Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Computer Crawls, Please Help ! [Closed]


  • This topic is locked This topic is locked

#1
DKullman

DKullman

    Member

  • Member
  • PipPip
  • 14 posts
Hello,

My assistant's computer is acting really strange. Probably malware. Please help. Thank You, Darrel
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi we will need a tad more data :lol:

Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
DKullman

DKullman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you so much for your help. I ran OTL but only one log come up. Here it is:

OTL logfile created on: 3/16/2012 5:21:18 PM - Run 2
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\Steve\Desktop\Geeks 03-16-2012\OTL Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 71.09% Memory free
4.51 Gb Paging File | 3.57 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 23.59 Gb Free Space | 31.68% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION2NEW | User Name: Sheila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steve\Desktop\Geeks 03-16-2012\OTL Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe ()
PRC - C:\Program Files\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe ()
PRC - C:\Program Files\Egnyte Local Cloud\egnyte_local_cloud_systray.exe ()
PRC - C:\Program Files\Egnyte Local Cloud\egnyte_local_cloud_client.exe ()
PRC - C:\Program Files\ACT\Act for Windows\Sage.ACT.Integration.exe (Sage Software, Inc)
PRC - C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
PRC - C:\Program Files\ACT\Act for Windows\Act.Server.Host.exe (Microsoft)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\c00ea9c031e6f17e30317d9a0f493e06\Microsoft.Practices.Unity.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\11dc418898fe75448c609d03affe003b\Microsoft.Practices.Unity.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\45db208f2be1079f738be85e5086e18f\Microsoft.Practices.ObjectBuilder2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Genghis\7fcec9d8f037f41d358bf66278c2d433\Genghis.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.UI.SyncSetup\93cc95f13b89d8251dd13077f4a25737\Act.UI.SyncSetup.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\499ad32f7db19207ffba12c705e65f91\Act.Shared.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\d64a8bd2db835e3eecaea3683a836e17\Act.Shared.Win32.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\f631363302b9be592aa7c010ff09a37e\Act.Shared.Images.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\24a77be5b077d067334ea220709b5d8a\Act.Shared.Config.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Sync.Co#\e88b7de77ced319808e60865f0b9c0d7\Act.Outlook.Sync.Common.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\2e6cbf5a7628ac65178965f35482092b\Act.Outlook.Service.Shared.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\f52020e284a0c4997b5aa57b21f65fc6\Act.Outlook.Service.Interfaces.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\73d2b8cd52907b4f55d519a1dc640d83\Act.Outlook.Service.Desktop.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\66a77b7a5a98aa11d6166b5f5d809772\Act.Outlook.Service.AppCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Integra#\c5ca2fe0e575255f7a3e162b747747b8\Act.Outlook.Integration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Framework\584a65312a9272170d35d220fc671f51\Act.Framework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe ()
MOD - C:\Program Files\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe ()
MOD - C:\Program Files\Egnyte Local Cloud\egnyte_local_cloud_systray.exe ()
MOD - C:\Program Files\Egnyte Local Cloud\egnyte_local_cloud_client.exe ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a2f0173e\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f8924d4c\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6e5c1db1\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f2fac231\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_45a87111\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.ADChronopher\5390dfe3f708253c14a48936a2e3434a\Interop.ADChronopher.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Act.Shared.Sync\14.0.572.0__ebf6b2ff4d0a08aa\Act.Shared.Sync.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Act.Shared.Utilities\14.0.572.0__ebf6b2ff4d0a08aa\Act.Shared.Utilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Act.Shared.Diagnostics\14.0.572.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Win.Integration\14.0.572.0__ebf6b2ff4d0a08aa\Act.Outlook.Win.Integration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\14.0.572.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\win32_crypto.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_librsync_wrapper.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\pywintypes26.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\pythoncom26.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\servicemanager.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\win32api.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\win32service.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\win32pipe.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\win32event.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\win32file.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\win32cred.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_multiprocessing.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\select.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_hashlib.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\pyexpat.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_ctypes.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_elementtree.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_sqlite3.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_ssl.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\_socket.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\sqlite3.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\wx._misc_.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\wx._controls_.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\wx._windows_.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\wx._gdi_.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\wx._core_.pyd ()
MOD - C:\Program Files\Egnyte Local Cloud\wxmsw28uh_html_vc.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\wxmsw28uh_adv_vc.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\wxmsw28uh_core_vc.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\wxbase28uh_net_vc.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\wxbase28uh_vc.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files\Egnyte Local Cloud\pycurl.pyd ()
MOD - C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (egnyteSync) -- C:\Program Files\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe ()
SRV - (egnyteMon) -- C:\Program Files\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe ()
SRV - (Sage ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (ActService) -- C:\Program Files\ACT\Act for Windows\Act.Server.Host.exe (Microsoft)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV - (GoToAssist Express Customer) -- C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec AntiVirus\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (vsdatant) -- a File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found
DRV - (Changer) -- File not found
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120316.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120316.004\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (cbfs3) -- C:\WINDOWS\system32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (RsFx0150) -- C:\WINDOWS\system32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (atiide) -- C:\WINDOWS\system32\drivers\atiide.sys (ATI Technologies Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\..\SearchScopes,DefaultScope = {9FC1CA2A-3B8B-47A0-85B0-378FD7F22C14}
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\..\SearchScopes\{9FC1CA2A-3B8B-47A0-85B0-378FD7F22C14}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/01/27 12:49:14 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.250 brn001ba96572ec
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ELC Notifications] C:\Program Files\Egnyte Local Cloud\egnyte_local_cloud_systray.exe ()
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sage ACT! Integration.lnk = C:\Program Files\ACT\Act for Windows\Sage.ACT.Integration.exe (Sage Software, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3643176754-336196167-2597102772-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...ivex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1165271813734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1165271948359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://realist2.firs...r/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ab?rnd=90871118 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arroyoview.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4F2D89B-1AF7-43C0-8979-553179E86B3C}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 17:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Geeks 03-16-2012
[2012/03/13 12:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Citrix
[2012/03/09 18:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Interbank
[2012/02/22 16:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Egnyte Local Cloud Extensions
[2012/02/22 16:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\EgnyteLocalCloud
[2012/02/22 16:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Egnyte Local Cloud
[2012/02/22 16:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Egnyte Local Cloud
[2012/02/22 09:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\pswd
[2012/02/21 02:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\02-20-2012
[2012/02/17 14:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Mercedes Pics
[2012/02/16 15:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Joy-Wilson
[2011/10/03 18:44:12 | 002,124,656 | ---- | C] (Sage Software ) -- C:\Documents and Settings\Steve\Application Data\ACT2012HotFix_SS.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steve\My Documents\*.tmp files -> C:\Documents and Settings\Steve\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/16 17:00:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/16 16:54:39 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/03/16 16:48:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/16 16:48:40 | 3454,111,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/16 16:47:02 | 000,002,490 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/03/16 16:38:42 | 000,000,336 | ---- | M] () -- C:\WINDOWS\BRCALIB.INI
[2012/03/16 05:01:02 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job
[2012/03/15 20:00:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack backup.job
[2012/03/14 03:22:18 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:02:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 16:47:54 | 000,533,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/13 16:47:53 | 000,105,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/13 14:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/13 12:39:54 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\Steve\GoToAssistDownloadHelper.exe
[2012/03/02 18:01:12 | 000,171,410 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Interbank.pdf
[2012/03/01 06:00:02 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Monthly.job
[2012/02/27 13:19:03 | 000,466,116 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\MLS hand book.pdf
[2012/02/22 16:42:36 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Avf Local Cloud.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steve\My Documents\*.tmp files -> C:\Documents and Settings\Steve\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/13 12:39:53 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Steve\GoToAssistDownloadHelper.exe
[2012/03/02 18:01:12 | 000,171,410 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Interbank.pdf
[2012/02/27 13:19:03 | 000,466,116 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\MLS hand book.pdf
[2012/02/22 16:42:36 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Avf Local Cloud.lnk
[2012/02/15 22:31:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 22:31:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/10/17 13:46:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PNTINFO.INI
[2011/10/07 15:41:09 | 000,182,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/17 22:42:44 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll
[2011/07/01 14:24:50 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 12:57:14 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Comma Separated Values (Windows).ADR
[2011/03/22 12:52:36 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/03/22 12:52:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/27 22:51:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/27 13:43:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2011/01/25 17:22:42 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/01/25 17:22:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/01/25 17:22:27 | 000,000,336 | ---- | C] () -- C:\WINDOWS\BRCALIB.INI
[2011/01/25 17:20:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/01/25 17:20:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/01/25 17:20:45 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADC10A.DAT
[2010/10/15 09:22:41 | 000,105,619 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/10/15 09:22:41 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

========== LOP Check ==========

[2011/10/03 19:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2011/03/22 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2011/03/17 11:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Growl
[2011/04/07 22:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JungleDisk
[2012/03/16 03:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/03/22 12:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/03 19:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage Software, Inc
[2011/03/22 12:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/02/15 11:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/26 15:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2006/12/05 15:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carolyn Kelley\Application Data\Interact Commerce
[2007/02/09 11:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\24U
[2010/10/18 13:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\Calyx Software
[2007/02/06 17:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\Interact Commerce
[2007/02/09 11:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\net.dacons.mail.it
[2011/01/26 15:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\Nuance
[2008/11/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\OfficeUpdate12
[2010/10/20 13:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\Windows Desktop Search
[2010/12/29 16:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\Windows Search
[2011/01/26 15:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ckelley\Application Data\Zeon
[2011/01/25 17:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance
[2011/10/03 18:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ACT
[2011/01/28 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Calyx Software
[2011/01/27 13:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ControlCenter4
[2012/03/16 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\EgnyteLocalCloud
[2011/10/03 19:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\IsolatedStorage
[2011/03/22 08:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Nuance
[2011/11/16 18:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\PC-FAX TX
[2011/01/27 13:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Desktop Search
[2011/06/14 10:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2011/03/22 08:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Zeon
[2011/01/27 13:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test123\Application Data\ControlCenter4
[2011/01/27 13:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test123\Application Data\Windows Desktop Search
[2012/03/16 05:01:02 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job
[2012/03/01 06:00:02 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job
[2012/03/15 20:00:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack backup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A4F2D89B-1AF7-43C0-8979-553179E86B3C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 11:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 04:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C41CE1F6

< End of report >


Here is the aswMBR log:

<html><head><title>Apache Tomcat/5.5.24 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/5.5.24</h3></body></html>aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 17:34:15
-----------------------------
17:34:15.921 OS Version: Windows 5.1.2600 Service Pack 3
17:34:15.921 Number of processors: 2 586 0x409
17:34:15.921 ComputerName: WORKSTATION2NEW UserName: Sheila
17:34:16.671 Initialize success
17:37:06.437 AVAST engine defs: 12031600
17:37:09.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
17:37:09.671 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
17:37:09.718 Disk 0 MBR read successfully
17:37:09.718 Disk 0 MBR scan
17:37:09.750 Disk 0 Windows XP default MBR code
17:37:09.750 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:37:09.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
17:37:09.781 Disk 0 scanning sectors +156232125
17:37:09.921 Disk 0 scanning C:\WINDOWS\system32\drivers
17:37:27.843 Service scanning
17:37:56.750 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
17:37:59.187 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
17:37:59.750 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
17:38:01.500 Modules scanning
17:38:08.250 Disk 0 trace - called modules:
17:38:08.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll atiide.sys PCIIDEX.SYS
17:38:08.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af2eab8]
17:38:08.265 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8af43d98]
17:38:08.890 AVAST engine scan C:\WINDOWS
17:38:18.546 AVAST engine scan C:\WINDOWS\system32
17:44:20.500 AVAST engine scan C:\WINDOWS\system32\drivers
17:44:50.921 AVAST engine scan C:\Documents and Settings\Steve
18:08:53.031 AVAST engine scan C:\Documents and Settings\All Users
18:14:52.390 Scan finished successfully
21:37:48.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve\Desktop\Geeks 03-16-2012\aswMBR\MBR.dat"
21:37:48.890 The log file has been saved successfully to "C:\Documents and Settings\Steve\Desktop\Geeks 03-16-2012\aswMBR\aswMBR.txt"

Thank You Again!! , Darrel
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is this a server or is it on a local network ? As I see a lot of cloud backup services running

Do you do regular maintenance i.e empty temporary folders and defragment the drive.

At the moment I can see no apparent malware

But lets run a deep scan to confirm that

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#5
DKullman

DKullman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK. Here is the rerport from AVPT. I found a couple of things:

Status: Disinfected (events: 2)
3/19/2012 7:16:47 AM Disinfected Trojan program Trojan-Downloader.Win32.Deliver.mk Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:ach 01][Subject:ACH Transfer Review][Time:2011/08/02 22:16:04]/FormApp_23131.zip High
3/19/2012 7:16:45 AM Disinfected Trojan program Trojan-Downloader.Win32.Deliver.mk Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:ach 01][Subject:ACH Transfer Review][Time:2011/08/02 22:16:04]/FormApp_23131.zip/FormApp_23131.exe High

Analysis is attached, Thank You !

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is no apparent malware there - what are the exact symptoms you are experiencing
  • 0

#7
DKullman

DKullman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Just really slow. Freezes from time to time. Application not opening quickly and re-boot takes aprox 30 minutes. A lot of issues with outlook getting jammed up, not wanting to send. I've defragged before but it just doesn’t seem to clear up. Dell Optipex Pentium 4 3.00 GHz with 4 gigs of RAM. I just don't get it. Have two other machines just like it running basically the same applications. They are lightening fast (for a Pentium 4). In my first post one of the machines definitely had a virus. Seemed that after we ran all the fixes, the machine is running faster than before it had the virus. I appreciate your help. Any suggestions are great. Darrel
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you tried Bootvis on this system... I used it a few times on XP with good results

Bootvis download link
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP