K
svchost.exe                    868 Services                   0     19,328 K
svchost.exe                    960 Services                   0     81,644 K
svchost.exe                   1012 Services                   0     27,732 K
audiodg.exe                    304 Services                   0     33,388 K
svchost.exe                    404 Services                   0     11,468 K
nvvsvc.exe                    1128 Console                    1      6,128 K
svchost.exe                   1200 Services                   0     11,576 K
spoolsv.exe                   1428 Services                   0      6,552 K
sched.exe                     1464 Services                   0      2,000 K
svchost.exe                   1484 Services                   0      8,892 K
avguard.exe                   1612 Services                   0     14,056 K
WinService.exe                1680 Services                   0      3,492 K
nvSCPAPISvr.exe               1780 Services                   0      3,664 K
SDWinSec.exe                  2000 Services                   0      7,220 K
avshadow.exe                  1176 Services                   0      2,524 K
conhost.exe                   1236 Services                   0      1,780 K
svchost.exe                   2228 Services                   0      4,092 K
taskhost.exe                  2400 Console                    1      6,120 K
dwm.exe                       2472 Console                    1     20,292 K
explorer.exe                  2516 Console                    1     47,940 K
RAVCpl64.exe                  2688 Console                    1      7,000 K
DTLite.exe                    2700 Console                    1      5,188 K
uTorrent.exe                  2756 Console                    1      8,580 K
TeaTimer.exe                  2804 Console                    1     74,732 K
avgnt.exe                     2928 Console                    1      2,792 K
DivXUpdate.exe                2948 Console                    1      9,932 K
SearchIndexer.exe             2292 Services                   0     18,448 K
wmpnetwk.exe                  2748 Services                   0      9,372 K
svchost.exe                   3000 Services                   0     11,672 K
Wow.exe                       3584 Console                    1    199,016 K
firefox.exe                   3600 Console                    1    106,820 K
plugin-container.exe          3952 Console                    1     21,024 K
svchost.exe                    908 Services                   0     29,308 K
wmplayer.exe                  2540 Console                    1     57,864 K
notepad.exe                   3260 Console                    1      5,964 K
notepad.exe                   2208 Console                    1      5,920 K
SearchProtocolHost.exe        2624 Services                   0      7,964 K
SearchFilterHost.exe           976 Services                   0      6,156 K
WinRAR.exe                    3184 Console                    1     14,812 K
cmd.exe                       2892 Console                    1      3,352 K
conhost.exe                   4064 Console                    1      4,888 K
tasklist.exe                  1756 Console                    1      5,116 K
WmiPrvSE.exe                  2216 Services                   0      5,744 K

 
***** Ende des Scans Tue 09/14/2010 um  8:13:19.86 ***

laptop kommt in der naechsten antwort von mir damit das uebersichtlicher ist

kira · 09.09.2010, 13:16

Zitat:

Zitat von mcpappe

laptop kommt in der naechsten antwort von mir damit das uebersichtlicher ist

nein...einen neuen Thread bitte für dein Lapi aufmachen

- Punkt 4. fehlt noch:-> http://www.trojaner-board.de/90534-m...tml#post565622
- auf dem ersten Blick ist nicht zu sehen, aber DAEMON Tools und uTorrent sorgen nicht direkt für Sicherheit deines Systems .."wahlweise" werden Adware mitinsalliert, oder ermöglicht das ungewollt zu tun ...

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

2.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
→ Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
→ Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
→ Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ Internetoptionen→ Sicherheit":
→ alles auf Standardstufe stellen
→ Active X erlauben - damit die neue Virendefinitionen installiert werden können

mcpappe · 10.09.2010, 10:06

nachtrag die listen von meinem Laptop
logfile of random's system information
[code
RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by Will Spliff at 2010-09-10 10:54:03
Microsoft Windows 7 Ultimate  
System drive C: has 17 GB (6%) free of 283 GB
Total RAM: 4095 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:07 AM, on 9/10/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Will Spliff\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Will Spliff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Will Spliff\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8630 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-27 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-06 2260480]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-08-29 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-09-10 10:54:04 ----D---- C:\Program Files (x86)\trend micro
2010-09-10 10:54:03 ----D---- C:\rsit
2010-09-08 20:42:55 ----D---- C:\Windows\rescache
2010-09-06 00:13:40 ----D---- C:\Windows\SysWOW64\Wat
2010-09-05 22:05:50 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-09-05 22:00:56 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-09-05 21:55:13 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-09-05 21:55:13 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-09-05 21:55:01 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-09-05 21:54:56 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-09-05 21:54:39 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-09-05 21:54:36 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-09-05 21:54:34 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-09-05 21:54:32 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-09-05 21:54:25 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-09-05 21:54:24 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2010-09-05 21:54:21 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-09-05 21:54:19 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-09-05 21:54:18 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-09-05 21:54:17 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-09-05 21:54:17 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-09-05 21:54:16 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-09-05 21:54:15 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-09-05 21:53:53 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-09-05 21:53:50 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-09-05 21:53:48 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-09-05 21:53:38 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-09-05 21:53:38 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-09-05 21:53:29 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-09-05 21:53:26 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-09-05 21:53:24 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-09-05 21:53:23 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-09-05 21:53:22 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-09-05 21:53:19 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-09-05 21:53:17 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-09-05 21:53:17 ----A---- C:\Windows\explorer.exe
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\wow32.dll
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\user.exe
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\setup16.exe
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2010-09-05 21:53:14 ----A---- C:\Windows\SysWOW64\instnm.exe
2010-09-05 21:53:13 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-09-05 21:53:01 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-09-05 21:52:51 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-09-05 21:52:48 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-09-05 21:52:45 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-09-05 21:52:43 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-09-05 21:52:42 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-09-05 21:52:37 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-09-05 21:52:36 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-09-05 21:52:33 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-09-05 21:13:49 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-09-05 21:13:48 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-09-01 09:47:46 ----D---- C:\Users\Will Spliff\AppData\Roaming\gtk-2.0
2010-08-29 23:35:54 ----D---- C:\Windows\Internet Logs
2010-08-29 21:16:08 ----D---- C:\Users\Will Spliff\AppData\Roaming\vlc
2010-08-29 21:15:43 ----D---- C:\Program Files (x86)\VideoLAN
2010-08-29 16:09:36 ----D---- C:\Windows\PCHEALTH
2010-08-29 16:09:36 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-08-29 16:07:46 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-08-29 16:06:36 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-08-29 16:06:01 ----D---- C:\Program Files (x86)\Microsoft Office
2010-08-29 16:05:55 ----D---- C:\ProgramData\Microsoft Help
2010-08-29 16:05:33 ----RHD---- C:\MSOCache
2010-08-24 11:55:03 ----D---- C:\Users\Will Spliff\AppData\Roaming\Foxit Software
2010-08-24 11:49:52 ----D---- C:\Program Files (x86)\Foxit Software
2010-08-20 23:00:24 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-08-20 23:00:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-08-20 23:00:23 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-08-20 23:00:22 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-08-20 23:00:20 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-08-20 23:00:19 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-08-20 23:00:18 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-08-20 23:00:17 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-08-20 23:00:16 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-08-20 23:00:15 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-08-20 23:00:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-08-20 23:00:13 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-08-20 22:43:20 ----D---- C:\Program Files (x86)\1C Company
2010-08-19 01:21:36 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-08-19 01:21:35 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-08-19 01:21:35 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-08-19 01:21:34 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-08-19 01:21:34 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-08-19 01:21:33 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-08-19 01:21:33 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-08-19 01:21:32 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-08-19 01:21:32 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-08-19 01:21:31 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-08-19 01:21:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-08-19 01:21:29 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-08-19 01:21:28 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-08-19 01:21:28 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-08-19 01:21:27 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-08-19 01:21:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-08-19 01:21:26 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-08-19 01:21:26 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-08-19 01:21:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-08-19 01:21:24 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-08-19 01:21:23 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-08-19 01:21:22 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-08-19 01:21:21 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-08-19 01:21:20 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-08-19 01:21:20 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-08-19 01:10:14 ----D---- C:\Program Files (x86)\Nobilis
2010-08-18 12:08:38 ----D---- C:\Users\Will Spliff\AppData\Roaming\WinRAR
2010-08-14 22:11:06 ----D---- C:\Users\Will Spliff\AppData\Roaming\.purple
2010-08-14 22:10:43 ----D---- C:\Program Files (x86)\Pidgin
2010-08-14 17:54:30 ----D---- C:\Program Files (x86)\MP3 Player Utilities 4.17
2010-08-14 15:25:58 ----D---- C:\Program Files (x86)\Lavalys
2010-08-13 23:37:50 ----D---- C:\Users\Will Spliff\AppData\Roaming\TuneUp Software
2010-08-13 23:37:14 ----D---- C:\ProgramData\TuneUp Software
2010-08-13 23:37:09 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-13 20:07:22 ----D---- C:\Users\Will Spliff\AppData\Roaming\TS3Client
2010-08-13 20:00:43 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2010-08-13 19:32:26 ----D---- C:\Users\Will Spliff\AppData\Roaming\skypePM
2010-08-13 19:31:35 ----D---- C:\Users\Will Spliff\AppData\Roaming\Skype
2010-08-13 19:31:14 ----RD---- C:\Program Files (x86)\Skype
2010-08-13 19:31:14 ----D---- C:\Program Files (x86)\Common Files\Skype
2010-08-13 19:31:09 ----D---- C:\ProgramData\Skype
2010-08-02 19:32:40 ----D---- C:\Users\Will Spliff\AppData\Roaming\ROUTE 66 Sync
2010-08-02 19:32:21 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-02 19:31:56 ----D---- C:\Program Files (x86)\Common Files\ROUTE 66
2010-08-02 19:31:54 ----D---- C:\Program Files (x86)\ROUTE 66
2010-07-31 20:45:46 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-07-31 20:45:31 ----D---- C:\Program Files (x86)\DivX
2010-07-31 20:44:50 ----D---- C:\ProgramData\DivX
2010-07-31 20:09:36 ----D---- C:\Windows\Minidump
2010-07-31 20:09:29 ----A---- C:\Windows\ntbtlog.txt
2010-07-31 13:05:41 ----D---- C:\Windows\pss
2010-07-30 18:02:54 ----D---- C:\Users\Will Spliff\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-30 18:02:33 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-07-30 18:02:32 ----D---- C:\Program Files (x86)\DVDVideoSoft
2010-07-30 17:59:44 ----D---- C:\Program Files (x86)\VirtualDJ
2010-07-29 19:03:06 ----D---- C:\Program Files (x86)\Runes of Magic
2010-07-29 16:50:58 ----D---- C:\ProgramData\TrackMania
2010-07-29 16:40:54 ----D---- C:\ProgramData\ATI
2010-07-29 16:40:53 ----D---- C:\Users\Will Spliff\AppData\Roaming\ATI
2010-07-29 16:34:13 ----D---- C:\Program Files (x86)\ATI Technologies
2010-07-29 16:31:35 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-07-29 16:31:34 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-07-29 16:31:32 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-07-29 16:31:10 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-07-29 16:31:05 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-07-29 16:31:05 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-07-29 16:31:04 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-07-29 16:31:02 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-07-29 16:31:01 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-07-29 16:31:00 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-07-29 16:30:59 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-07-29 16:30:58 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-07-29 16:23:31 ----D---- C:\Program Files (x86)\TmUnitedForever
2010-07-29 16:18:52 ----A---- C:\Windows\SysWOW64\drivers\mcdbus.sys
2010-07-29 16:18:50 ----D---- C:\Program Files (x86)\MagicDisc
2010-07-29 16:11:05 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-07-29 16:10:43 ----D---- C:\Users\Will Spliff\AppData\Roaming\DAEMON Tools Lite
2010-07-29 16:10:39 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-07-29 16:07:51 ----D---- C:\Users\Will Spliff\AppData\Roaming\DAEMON Tools Pro
2010-07-29 16:07:51 ----D---- C:\ProgramData\DAEMON Tools Pro
2010-07-29 15:30:28 ----D---- C:\Program Files (x86)\uTorrent
2010-07-29 15:30:04 ----D---- C:\Users\Will Spliff\AppData\Roaming\uTorrent
2010-07-29 14:35:41 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-29 14:35:41 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-07-29 14:29:04 ----D---- C:\Users\Will Spliff\AppData\Roaming\CheckPoint
2010-07-29 14:28:37 ----D---- C:\Program Files (x86)\Conduit
2010-07-29 14:28:22 ----A---- C:\Windows\SysWOW64\vsutil_loc0407.dll
2010-07-29 14:25:19 ----D---- C:\ProgramData\CheckPoint
2010-07-29 12:06:37 ----D---- C:\Users\Will Spliff\AppData\Roaming\Mozilla
2010-07-29 12:06:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-07-29 04:38:39 ----D---- C:\Windows\Panther
2010-07-29 04:23:50 ----D---- C:\Windows.old
2010-07-29 04:05:21 ----D---- C:\Users\Will Spliff\AppData\Roaming\Identities
2010-07-29 04:04:41 ----SD---- C:\Users\Will Spliff\AppData\Roaming\Microsoft
2010-07-29 04:04:41 ----D---- C:\Users\Will Spliff\AppData\Roaming\Media Center Programs
2010-07-29 03:43:05 ----D---- C:\Windows\SoftwareDistribution
2010-07-29 03:40:37 ----D---- C:\Windows\Prefetch
2010-07-29 02:01:58 ----D---- C:\Users\Will Spliff\AppData\Roaming\Macromedia
2010-07-29 02:01:58 ----D---- C:\Users\Will Spliff\AppData\Roaming\Adobe
2010-07-29 02:01:53 ----D---- C:\Windows\SysWOW64\Macromed
2010-07-29 02:00:40 ----D---- C:\ProgramData\NOS
2010-07-28 21:15:19 ----D---- C:\Users\Will Spliff\AppData\Roaming\Avira
2010-07-28 21:12:43 ----A---- C:\Windows\SysWOW64\drivers\avgntmgr.sys
2010-07-28 21:12:43 ----A---- C:\Windows\SysWOW64\drivers\avgntdd.sys
2010-07-28 21:12:42 ----D---- C:\ProgramData\Avira
2010-07-28 21:12:42 ----D---- C:\Program Files (x86)\Avira
2010-07-28 21:11:45 ----SHD---- C:\Windows\Installer
2010-07-25 10:43:35 ----D---- C:\CrashReport
2010-07-07 03:55:08 ----A---- C:\Windows\SysWOW64\atioglxx.dll
2010-07-07 03:54:08 ----A---- C:\Windows\SysWOW64\aticfx32.dll
2010-07-07 03:49:28 ----A---- C:\Windows\SysWOW64\atipdlxx.dll
2010-07-07 03:49:18 ----A---- C:\Windows\SysWOW64\Oemdspif.dll
2010-07-07 03:49:06 ----A---- C:\Windows\SysWOW64\ati2edxx.dll
2010-07-07 03:46:26 ----A---- C:\Windows\SysWOW64\atidxx32.dll
2010-07-07 03:29:24 ----A---- C:\Windows\SysWOW64\aticalrt.dll
2010-07-07 03:29:14 ----A---- C:\Windows\SysWOW64\aticalcl.dll
2010-07-07 03:28:20 ----A---- C:\Windows\SysWOW64\atiumdag.dll
2010-07-07 03:27:58 ----A---- C:\Windows\SysWOW64\aticaldd.dll
2010-07-07 03:23:14 ----A---- C:\Windows\SysWOW64\atiumdva.dll
2010-07-07 03:16:02 ----A---- C:\Windows\SysWOW64\atiadlxy.dll
2010-07-07 03:15:50 ----A---- C:\Windows\SysWOW64\atiglpxx.dll
2010-07-07 03:15:46 ----A---- C:\Windows\SysWOW64\atigktxx.dll
2010-07-07 03:14:58 ----A---- C:\Windows\SysWOW64\atiuxpag.dll
2010-07-07 03:14:44 ----A---- C:\Windows\SysWOW64\atiu9pag.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SysWOW64\atimpc32.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SysWOW64\amdpcom32.dll

======List of files/folders modified in the last 3 months======

2010-09-10 10:54:06 ----D---- C:\Windows\Temp
2010-09-10 10:54:04 ----RD---- C:\Program Files (x86)
2010-09-10 10:49:07 ----D---- C:\Windows\System32
2010-09-10 10:49:06 ----D---- C:\Windows\inf
2010-09-09 00:00:09 ----SHD---- C:\System Volume Information
2010-09-08 20:42:55 ----D---- C:\Windows
2010-09-08 20:18:53 ----D---- C:\Windows\Microsoft.NET
2010-09-08 20:18:37 ----RSD---- C:\Windows\assembly
2010-09-06 08:03:38 ----D---- C:\Windows\winsxs
2010-09-06 00:13:51 ----D---- C:\Windows\SysWOW64
2010-09-06 00:13:49 ----D---- C:\Program Files (x86)\Windows Media Player
2010-09-06 00:13:47 ----D---- C:\Program Files (x86)\Windows Mail
2010-09-06 00:13:45 ----D---- C:\Windows\SysWOW64\migration
2010-09-06 00:13:45 ----D---- C:\Program Files (x86)\Internet Explorer
2010-09-06 00:13:43 ----D---- C:\Windows\AppPatch
2010-09-06 00:13:40 ----D---- C:\Windows\ehome
2010-09-05 21:57:59 ----D---- C:\Windows\SysWOW64\en-US
2010-09-05 21:56:06 ----D---- C:\Windows\debug
2010-09-05 21:05:54 ----D---- C:\Windows\Logs
2010-09-03 20:26:17 ----D---- C:\Spiele
2010-08-29 23:35:56 ----HD---- C:\ProgramData
2010-08-29 16:11:38 ----RSD---- C:\Windows\Fonts
2010-08-29 16:11:37 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-08-29 16:11:25 ----D---- C:\Windows\ShellNew
2010-08-29 16:10:20 ----RD---- C:\Program Files
2010-08-29 16:10:05 ----D---- C:\Program Files (x86)\MSBuild
2010-08-29 16:09:36 ----SD---- C:\ProgramData\Microsoft
2010-08-29 16:07:01 ----A---- C:\Windows\win.ini
2010-08-15 11:48:18 ----RD---- C:\Users
2010-08-14 17:54:38 ----D---- C:\Windows\SysWOW64\drivers
2010-08-13 19:31:14 ----D---- C:\Program Files (x86)\Common Files
2010-07-29 13:40:20 ----D---- C:\Windows\Downloaded Program Files
2010-07-29 04:38:34 ----RASH---- C:\BOOTSECT.BAK
2010-07-29 04:38:31 ----SHD---- C:\Boot
2010-07-29 04:05:12 ----SHD---- C:\$Recycle.Bin
2010-07-29 04:03:05 ----D---- C:\Windows\Setup
2010-07-29 03:59:48 ----SHD---- C:\Recovery
2010-07-29 03:40:32 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-25 255552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 aufghyde;aufghyde; C:\Windows\SysWOW64\drivers\aufghyde.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

--- --- ---

info von rsit
[code]
info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.08 2010-09-10 10:54:10

======Uninstall list======

µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EVEREST Home Edition v2.20-->"C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Free Audio CD Burner version 1.4-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.7-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
King’s Bounty: The Legend (Nur entfernen)-->"C:\Program Files (x86)\Nobilis\King's Bounty\unins000.exe"
Kings Bounty Armored Princess-->"C:\Program Files (x86)\1C Company\Kings Bounty Armored Princess\unins000.exe"
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.17-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
ROUTE 66 Sync-->C:\Program Files (x86)\InstallShield Installation Information\{DB306600-E862-43B3-9C52-CA1D6C5B192B}\setup.exe -runfromtemp -l0x0407
Runes of Magic-->"C:\Program Files (x86)\Runes of Magic\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
TmUnitedForever Update 2010-03-15-->"C:\Program Files (x86)\TmUnitedForever\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

======System event log======

Computer Name: WillSpliff-PC
Event Code: 6008
Message: The previous system shutdown at 4:38:18 AM on ?7/?29/?2010 was unexpected.
Record Number: 817
Source Name: EventLog
Time Written: 20100729113931.000000-000
Event Type: Error
User: 

Computer Name: WillSpliff-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
Record Number: 787
Source Name: Microsoft-Windows-HAL
Time Written: 20100729003305.702326-000
Event Type: Error
User: 

Computer Name: WillSpliff-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 681
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100728223409.402251-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WillSpliff-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 452
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100729020308.868944-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WillSpliff-PC
Event Code: 7023
Message: The Windows Search service terminated with the following error: 
The media is write protected.
Record Number: 356
Source Name: Service Control Manager
Time Written: 20100729015509.937781-000
Event Type: Error
User: 

=====Application event log=====

Computer Name: WillSpliff-PC
Event Code: 33
Message: Activation context generation failed for "C:\Users\WILLSP~1\AppData\Local\Temp\RarSFX0\redist.dll". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 228
Source Name: SideBySide
Time Written: 20100728191143.000000-000
Event Type: Error
User: 

Computer Name: WillSpliff-PC
Event Code: 11
Message: Possible Memory Leak.  Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 748) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.  The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20).  User Action: Contact your application vendor for an updated version of the application.
Record Number: 220
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100729020816.207357-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: WillSpliff-PC
Event Code: 6003
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
Record Number: 188
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100729020308.000000-000
Event Type: Warning
User: 

Computer Name: WillSpliff-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 

Record Number: 170
Source Name: Microsoft-Windows-Search
Time Written: 20100729015949.000000-000
Event Type: Warning
User: 

Computer Name: 37L4247E29-32
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 

Record Number: 163
Source Name: Microsoft-Windows-Search
Time Written: 20100729015455.000000-000
Event Type: Warning
User: 

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
	Security ID:		S-1-5-18
	Account Name:		37L4247E29-32$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7

Group:
	Security ID:		S-1-5-32-551
	Group Name:		Backup Operators
	Group Domain:		Builtin

Changed Attributes:
	SAM Account Name:	-
	SID History:		-

Additional Information:
	Privileges:		-
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013959.612166-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
	Security ID:		S-1-5-18
	Account Name:		37L4247E29-32$
	Account Domain:		WORKGROUP
	Logon ID:		0x3e7

New Group:
	Security ID:		S-1-5-32-551
	Group Name:		Backup Operators
	Group Domain:		Builtin

Attributes:
	SAM Account Name:	Backup Operators
	SID History:		-

Additional Information:
	Privileges:		-
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013959.612166-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:	0
Policy ID:	0x314ba
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013958.863363-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
	Security ID:		S-1-0-0
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			0

New Logon:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3e7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x4
	Process Name:		

Network Information:
	Workstation Name:	-
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		-
	Authentication Package:	-
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013955.587352-000
Event Type: Audit Success
User: 

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100729013955.462551-000
Event Type: Audit Success
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"tvdumpflags"=8

-----------------EOF-----------------

--- --- ---

hjtscanlist

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

  09/10/2010 10:54 AM     C:\rsit --------- 0   
  09/10/2010 10:54 AM     C:\Program Files (x86) --------- 12288   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  09/09/2010 12:00 AM     C:\System Volume Information --------- 16384   
  09/08/2010 08:42 PM     C:\Windows --------- 16384   
  09/03/2010 08:26 PM     C:\Spiele --------- 8192   
  09/03/2010 04:37 PM     C:\Windows.old --------- 4096   
  08/29/2010 11:35 PM     C:\ProgramData --------- 4096   
  08/29/2010 04:10 PM     C:\Program Files --------- 8192   
  08/29/2010 04:05 PM     C:\MSOCache --------- 0   
  08/15/2010 11:48 AM     C:\Users --------- 4096   
  07/29/2010 04:38 AM     C:\BOOTSECT.BAK --------- 8192   
  07/29/2010 04:38 AM     C:\Boot --------- 4096   
  07/29/2010 04:05 AM     C:\$Recycle.Bin --------- 0   
  07/29/2010 04:03 AM     C:\LMBUI --------- 206312   
  07/29/2010 04:03 AM     C:\wedaolu --------- 9   
  07/29/2010 03:59 AM     C:\Recovery --------- 0   
  07/25/2010 10:43 AM     C:\CrashReport --------- 0   
  04/10/2010 03:39 AM     C:\Nexon --------- 0   
  04/04/2010 05:48 PM     C:\AMD --------- 0   
  02/24/2010 09:03 PM     C:\NeverwinterNights --------- 0   
  02/24/2010 05:00 PM     C:\WinSetupFromUSB --------- 0   
  02/23/2010 04:27 PM     C:\.Trash-1000 --------- 0   
  02/19/2010 03:54 PM     C:\DirectX9 --------- 0   
  02/18/2010 11:37 PM     C:\ATI --------- 0   
  02/18/2010 05:39 PM     C:\winx.ld --------- 20   
  02/18/2010 05:39 PM     C:\FWBXV --------- 282106   
  07/14/2009 07:08 AM     C:\Documents and Settings --------- 0   
  07/14/2009 05:20 AM     C:\PerfLogs --------- 0   
  07/14/2009 03:38 AM     C:\bootmgr --------- 383562   
----------------------------------------

 
C:\Windows

  09/10/2010 10:48 AM     C:\Windows\WindowsUpdate.log --------- 1763202   
  09/10/2010 10:45 AM     C:\Windows\ntbtlog.txt --------- 1178470   
  09/10/2010 10:44 AM     C:\Windows\setupact.log --------- 26425   
  09/10/2010 10:44 AM     C:\Windows\bootstat.dat --------- 67584   
  09/06/2010 12:13 AM     C:\Windows\PFRO.log --------- 10246   
  08/29/2010 04:07 PM     C:\Windows\win.ini --------- 478   
  08/20/2010 11:00 PM     C:\Windows\DirectX.log --------- 344583   
  07/29/2010 03:50 AM     C:\Windows\setuperr.log --------- 269   
  07/29/2010 03:43 AM     C:\Windows\DtcInstall.log --------- 1774   
  07/29/2010 03:43 AM     C:\Windows\TSSysprep.log --------- 1313   
  07/29/2010 03:42 AM     C:\Windows\ativpsrm.bin --------- 0   
  06/18/2010 07:13 AM     C:\Windows\atiogl.xml --------- 21682   
  10/31/2009 08:34 AM     C:\Windows\explorer.exe --------- 2870272   
  07/14/2009 06:54 AM     C:\Windows\WindowsShell.Manifest --------- 749   
  07/14/2009 03:39 AM     C:\Windows\write.exe --------- 10240   
  07/14/2009 03:39 AM     C:\Windows\splwow64.exe --------- 61952   
  07/14/2009 03:39 AM     C:\Windows\regedit.exe --------- 427008   
  07/14/2009 03:39 AM     C:\Windows\notepad.exe --------- 193536   
  07/14/2009 03:39 AM     C:\Windows\hh.exe --------- 16896   
  07/14/2009 03:39 AM     C:\Windows\HelpPane.exe --------- 733696   
  07/14/2009 03:39 AM     C:\Windows\fveupdate.exe --------- 15360   
  07/14/2009 03:38 AM     C:\Windows\bfsvc.exe --------- 71168   
  07/14/2009 03:16 AM     C:\Windows\twain_32.dll --------- 51200   
  07/14/2009 03:14 AM     C:\Windows\winhlp32.exe --------- 9728   
  07/14/2009 03:14 AM     C:\Windows\twunk_32.exe --------- 31232   
  07/14/2009 01:06 AM     C:\Windows\mib.bin --------- 43131   
  06/10/2009 11:41 PM     C:\Windows\twunk_16.exe --------- 49680   
  06/10/2009 11:41 PM     C:\Windows\twain.dll --------- 94784   
  06/10/2009 11:08 PM     C:\Windows\system.ini --------- 219   
  06/10/2009 10:52 PM     C:\Windows\WMSysPr9.prx --------- 316640   
  06/10/2009 10:36 PM     C:\Windows\msdfmap.ini --------- 1405   
  06/10/2009 10:31 PM     C:\Windows\Ultimate.xml --------- 51867   
  06/10/2009 10:31 PM     C:\Windows\Starter.xml --------- 48201   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 09/10/2010 10:52 AM     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 17168  
 09/10/2010 10:52 AM     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 17168  
 09/10/2010 10:49 AM     C:\Windows\system32\perfc009.dat --------- 103702  
 09/10/2010 10:49 AM     C:\Windows\system32\perfh009.dat --------- 615360  
 09/10/2010 10:49 AM     C:\Windows\system32\PerfStringBackup.INI --------- 713888  
 09/10/2010 12:53 AM     C:\Windows\system32\config --------- 12288  
 09/06/2010 12:50 AM     C:\Windows\system32\DriverStore --------- 4096  
 09/06/2010 12:50 AM     C:\Windows\system32\drivers --------- 65536  
 09/06/2010 12:21 AM     C:\Windows\system32\catroot --------- 4096  
 09/06/2010 12:21 AM     C:\Windows\system32\catroot2 --------- 4096  
 09/06/2010 12:15 AM     C:\Windows\system32\FNTCACHE.DAT --------- 417352  
 09/06/2010 12:13 AM     C:\Windows\system32\migration --------- 0  
 09/06/2010 12:13 AM     C:\Windows\system32\Wat --------- 0  
 09/05/2010 09:57 PM     C:\Windows\system32\en-US --------- 327680  
 08/29/2010 11:21 PM     C:\Windows\system32\NDF --------- 0  
 08/29/2010 04:13 PM     C:\Windows\system32\Tasks --------- 4096  
 08/11/2010 02:37 AM     C:\Windows\system32\LogFiles --------- 4096  
 08/03/2010 11:52 AM     C:\Windows\system32\MRT.exe --------- 37437384  
 08/02/2010 09:02 AM     C:\Windows\system32\wdi --------- 4096  
 07/29/2010 04:02 AM     C:\Windows\system32\oobe --------- 4096  
 07/29/2010 03:49 AM     C:\Windows\system32\CodeIntegrity --------- 0  
 07/29/2010 03:44 AM     C:\Windows\system32\license.rtf --------- 42045  
 07/29/2010 03:43 AM     C:\Windows\system32\sysprep --------- 0  
 07/28/2010 09:22 PM     C:\Windows\system32\restore --------- 0  
 07/27/2010 04:59 PM     C:\Windows\system32\shell32.dll --------- 14162944  
 07/07/2010 04:16 AM     C:\Windows\system32\atio6axx.dll --------- 20118528  
 07/07/2010 03:54 AM     C:\Windows\system32\atiapfxx.blb --------- 63416  
 07/07/2010 03:54 AM     C:\Windows\system32\atiapfxx.exe --------- 143360  
 07/07/2010 03:53 AM     C:\Windows\system32\aticfx64.dll --------- 594432  
 07/07/2010 03:51 AM     C:\Windows\system32\ATIDEMGX.dll --------- 446464  
 07/07/2010 03:51 AM     C:\Windows\system32\atieclxx.exe --------- 462336  
 07/07/2010 03:50 AM     C:\Windows\system32\atiesrxx.exe --------- 203264  
 07/07/2010 03:49 AM     C:\Windows\system32\atitmm64.dll --------- 120320  
 07/07/2010 03:49 AM     C:\Windows\system32\atipdl64.dll --------- 421376  
 07/07/2010 03:49 AM     C:\Windows\system32\atimuixx.dll --------- 12288  
 07/07/2010 03:49 AM     C:\Windows\system32\atiedu64.dll --------- 59392  
 07/07/2010 03:37 AM     C:\Windows\system32\atidxx64.dll --------- 4463616  
 07/07/2010 03:30 AM     C:\Windows\system32\atiumd6a.dll --------- 2785792  
 07/07/2010 03:29 AM     C:\Windows\system32\aticalrt64.dll --------- 51200  
 07/07/2010 03:29 AM     C:\Windows\system32\aticalcl64.dll --------- 44544  
 07/07/2010 03:29 AM     C:\Windows\system32\aticaldd64.dll --------- 5378560  
 07/07/2010 03:27 AM     C:\Windows\system32\atiumd6a.cap --------- 543664  
 07/07/2010 03:24 AM     C:\Windows\system32\coinst.dll --------- 55296  
 07/07/2010 03:22 AM     C:\Windows\system32\atiumd64.dll --------- 5099008  
 07/07/2010 03:16 AM     C:\Windows\system32\atiadlxx.dll --------- 335872  
 07/07/2010 03:15 AM     C:\Windows\system32\atig6pxx.dll --------- 14848  
 07/07/2010 03:15 AM     C:\Windows\system32\atiglpxx.dll --------- 12800  
 07/07/2010 03:15 AM     C:\Windows\system32\atig6txx.dll --------- 18432  
 07/07/2010 03:15 AM     C:\Windows\system32\atiuxp64.dll --------- 39424  
 07/07/2010 03:14 AM     C:\Windows\system32\atiu9p64.dll --------- 30208  
 07/07/2010 03:11 AM     C:\Windows\system32\atimpc64.dll --------- 54272  
 07/07/2010 03:11 AM     C:\Windows\system32\amdpcom64.dll --------- 54272  
 06/30/2010 09:13 AM     C:\Windows\system32\wininet.dll --------- 1192960  
 06/30/2010 09:13 AM     C:\Windows\system32\urlmon.dll --------- 1494528  
 06/30/2010 09:12 AM     C:\Windows\system32\mstime.dll --------- 1026048  
 06/30/2010 09:12 AM     C:\Windows\system32\mshtml.dll --------- 9298432  
 06/30/2010 09:12 AM     C:\Windows\system32\msfeedsbs.dll --------- 82944  
 06/30/2010 09:11 AM     C:\Windows\system32\jsproxy.dll --------- 64512  
 06/30/2010 09:11 AM     C:\Windows\system32\ieui.dll --------- 247808  
 06/30/2010 09:11 AM     C:\Windows\system32\iepeers.dll --------- 256000  
 06/30/2010 09:11 AM     C:\Windows\system32\ieframe.dll --------- 12364800  
 06/30/2010 09:11 AM     C:\Windows\system32\iedkcs32.dll --------- 445952  
 06/30/2010 09:09 AM     C:\Windows\system32\msfeedssync.exe --------- 12288  
 06/30/2010 06:56 AM     C:\Windows\system32\mshtml.tlb --------- 1638912  
 06/19/2010 09:05 AM     C:\Windows\system32\ntoskrnl.exe --------- 5507968  
 06/19/2010 08:53 AM     C:\Windows\system32\rtutils.dll --------- 52224  
 06/19/2010 06:32 AM     C:\Windows\system32\win32k.sys --------- 3122688  
 06/16/2010 08:11 AM     C:\Windows\system32\schannel.dll --------- 340992  
 06/16/2010 12:28 AM     C:\Windows\system32\atipblag.dat --------- 2857  
 06/08/2010 07:36 AM     C:\Windows\system32\msxml3.dll --------- 1877504  
 05/27/2010 08:34 AM     C:\Windows\system32\atmlib.dll --------- 46080  
 05/27/2010 06:11 AM     C:\Windows\system32\atmfd.dll --------- 366080  
 05/21/2010 02:14 PM     C:\Windows\system32\MpSigStub.exe --------- 270208  
 05/19/2010 09:48 PM     C:\Windows\system32\cdd.dll --------- 144384  
 05/11/2010 10:42 PM     C:\Windows\system32\atiicdxx.dat --------- 205156  
 05/09/2010 11:46 AM     C:\Windows\system32\CPFilters.dll --------- 961024  
 05/09/2010 11:45 AM     C:\Windows\system32\msdri.dll --------- 552960  
 05/09/2010 11:44 AM     C:\Windows\system32\MSNP.ax --------- 288256  
 05/09/2010 11:44 AM     C:\Windows\system32\mpg2splt.ax --------- 258560  
 04/23/2010 09:11 AM     C:\Windows\system32\tzres.dll --------- 2048  
 04/07/2010 09:37 AM     C:\Windows\system32\oleaut32.dll --------- 861184  
 03/24/2010 08:59 AM     C:\Windows\system32\ntdll.dll --------- 1736608  
 03/08/2010 11:59 PM     C:\Windows\system32\vbscript.dll --------- 612352  
 03/05/2010 09:52 AM     C:\Windows\system32\asycfilt.dll --------- 84992  
 03/04/2010 09:57 AM     C:\Windows\system32\inetcomm.dll --------- 976896  
 02/23/2010 10:16 AM     C:\Windows\system32\browserchoice.exe --------- 294912  
 02/20/2010 05:20 PM     C:\Windows\system32\FM20ENU.DLL --------- 31616  
 02/20/2010 05:20 PM     C:\Windows\system32\FM20.DLL --------- 1603944  
 02/17/2010 09:41 PM     C:\Windows\system32\VBAME.DLL --------- 54656  
 01/19/2010 11:05 AM     C:\Windows\system32\secproc_isv.dll --------- 422912  
 01/19/2010 11:05 AM     C:\Windows\system32\secproc_ssp.dll --------- 121856  
 01/19/2010 11:05 AM     C:\Windows\system32\secproc_ssp_isv.dll --------- 121856  
 01/19/2010 11:05 AM     C:\Windows\system32\secproc.dll --------- 424960  
 01/19/2010 11:00 AM     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 305152  
 01/19/2010 11:00 AM     C:\Windows\system32\RMActivate_isv.exe --------- 357888  
 01/19/2010 11:00 AM     C:\Windows\system32\RMActivate_ssp.exe --------- 306688  
 01/19/2010 11:00 AM     C:\Windows\system32\RMActivate.exe --------- 356352  
 01/09/2010 09:19 AM     C:\Windows\system32\cabview.dll --------- 139264  
 12/29/2009 10:03 AM     C:\Windows\system32\wintrust.dll --------- 220672  
 12/22/2009 10:36 AM     C:\Windows\system32\wow64.dll --------- 243200  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 09/10/2010 10:44 AM     C:\Windows\Tasks\SA.DAT --------- 6  
 07/14/2009 07:08 AM     C:\Windows\Tasks\SCHEDLGU.TXT --------- 21836  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\WILLSP~1\AppData\Local\Temp

 09/10/2010 10:54 AM     C:\Users\WILLSP~1\AppData\Local\Temp\Rar$DI00.159 --------- 0  
 09/10/2010 10:54 AM     C:\Users\WILLSP~1\AppData\Local\Temp\Low --------- 0  
 09/10/2010 10:52 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-12 --------- 0  
 09/10/2010 10:46 AM     C:\Users\WILLSP~1\AppData\Local\Temp\WPDNSE --------- 0  
 09/06/2010 08:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\fla19A3.tmp --------- 15602431  
 09/06/2010 08:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-11 --------- 0  
 09/06/2010 08:07 AM     C:\Users\WILLSP~1\AppData\Local\Temp\wmsetup.log --------- 6186  
 09/06/2010 12:12 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-10 --------- 0  
 09/05/2010 09:24 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-9 --------- 0  
 09/05/2010 01:59 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-8 --------- 0  
 09/03/2010 01:00 AM     C:\Users\WILLSP~1\AppData\Local\Temp\~DF8FB07F023C775DE0.TMP --------- 114688  
 09/02/2010 05:39 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-7 --------- 0  
 09/02/2010 04:35 PM     C:\Users\WILLSP~1\AppData\Local\Temp\modFE1B.tmp --------- 222  
 09/02/2010 04:35 PM     C:\Users\WILLSP~1\AppData\Local\Temp\~DFC429079FFE864E40.TMP --------- 196608  
 09/02/2010 04:35 PM     C:\Users\WILLSP~1\AppData\Local\Temp\modEBB2.tmp --------- 182783  
 09/02/2010 04:35 PM     C:\Users\WILLSP~1\AppData\Local\Temp\modE9FD.tmp --------- 947  
 09/02/2010 04:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\modAE22.tmp --------- 5  
 09/01/2010 07:41 PM     C:\Users\WILLSP~1\AppData\Local\Temp\c0ZIiYot.exe.part --------- 388608  
 09/01/2010 12:03 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-6 --------- 0  
 08/29/2010 11:35 PM     C:\Users\WILLSP~1\AppData\Local\Temp\cpes_clean_log_20100829233549.log --------- 1836  
 08/29/2010 11:21 PM     C:\Users\WILLSP~1\AppData\Local\Temp\msdt --------- 0  
 08/29/2010 11:21 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmpB40F.tmp --------- 0  
 08/29/2010 11:21 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp5E81.tmp --------- 0  
 08/29/2010 05:47 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD3F65.tmp --------- 0  
 08/29/2010 05:47 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD2925.tmp --------- 0  
 08/29/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD8611.tmp --------- 0  
 08/29/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD7888.tmp --------- 0  
 08/29/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD75C8.tmp --------- 0  
 08/29/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD7549.tmp --------- 0  
 08/29/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\TCD743E.tmp --------- 0  
 08/29/2010 04:47 PM     C:\Users\WILLSP~1\AppData\Local\Temp\SetupExe(20100829160502F10).log --------- 194437  
 08/29/2010 12:34 PM     C:\Users\WILLSP~1\AppData\Local\Temp\utt361E.tmp.bat --------- 74  
 08/29/2010 12:34 PM     C:\Users\WILLSP~1\AppData\Local\Temp\utt361E.tmp --------- 0  
 08/29/2010 12:34 PM     C:\Users\WILLSP~1\AppData\Local\Temp\utt3543.tmp.bat --------- 74  
 08/29/2010 12:34 PM     C:\Users\WILLSP~1\AppData\Local\Temp\utt3543.tmp --------- 0  
 08/29/2010 12:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\uttB329.tmp --------- 0  
 08/27/2010 11:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\utt7C7.tmp.bat --------- 74  
 08/27/2010 11:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\utt7C7.tmp --------- 0  
 08/27/2010 11:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\utt74A.tmp.bat --------- 74  
 08/27/2010 11:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\utt74A.tmp --------- 0  
 08/27/2010 11:32 AM     C:\Users\WILLSP~1\AppData\Local\Temp\uttF8B9.tmp --------- 0  
 08/27/2010 01:49 AM     C:\Users\WILLSP~1\AppData\Local\Temp\Will Spliff.bmp --------- 49208  
 08/25/2010 11:05 PM     C:\Users\WILLSP~1\AppData\Local\Temp\install_log.log --------- 100  
 08/25/2010 11:05 PM     C:\Users\WILLSP~1\AppData\Local\Temp\ASKSUTBLOG --------- 523804  
 08/25/2010 10:16 PM     C:\Users\WILLSP~1\AppData\Local\Temp\setup.exe --------- 2944904  
 08/24/2010 08:04 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp_grafx.jpg --------- 48034  
 08/24/2010 11:50 AM     C:\Users\WILLSP~1\AppData\Local\Temp\AskSearch --------- 0  
 08/19/2010 09:25 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div8F5.tmp --------- 0  
 08/19/2010 09:25 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divCABD.tmp --------- 0  
 08/19/2010 04:04 PM     C:\Users\WILLSP~1\AppData\Local\Temp\E17A.dir --------- 0  
 08/19/2010 04:04 PM     C:\Users\WILLSP~1\AppData\Local\Temp\E17A.tmp --------- 0  
 08/18/2010 04:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div9AE7.tmp --------- 0  
 08/18/2010 04:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div9B06.tmp --------- 0  
 08/18/2010 04:33 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divE252.tmp --------- 0  
 08/18/2010 03:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div6C78.tmp --------- 0  
 08/18/2010 03:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divA9E5.tmp --------- 0  
 08/18/2010 03:02 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divC235.tmp --------- 0  
 08/16/2010 10:18 PM     C:\Users\WILLSP~1\AppData\Local\Temp\msdtadmin --------- 0  
 08/16/2010 10:18 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp723C.tmp --------- 0  
 08/16/2010 09:50 PM     C:\Users\WILLSP~1\AppData\Local\Temp\OutofProcReport31588971.txt --------- 2678  
 08/16/2010 09:50 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{6e442883-e444-4ea5-99b0-ff28ddd45192} --------- 0  
 08/16/2010 09:49 PM     C:\Users\WILLSP~1\AppData\Local\Temp\cpes_clean_log_20100816214832.log --------- 20485  
 08/16/2010 09:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div276D.tmp --------- 0  
 08/16/2010 09:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div648C.tmp --------- 0  
 08/16/2010 09:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div96C2.tmp --------- 0  
 08/16/2010 09:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div9913.tmp --------- 0  
 08/16/2010 03:04 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp8038.tmp --------- 0  
 08/15/2010 11:23 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-5 --------- 0  
 08/15/2010 12:05 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp217.tmp1 --------- 0  
 08/15/2010 11:48 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmpCBA.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div10D1.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div72ED.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div8B5E.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div8DDD.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div8E59.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div8F34.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div9DE3.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divA2A4.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divAED4.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divBE11.tmp --------- 0  
 08/15/2010 11:17 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divC763.tmp --------- 0  
 08/14/2010 11:26 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp650.tmp1 --------- 0  
 08/14/2010 03:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp68.tmp1 --------- 0  
 08/14/2010 12:28 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp881.tmp1 --------- 0  
 08/14/2010 08:58 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp817.tmp1 --------- 0  
 08/13/2010 08:46 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp498.tmp2 --------- 0  
 08/13/2010 08:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\dd_vcredistUI2C1E.txt --------- 11430  
 08/13/2010 08:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\dd_vcredistMSI2C1E.txt --------- 410926  
 08/13/2010 07:31 PM     C:\Users\WILLSP~1\AppData\Local\Temp\SkypeToolbars.msi --------- 2391040  
 08/13/2010 07:31 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Skype.msi --------- 19846144  
 08/13/2010 06:18 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp564.tmp1 --------- 0  
 08/13/2010 09:05 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp710.tmp2 --------- 0  
 08/12/2010 07:32 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp402.tmp1 --------- 0  
 08/12/2010 07:31 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divBC2D.tmp --------- 0  
 08/12/2010 07:51 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp466.tmp1 --------- 0  
 08/12/2010 07:26 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp818.tmp1 --------- 0  
 08/12/2010 01:57 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp854.tmp1 --------- 0  
 08/11/2010 04:41 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp840.tmp1 --------- 0  
 08/11/2010 01:43 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp588.tmp1 --------- 0  
 08/11/2010 01:43 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div9397.tmp --------- 0  
 08/10/2010 04:39 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp250.tmp1 --------- 0  
 08/10/2010 04:39 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div9146.tmp --------- 0  
 08/10/2010 06:19 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp40.tmp1 --------- 0  
 08/10/2010 06:19 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div9C9C.tmp --------- 0  
 08/10/2010 04:19 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmpCC83.tmp --------- 0  
 08/10/2010 04:16 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp5090.tmp --------- 0  
 08/10/2010 04:16 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp167D.tmp --------- 0  
 08/10/2010 03:04 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp252.tmp1 --------- 0  
 08/10/2010 03:03 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divAB4B.tmp --------- 0  
 08/09/2010 11:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp168.tmp1 --------- 0  
 08/09/2010 11:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div8786.tmp --------- 0  
 08/09/2010 08:46 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp607.tmp1 --------- 0  
 08/09/2010 08:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div89D7.tmp --------- 0  
 08/09/2010 06:51 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp534.tmp1 --------- 0  
 08/09/2010 06:18 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp471.tmp1 --------- 0  
 08/09/2010 06:18 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div8BCA.tmp --------- 0  
 08/09/2010 05:39 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp158.tmp1 --------- 0  
 08/09/2010 05:39 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div8AB1.tmp --------- 0  
 08/09/2010 01:14 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-4 --------- 0  
 08/08/2010 04:30 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp383.tmp1 --------- 0  
 08/08/2010 02:44 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-3 --------- 0  
 08/08/2010 01:11 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp366.tmp1 --------- 0  
 08/06/2010 03:29 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp719.tmp1 --------- 0  
 08/06/2010 02:03 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp290.tmp1 --------- 0  
 08/06/2010 11:57 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp739.tmp1 --------- 0  
 08/05/2010 03:35 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp749.tmp1 --------- 0  
 08/05/2010 02:56 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp847.tmp1 --------- 0  
 08/05/2010 02:55 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divB6EF.tmp --------- 0  
 08/05/2010 12:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp596.tmp1 --------- 0  
 08/05/2010 12:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\History --------- 0  
 08/05/2010 12:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Cookies --------- 0  
 08/05/2010 12:01 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Temporary Internet Files --------- 0  
 08/05/2010 02:47 AM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-2 --------- 0  
 08/05/2010 12:00 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp20.tmp1 --------- 0  
 08/05/2010 12:00 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divFC67.tmp --------- 0  
 08/04/2010 10:19 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp149.tmp1 --------- 0  
 08/04/2010 10:19 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div8F24.tmp --------- 0  
 08/03/2010 08:07 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp256.tmp1 --------- 0  
 08/03/2010 08:07 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div1BF8.tmp --------- 0  
 08/03/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp714.tmp1 --------- 0  
 08/03/2010 05:45 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divD077.tmp --------- 0  
 08/03/2010 09:45 AM     C:\Users\WILLSP~1\AppData\Local\Temp\divED4A.tmp --------- 0  
 08/03/2010 09:16 AM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp134.tmp1 --------- 0  
 08/02/2010 08:56 PM     C:\Users\WILLSP~1\AppData\Local\Temp\StructuredQuery.log --------- 828  
 08/02/2010 08:39 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp853.tmp1 --------- 0  
 08/02/2010 08:31 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp676.tmp1 --------- 0  
 08/02/2010 08:19 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp78.tmp1 --------- 0  
 08/02/2010 08:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp331.tmp1 --------- 0  
 08/02/2010 08:11 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp780.tmp1 --------- 0  
 08/02/2010 08:11 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp762.tmp1 --------- 0  
 08/02/2010 08:10 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp390.tmp1 --------- 0  
 08/02/2010 08:09 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp548.tmp1 --------- 0  
 08/02/2010 08:03 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp668.tmp1 --------- 0  
 08/02/2010 07:47 PM     C:\Users\WILLSP~1\AppData\Local\Temp\tmp197.tmp1 --------- 0  
 08/02/2010 07:32 PM     C:\Users\WILLSP~1\AppData\Local\Temp\{48E7E276-0A60-48FB-9C58-BDDCB84AABFF} --------- 0  
 08/02/2010 07:32 PM     C:\Users\WILLSP~1\AppData\Local\Temp\MSI393a.LOG --------- 1711634  
 08/02/2010 07:12 PM     C:\Users\WILLSP~1\AppData\Local\Temp\DMI4BBF.tmp --------- 0  
 08/02/2010 06:40 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div5EB2.tmp --------- 0  
 08/01/2010 07:38 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div588B.tmp --------- 0  
 08/01/2010 04:14 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divDF27.tmp --------- 0  
 08/01/2010 04:09 PM     C:\Users\WILLSP~1\AppData\Local\Temp\div9C.tmp --------- 0  
 08/01/2010 10:18 AM     C:\Users\WILLSP~1\AppData\Local\Temp\div39C4.tmp --------- 0  
 07/31/2010 09:16 PM     C:\Users\WILLSP~1\AppData\Local\Temp\divF8A1.tmp --------- 0  
 07/30/2010 06:31 PM     C:\Users\WILLSP~1\AppData\Local\Temp\DMIAD7F.tmp --------- 0  
 07/29/2010 10:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\RA.xml --------- 20631  
 07/29/2010 10:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\RA.dmp --------- 79287  
 07/29/2010 10:42 PM     C:\Users\WILLSP~1\AppData\Local\Temp\RAC5DD.tmp --------- 0  
 07/29/2010 08:20 PM     C:\Users\WILLSP~1\AppData\Local\Temp\data --------- 0  
 07/29/2010 07:46 PM     C:\Users\WILLSP~1\AppData\Local\Temp\isw_acc_80100000 --------- 0  
 07/29/2010 03:30 PM     C:\Users\WILLSP~1\AppData\Local\Temp\uttCA23.tmp.old --------- 0  
 07/29/2010 02:41 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp --------- 0  
 07/29/2010 02:41 PM     C:\Users\WILLSP~1\AppData\Local\Temp\ct2613550 --------- 0  
 07/29/2010 02:41 PM     C:\Users\WILLSP~1\AppData\Local\Temp\conduit --------- 0  
 07/29/2010 02:41 PM     C:\Users\WILLSP~1\AppData\Local\Temp\07291052511 --------- 0  
 07/29/2010 02:30 PM     C:\Users\WILLSP~1\AppData\Local\Temp\plugtmp-1 --------- 0  
 07/29/2010 04:06 AM     C:\Users\WILLSP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 06/28/2010 10:09 PM     C:\Users\WILLSP~1\AppData\Local\Temp\zauninst.exe --------- 220160  
 06/28/2010 09:59 PM     C:\Users\WILLSP~1\AppData\Local\Temp\vsinit.dll --------- 228864  
 06/28/2010 09:59 PM     C:\Users\WILLSP~1\AppData\Local\Temp\vsutil.dll --------- 713728  
 06/15/2010 05:50 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Uninstall.exe --------- 1208632  
 06/08/2010 08:20 PM     C:\Users\WILLSP~1\AppData\Local\Temp\Catalyst.bmp --------- 57654  
 03/16/2010 04:11 PM     C:\Users\WILLSP~1\AppData\Local\Temp\ose00000.exe --------- 174440  
----------------------------------------

 
C:\Program Files

 09/06/2010 12:13 AM     C:\Program Files\Windows Media Player --------- 4096  
 09/06/2010 12:13 AM     C:\Program Files\Windows Mail --------- 0  
 09/06/2010 12:13 AM     C:\Program Files\Internet Explorer --------- 4096  
 08/29/2010 04:11 PM     C:\Program Files\Common Files --------- 4096  
 08/29/2010 04:10 PM     C:\Program Files\Microsoft Synchronization Services --------- 0  
 08/29/2010 04:09 PM     C:\Program Files\Microsoft Office --------- 4096  
 08/29/2010 04:09 PM     C:\Program Files\Microsoft Sync Framework --------- 0  
 08/29/2010 04:09 PM     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 08/29/2010 04:06 PM     C:\Program Files\Microsoft Analysis Services --------- 0  
 08/18/2010 12:08 PM     C:\Program Files\WinRAR --------- 4096  
 07/31/2010 08:46 PM     C:\Program Files\DivX --------- 0  
 07/29/2010 04:35 PM     C:\Program Files\ATI Technologies --------- 0  
 07/29/2010 04:33 PM     C:\Program Files\ATI --------- 0  
 07/29/2010 02:28 PM     C:\Program Files\CheckPoint --------- 0  
 07/14/2009 09:47 AM     C:\Program Files\DVD Maker --------- 4096  
 07/14/2009 09:46 AM     C:\Program Files\Windows Journal --------- 0  
 07/14/2009 09:46 AM     C:\Program Files\Microsoft Games --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Sidebar --------- 4096  
 07/14/2009 07:37 AM     C:\Program Files\Windows Photo Viewer --------- 0  
 07/14/2009 07:37 AM     C:\Program Files\Windows Defender --------- 4096  
 07/14/2009 07:32 AM     C:\Program Files\Windows Portable Devices --------- 0  
 07/14/2009 07:32 AM     C:\Program Files\Windows NT --------- 0  
 07/14/2009 07:32 AM     C:\Program Files\Reference Assemblies --------- 0  
 07/14/2009 07:32 AM     C:\Program Files\MSBuild --------- 0  
 07/14/2009 07:09 AM     C:\Program Files\Uninstall Information --------- 0  
 07/14/2009 06:54 AM     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

Will    
AppData    
Will Spliff    
Public    
Default    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0      1,024 K
smss.exe                       272 Services                   0      1,092 K
csrss.exe                      356 Services                   0      4,108 K
wininit.exe                    424 Services                   0      4,276 K
csrss.exe                      460 Console                    1      9,884 K
services.exe                   492 Services                   0      8,912 K
lsass.exe                      508 Services                   0     10,864 K
lsm.exe                        516 Services                   0      4,120 K
svchost.exe                    620 Services                   0      9,036 K
winlogon.exe                   696 Console                    1      6,880 K
svchost.exe                    756 Services                   0      7,156 K
atiesrxx.exe                   816 Services                   0      4,132 K
svchost.exe                    892 Services                   0     26,060 K
svchost.exe                    936 Services                   0     95,108 K
svchost.exe                    976 Services                   0     86,520 K
svchost.exe                    464 Services                   0     15,208 K
svchost.exe                   1080 Services                   0     13,508 K
atieclxx.exe                  1140 Console                    1      5,292 K
spoolsv.exe                   1348 Services                   0     11,548 K
sched.exe                     1376 Services                   0      1,520 K
svchost.exe                   1396 Services                   0     14,556 K
avguard.exe                   1544 Services                   0     78,536 K
svchost.exe                   1636 Services                   0      5,276 K
SDWinSec.exe                  1772 Services                   0      8,148 K
avshadow.exe                  1796 Services                   0      3,908 K
conhost.exe                   1816 Services                   0      2,580 K
WUDFHost.exe                  2140 Services                   0      5,808 K
dwm.exe                       2584 Console                    1      4,776 K
taskhost.exe                  2592 Console                    1      5,420 K
explorer.exe                  2604 Console                    1     39,768 K
TeaTimer.exe                  2808 Console                    1     91,148 K
uTorrent.exe                  2820 Console                    1      9,016 K
avgnt.exe                     2900 Console                    1      3,848 K
wmpnetwk.exe                  2008 Services                   0      5,520 K
svchost.exe                   2328 Services                   0     13,400 K
firefox.exe                    764 Console                    1    100,876 K
svchost.exe                   1468 Services                   0     12,712 K
WmiPrvSE.exe                  3036 Services                   0      6,044 K
svchost.exe                   2752 Services                   0     30,888 K
plugin-container.exe          2896 Console                    1     14,008 K
audiodg.exe                   2792 Services                   0     15,360 K
RSIT.exe                      3008 Console                    1     14,488 K
WmiPrvSE.exe                   208 Services                   0     10,632 K
WinRAR.exe                    1624 Console                    1     16,356 K
cmd.exe                        584 Console                    1      3,624 K
conhost.exe                   1252 Console                    1      4,016 K
tasklist.exe                  2452 Console                    1      5,256 K

 
***** Ende des Scans Fri 09/10/2010 um 10:54:39.40 ***

kira · 12.09.2010, 13:14

also wiederhole mich nochmal:

Zitat:

Zitat von Coverflow

nein...einen neuen Thread bitte für dein Lapi aufmachen

das heißt, bitte nicht hier! Pro Rechner/Thread

hier geht`s nur damit weiter:-> http://www.trojaner-board.de/90534-m...tml#post566094
und zwar für dein Tower, sonst kommen wir schnell durcheinendar!

Mein email Account schickt Spammails

Plagegeister aller Art und deren Bekämpfung: Mein email Account schickt Spammails