Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mshta virus

Started by Sarah.D , Jun 29 2012 11:27 AM

  • Please log in to reply

#1
Sarah.D
Posted 29 June 2012 - 11:27 AM

Sarah.D

    New Member

  • Member
  • Pip
  • 7 posts
I was streaming a baseball game and a pop-up for some fake anti-virus software popped up. I closed it without clicking on it, but then my computer started slowing down dramatically. I checked the processes and there were between 20 and 30 mshta.exe processes running. I have run TrendMicro and MalwareBites but they only removed some cookies.

I can stop the processes by ending the process tree and they don't reappear. When I start up, I frequently only have one or two. However, after a few hours of working on my machine, they have all reappeared and my computer slows to a crawl.

I understand that mshta.exe is a necessary Windows process, but having 20-30 at one time when only one Internet browser window is open appears to be a virus. Could you help me clean off my computer?

Here is my OTL Log:
OTL logfile created on: 6/29/2012 12:52:38 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\kdavis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.28% Memory free
3.72 Gb Paging File | 3.15 Gb Available in Paging File | 84.76% Paging File free
Paging file location(s): C:\pagefile.sys 1915 3096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.84 Gb Free Space | 34.47% Space Free | Partition Type: NTFS
Drive H: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive I: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive J: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive M: | 148.03 Gb Total Space | 66.83 Gb Free Space | 45.15% Space Free | Partition Type: NTFS
Drive N: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive P: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive R: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive T: | 298.09 Gb Total Space | 297.94 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive U: | 136.38 Gb Total Space | 1.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive W: | 74.46 Gb Total Space | 7.34 Gb Free Space | 9.85% Space Free | Partition Type: NTFS
Drive Z: | 136.38 Gb Total Space | 1.53 Gb Free Space | 1.12% Space Free | Partition Type: NTFS

Computer Name: STAFF5 | User Name: kdavis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/28 10:44:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kdavis\Desktop\OTL.exe
PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/05/22 08:33:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/05/22 08:33:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/25 02:27:48 | 001,081,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2011/11/16 08:54:25 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2011/10/17 03:41:42 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/09/26 20:32:18 | 000,196,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/08/15 20:26:46 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2011/06/10 16:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/02 22:57:42 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/07 09:53:35 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\kdavis\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/07 09:53:35 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\kdavis\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2011/11/16 08:37:40 | 000,126,976 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpClient.dll
MOD - [2011/11/16 08:37:26 | 000,233,472 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpServer.dll
MOD - [2011/10/05 04:15:22 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2011/01/03 22:53:26 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/01/03 22:53:26 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/01/03 09:53:53 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/01/03 09:53:53 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\boost_thread-vc80-mt-1_36.dll
MOD - [2009/07/09 03:05:46 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2009/07/09 03:02:14 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2006/03/02 23:16:22 | 000,155,698 | ---- | M] () -- C:\pvsw\bin\w3comsrv.dll
MOD - [2006/03/02 22:57:42 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\GreenPrint\GPSRHT01.exe -- (GreenPrint)
SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/06/12 20:50:14 | 000,037,616 | ---- | M] (NV Access Limited) [Disabled | Stopped] -- C:\Program Files\NVDA\nvda_service.exe -- (nvda)
SRV - [2012/06/07 12:28:28 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/22 08:33:59 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/05/22 08:33:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/16 08:54:25 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (TmListen)
SRV - [2011/06/10 16:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/17 15:29:48 | 000,016,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Freedom Scientific\JAWS\11.0\JTVNCProxy.exe -- (JTVNCProxy_11.0)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Disabled | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/22 08:33:37 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/06/23 05:34:42 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/06/23 05:34:32 | 000,065,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/06/23 05:34:24 | 000,191,248 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/06/10 16:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/12/06 16:27:12 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/09/17 15:33:42 | 000,014,880 | ---- | M] (Freedom Scientific BLV Group, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\powerbrl.sys -- (PowerBrl)
DRV - [2010/06/10 01:34:39 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {34c51bf3-5fb2-4799-8cca-d5b8567cf7ef}:1.3
FF - prefs.js..extensions.enabledItems: {21D01944-2878-4eb3-A72A-83E8D1E6D4A6}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1075
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2475029&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/01/09 19:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 12:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 15:49:54 | 000,000,000 | ---D | M]

[2009/10/02 09:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kdavis\Application Data\Mozilla\Extensions
[2012/06/07 13:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kdavis\Application Data\Mozilla\Firefox\Profiles\sanb13wk.default\extensions
[2010/05/11 09:31:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kdavis\Application Data\Mozilla\Firefox\Profiles\sanb13wk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/19 11:41:54 | 000,000,000 | ---D | M] (Colour Contrast Analyser) -- C:\Documents and Settings\kdavis\Application Data\Mozilla\Firefox\Profiles\sanb13wk.default\extensions\{34c51bf3-5fb2-4799-8cca-d5b8567cf7ef}
[2012/06/07 13:05:42 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\kdavis\Application Data\Mozilla\Firefox\Profiles\sanb13wk.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/01/20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\kdavis\Application Data\Mozilla\Firefox\Profiles\sanb13wk.default\searchplugins\conduit.xml
[2012/06/07 12:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 10:35:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/01/19 13:57:06 | 000,073,128 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KDAVIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SANB13WK.DEFAULT\EXTENSIONS\{21D01944-2878-4EB3-A72A-83E8D1E6D4A6}.XPI
[2012/01/19 13:57:07 | 000,413,408 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KDAVIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SANB13WK.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/06/07 13:05:32 | 001,335,949 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KDAVIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SANB13WK.DEFAULT\EXTENSIONS\[email protected]
[2012/02/14 16:18:43 | 000,113,603 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KDAVIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SANB13WK.DEFAULT\EXTENSIONS\[email protected]
[2012/02/14 16:18:44 | 000,426,790 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KDAVIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SANB13WK.DEFAULT\EXTENSIONS\[email protected]
[2012/06/07 12:28:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/30 10:36:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/04 10:12:07 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2007/11/20 18:02:00 | 002,588,672 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2007/07/25 11:05:57 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/09/12 11:19:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/09/12 11:22:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2012/06/07 12:28:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/07 12:28:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\kdavis\Application Data\Mozilla\plugins\npatgpc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.347 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: Turner Media Plugin 1.0.0.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk = C:\pvsw\bin\w3dbsmgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll (VisualWare)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://uwsrv:4343/o...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70752} https://uwsrv.uwi.lo...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://uwsrv:4343/o...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://uwsrv:4343/S...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://ira.ieee.org...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1261079168578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1261079161609 (MUWebControl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.../sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://uwsrv:4343/S...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.121.2 68.87.73.242 68.87.71.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uwi.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DFD78AC-2949-478A-AF44-BF8CE9B44A8C}: DhcpNameServer = 192.168.121.2 68.87.73.242 68.87.71.226
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/04 11:34:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/26 15:31:03 | 000,000,000 | ---D | M] - U:\AutoRuns -- [ NTFS ]
O33 - MountPoints2\{44c2a663-90a5-11dd-814a-0011115ea624}\Shell - "" = AutoRun
O33 - MountPoints2\{44c2a663-90a5-11dd-814a-0011115ea624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44c2a663-90a5-11dd-814a-0011115ea624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/28 10:44:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kdavis\Desktop\OTL.exe
[2012/06/27 16:15:59 | 000,000,000 | ---D | C] -- \\uwsrv\home\kdavis\SnagIt
[2012/06/13 11:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVDA
[2012/06/11 13:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kdavis\Application Data\nvda
[2012/06/11 13:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVDA
[2012/06/07 12:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/07 12:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/06 11:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 12:49:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/06/29 12:46:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/29 12:46:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/29 12:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/29 12:42:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/06/29 12:09:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/29 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 22:39:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/28 14:58:15 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/06/28 14:47:49 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/06/28 10:44:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kdavis\Desktop\OTL.exe
[2012/06/28 09:15:45 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-QM094.msg
[2012/06/28 09:15:45 | 000,000,439 | ---- | M] () -- C:\WINDOWS\is-QM094.lst
[2012/06/25 15:20:46 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\kdavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/21 08:06:05 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\kdavis\Desktop\Shortcut to SBIR Aug 2012.lnk
[2012/06/15 16:31:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/13 11:17:25 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NVDA.lnk
[2012/06/11 23:47:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/07 12:56:03 | 002,000,000 | ---- | M] () -- C:\WINDOWS\System32\HJSMEM.DAT
[2012/06/07 12:44:47 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\kdavis\Desktop\GoToWebinar.lnk
[2012/06/07 12:44:47 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\kdavis\Desktop\GoToMeeting.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/28 09:15:45 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-QM094.msg
[2012/06/28 09:15:45 | 000,000,439 | ---- | C] () -- C:\WINDOWS\is-QM094.lst
[2012/06/21 08:06:08 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\kdavis\Desktop\Shortcut to SBIR Aug 2012.lnk
[2012/06/13 11:17:25 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NVDA.lnk
[2012/05/24 12:29:21 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\kdavis\g2mdlhlpx.exe
[2011/11/30 11:44:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/11/30 11:43:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/11/30 11:43:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/02/01 11:45:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/23 12:49:07 | 000,011,230 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\wert.exe
[2010/10/04 16:23:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/04 14:37:33 | 000,000,067 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/17 15:47:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\wa4jfw.dll
[2010/09/17 14:52:32 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2010/09/17 14:50:46 | 002,000,000 | ---- | C] () -- C:\WINDOWS\System32\HJSMEM.DAT
[2010/07/29 10:36:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/25 15:27:33 | 000,000,032 | RHS- | C] () -- C:\Documents and Settings\kdavis\Local Settings\Application Data\t56.dat
[2009/10/14 11:47:59 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\kdavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/02 13:09:51 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/04 13:24:14 | 000,017,916 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2007/10/16 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/10/28 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/10/24 08:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2010/03/25 15:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Axure
[2011/12/27 16:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2008/01/21 12:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/10/12 14:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom Scientific
[2010/01/27 15:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GreenPrint
[2012/06/29 00:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/01/26 16:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/20 15:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/08/21 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/10/19 15:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/29 10:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/25 15:26:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}
[2011/09/21 14:36:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51FD32EA-E4C2-4869-8F48-1309A2E26BCD}
[2009/04/14 09:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/13 15:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\.minecraft
[2010/10/28 16:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Ashampoo
[2010/12/15 15:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Auslogics
[2010/03/25 15:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Axure
[2012/06/28 15:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Dropbox
[2012/05/24 14:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Elluminate
[2010/10/12 14:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Freedom Scientific
[2010/05/20 16:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\NetSpell
[2010/10/12 14:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Notepad++
[2012/06/11 13:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\nvda
[2010/09/21 15:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\PopCapv1000
[2010/09/22 09:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\PopCapv1002
[2010/10/01 14:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\PopCapv1003
[2010/09/22 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\PopCapv1004
[2010/09/22 13:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\SpinTop Games
[2009/12/22 18:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\TechSmith
[2011/10/25 14:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\webex
[2010/01/27 17:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kdavis\Application Data\Wildfire
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/06/28 14:47:49 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/06/29 12:49:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/06/29 12:45:35 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/06/28 14:58:15 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2012/05/07 06:50:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job
[2012/06/29 12:09:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A384652A

< End of report >
  • 0

Advertisements

#2
azarl
Posted 06 July 2012 - 12:47 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

I can see some things we need rid of but we'll check nothing is hiding first

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Sarah.D
Posted 06 July 2012 - 03:28 PM

Sarah.D

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Forgive me, the computer having an issue is my work computer and I can't get to it to perform these tasks before I leave for the day.
Would it be alright to get back to you on Monday? I know that it means a couple of days delay for you, but I would like to avoid going in to work on Saturday, if I can.
However, if you would like to get this over with ASAP, I will head in tomorrow morning to work on it.

Thank you for your time helping me with this, I do appreciate it.
  • 0

#4
azarl
Posted 07 July 2012 - 02:10 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Forgive me, the computer having an issue is my work computer and I can't get to it to perform these tasks before I leave for the day.
Would it be alright to get back to you on Monday? I know that it means a couple of days delay for you, but I would like to avoid going in to work on Saturday, if I can.
However, if you would like to get this over with ASAP, I will head in tomorrow morning to work on it.

Thank you for your time helping me with this, I do appreciate it.

SUre. One question. Do you have or need permission from work to do this (if it's their computer)? Just to confirm as many companies don't like outside people involved with their IT.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP