Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gmail account hacked, need to clean my PC

Started by fgrocker , Feb 28 2012 09:10 AM

  • Please log in to reply

#1
fgrocker
Posted 28 February 2012 - 09:10 AM

fgrocker

    Member

  • Member
  • PipPip
  • 16 posts
Hello,

As the thread title states, my Gmail account was hacked and used to send spam mail. I am running anti-virus, but have not checked for spyware/malware in quite some time. I have not had any other problems with my PC recently. Which programs should I use to better clean my PC, and what other tips may someone have for me? Thanks!

Here is the OTL log:


OTL logfile created on: 2/28/2012 10:02:00 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\HerrmannE\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1.95 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 52.24% Memory free
4.73 Gb Paging File | 3.97 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): c:\pagefile.sys 2998 3998 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.73 Gb Total Space | 84.32 Gb Free Space | 56.69% Space Free | Partition Type: NTFS
Drive M: | 1800.00 Gb Total Space | 1068.26 Gb Free Space | 59.35% Space Free | Partition Type: NTFS
Drive P: | 1800.00 Gb Total Space | 1068.26 Gb Free Space | 59.35% Space Free | Partition Type: NTFS

Computer Name: USLBG1LT338 | User Name: HerrmannE | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 09:59:53 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HerrmannE\My Documents\Downloads\OTL.exe
PRC - [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/02/18 18:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
PRC - [2011/02/18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2011/02/03 13:24:38 | 000,069,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2011/02/02 10:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/08 16:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/06/19 10:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/04/03 13:41:08 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
PRC - [2009/02/23 13:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/23 13:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe
PRC - [2009/01/31 20:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 18:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/16 17:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/11/24 09:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/10/01 14:52:36 | 000,064,888 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2005/07/21 10:15:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 00:03:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/15 00:03:34 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/15 00:02:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/15 00:02:08 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/15 00:02:07 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2012/02/14 21:00:24 | 008,593,568 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/10/07 11:01:34 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2009/10/07 11:01:14 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/03/02 18:30:14 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi5in.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/09/16 13:11:16 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/18 18:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV - [2011/02/18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2011/02/03 13:24:38 | 000,069,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2011/01/08 16:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/04/03 13:41:08 | 000,139,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)
SRV - [2009/02/23 13:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe -- (STacSV)
SRV - [2008/10/01 14:52:36 | 000,064,888 | ---- | M] (Web Meeting) [Auto | Running] -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -- (RDIConverterPrintHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/09/20 10:57:43 | 000,443,448 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/18 18:38:24 | 000,039,984 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmwvusb.sys -- (vmwvusb)
DRV - [2010/01/05 11:01:36 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/11/24 11:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/11/05 20:32:54 | 000,166,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/10/30 16:51:14 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/10/07 11:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/02/23 13:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 17:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/12/05 05:33:52 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/06 01:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/20 19:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/02/15 07:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/01/11 01:30:14 | 000,093,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\egxfilter.sys -- (egxfilter)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/07/14 10:51:24 | 000,002,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\portio32.sys -- (portio32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.aecomnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.aecomnet.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.150_0\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\HerrmannE\Application Data\IDM\idmmzcc3


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin6.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Puzzle Domain = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emnfjmnefbdnkahggiifeihiafobjepm\1.23_0\
CHR - Extension: Pandora = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.19_0\
CHR - Extension: Lord of Ultima = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.11_0\
CHR - Extension: Little Alchemy = C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.11_0\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: adfs.aecom.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: aeairweb.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: aecom.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: aecomeur.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: aecomnet.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: asap.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: cisco.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: earthtech.ca ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: earthtech.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: edaw.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ellerbebecket.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ensr.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ensr.net ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: extranet.aecom.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: getthere.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: midicorp.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: salesforce.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: softscape.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: towersperrin.com ([insight] * in Trusted sites)
O15 - HKCU\..Trusted Domains: adfs.aecom.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: aeairweb.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aecom.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aecomeur.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: aecomnet.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: asap.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cisco.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: earthtech.ca ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: earthtech.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: edaw.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ellerbebecket.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ensr.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ensr.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: extranet.aecom.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getthere.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hsmm04 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hsmm08 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hsmm12 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hsmmbst01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hsmmbst04 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: midicorp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: salesforce.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: softscape.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: towersperrin.com ([insight] * in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262277342906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262277375250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.25)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.24.136.6 172.27.128.7 172.27.69.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.aecomnet.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FB6C1B-B3CD-45CA-8007-C430EFB8B39E}: DhcpNameServer = 209.55.5.10 209.55.5.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A8EC66C-9C74-4F8B-B58D-AF8AA2C475F0}: DhcpNameServer = 172.24.136.6 172.27.128.7 172.27.69.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wsauth) - C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/31 11:19:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 13:55:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HerrmannE\Recent
[2012/02/27 09:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro
[2012/02/25 10:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Application Data\ManyCam
[2012/02/24 14:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Application Data\.freeciv
[2012/02/24 14:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Freeciv-2.3.1-gtk2
[2012/02/06 13:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minitab
[2012/02/06 12:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Minitab
[2012/02/06 12:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Minitab
[2012/02/06 12:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Minitab Shared
[2012/02/06 11:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Unity
[2012/01/31 21:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Application Data\Macrovision
[2012/01/31 14:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\E177E04D548C4006A465EEB92D3DE021
[2012/01/31 14:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2012/01/31 14:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\Downloaded Installations
[2012/01/31 14:04:15 | 000,039,984 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmwvusb.sys
[2012/01/31 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2012/01/31 14:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\VMware
[2012/01/31 14:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/01/31 14:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012/01/30 09:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HerrmannE\Application Data\MathWorks
[2012/01/29 18:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MATLAB
[2012/01/29 18:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 10:08:00 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B11B3758-5A64-47DC-8922-45CA8183D177}.job
[2012/02/28 10:05:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{831D0E48-16AE-447E-BF57-35F4D5C17174}.job
[2012/02/28 10:05:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7446D5DB-6F2C-4FFB-B339-4403DC4A0E29}.job
[2012/02/28 10:04:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/28 09:57:16 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{002AD1B9-2B20-42BB-91DB-13BBD3AD090D}.job
[2012/02/28 09:48:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-1417001333-153116UA.job
[2012/02/28 09:38:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2126858571-1200282193-2720349532-1013UA.job
[2012/02/28 09:30:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 09:15:07 | 000,000,554 | ---- | M] () -- C:\WINDOWS\tasks\MATLAB R2011b Startup Accelerator.job
[2012/02/28 09:14:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/28 09:14:59 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 09:08:24 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
[2012/02/28 07:08:20 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[2012/02/27 17:38:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2126858571-1200282193-2720349532-1013Core.job
[2012/02/27 17:11:27 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/27 17:10:09 | 000,000,463 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/02/27 17:08:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 17:08:21 | 2097,061,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 15:25:30 | 000,176,821 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Desktop\IID Available Repeater Sites.kmz
[2012/02/27 14:48:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-1417001333-153116Core.job
[2012/02/27 10:56:36 | 000,086,809 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Desktop\SM_Overlay.JPG
[2012/02/27 10:55:57 | 000,086,962 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Desktop\LH_Overlay.JPG
[2012/02/27 09:37:08 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2012/02/27 09:36:27 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 09:12:46 | 000,056,284 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/24 14:36:21 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/02/24 14:33:54 | 000,006,625 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Application Data\.freeciv-client-rc-2.3
[2012/02/24 08:31:34 | 007,439,657 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Desktop\AECOM proposal for Spotsylvania County RFP 11-11-54 Radio Consultant Services2.pdf
[2012/02/17 13:50:54 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Desktop\Google Chrome.lnk
[2012/02/17 13:50:54 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/10 13:25:38 | 000,119,878 | ---- | M] () -- C:\Documents and Settings\HerrmannE\My Documents\UVA_Spr12_RegistrationForm_EHerrmann.pdf
[2012/02/06 15:53:33 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\HerrmannE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/02/06 12:43:04 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
[2012/02/06 12:42:43 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Minitab 16.lnk
[2012/01/31 14:04:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_vmwvusb_01009.Wdf
[2012/01/31 14:04:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/31 09:53:14 | 000,546,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/31 09:53:14 | 000,101,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 10:56:36 | 000,086,809 | ---- | C] () -- C:\Documents and Settings\HerrmannE\Desktop\SM_Overlay.JPG
[2012/02/27 10:55:57 | 000,086,962 | ---- | C] () -- C:\Documents and Settings\HerrmannE\Desktop\LH_Overlay.JPG
[2012/02/27 09:52:43 | 000,176,821 | ---- | C] () -- C:\Documents and Settings\HerrmannE\Desktop\IID Available Repeater Sites.kmz
[2012/02/27 09:37:08 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2012/02/24 14:33:53 | 000,006,625 | ---- | C] () -- C:\Documents and Settings\HerrmannE\Application Data\.freeciv-client-rc-2.3
[2012/02/24 08:30:01 | 007,439,657 | ---- | C] () -- C:\Documents and Settings\HerrmannE\Desktop\AECOM proposal for Spotsylvania County RFP 11-11-54 Radio Consultant Services2.pdf
[2012/02/10 13:25:38 | 000,119,878 | ---- | C] () -- C:\Documents and Settings\HerrmannE\My Documents\UVA_Spr12_RegistrationForm_EHerrmann.pdf
[2012/02/06 12:43:03 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
[2012/02/06 12:42:43 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minitab 16.lnk
[2012/01/31 14:04:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_vmwvusb_01009.Wdf
[2012/01/31 14:04:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/29 18:41:51 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MATLAB R2011b.lnk
[2012/01/29 18:41:24 | 000,000,554 | ---- | C] () -- C:\WINDOWS\tasks\MATLAB R2011b Startup Accelerator.job
[2011/12/16 08:22:31 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011/10/19 16:07:19 | 000,841,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/04 14:30:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/15 08:49:20 | 000,002,848 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
[2011/09/09 15:26:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/06/20 12:48:03 | 000,095,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/01 11:51:36 | 000,000,455 | ---- | C] () -- C:\Program Files\0601201112513640.bat
[2011/02/16 09:16:23 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\portio32.sys
[2010/08/07 14:00:48 | 000,000,053 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2010/07/29 12:31:13 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/29 12:31:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/29 11:59:33 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\HerrmannE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 11:16:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/07/01 19:10:49 | 000,000,463 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/01 19:07:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/07/01 19:07:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/07/01 19:07:46 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/07/01 17:56:46 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/07/01 17:56:45 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/07/01 17:56:38 | 000,093,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\egxfilter.sys
[2010/05/05 07:39:12 | 000,416,704 | ---- | C] () -- C:\WINDOWS\System32\EPD.dll
[2010/05/05 07:39:11 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll
[2010/05/05 07:39:11 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll

========== LOP Check ==========

[2011/09/16 13:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/30 08:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/01/17 09:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EDX
[2011/05/13 14:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/07/23 12:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2012/02/06 13:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minitab
[2011/01/19 10:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ontrack Data Recovery
[2011/09/09 08:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/05/13 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/07 00:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/24 14:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\.freeciv
[2011/10/05 13:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\Autodesk
[2011/05/31 08:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\CASM
[2010/07/30 09:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\DAEMON Tools Lite
[2010/10/21 21:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\DMCache
[2011/02/16 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\Mael
[2012/02/25 11:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\ManyCam
[2011/11/02 12:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\webex
[2011/06/15 21:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\WinAVI
[2010/07/29 11:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HerrmannE\Application Data\Windows Desktop Search
[2012/02/28 09:15:07 | 000,000,554 | ---- | M] () -- C:\WINDOWS\Tasks\MATLAB R2011b Startup Accelerator.job
[2012/02/06 12:43:04 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Minitab Software Update Manager.job
[2012/02/28 07:08:20 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2012/02/27 17:11:27 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/02/28 09:08:24 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Signature Update.job
[2012/02/28 10:04:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/02/28 09:57:16 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{002AD1B9-2B20-42BB-91DB-13BBD3AD090D}.job
[2012/02/28 10:05:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7446D5DB-6F2C-4FFB-B339-4403DC4A0E29}.job
[2012/02/28 10:05:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{831D0E48-16AE-447E-BF57-35F4D5C17174}.job
[2012/02/28 10:08:00 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B11B3758-5A64-47DC-8922-45CA8183D177}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20

< End of report >
  • 0

Advertisements

#2
fgrocker
Posted 02 March 2012 - 08:05 AM

fgrocker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Would really like some help on this, if anyone is able. I have since installed and run SuperAntiSpyware and MalwareByte, and have not any more occurances of what I would assume to be trojan use. However, I would like to at least make sure my PC has a clean bill of health.

Thanks!
  • 0

#3
fgrocker
Posted 04 March 2012 - 11:38 AM

fgrocker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Forget it, someone please close this thread. I'm going to try elsewhere.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP