Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Boot after Norton "fixed" Trojan.Gen.2.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Robert Burghardt

Robert Burghardt

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 04 December 2011 - 01:29 PM

I've been struggling with this for a couple of days now and am hoping the experts here can help me out.

My wife was running her laptop without any virus protection for a while (it's a long story - don't get me started). Anyway, she complained about tabs appearing in Firefox with a spam site. So, after a little research, I figured the first thing I should do is get some virus protection going.

Well, I got Norton's Anti-virus and got the latest definitions and ran a full scan. It found a bunch of tracking cookies and found Trojan.Gen.2 in the file c:\windows\system32\consrv.dll. Norton's activity shows that it removed this file.

After the scan was completed, I re-booted and now Windows won't boot (it's Windows 7 SP 1). So, I need to go back to a restore point from a couple of days ago and I'm back at square one with the virus still in tact.

Should I be using something other than Norton? Is there something else I can do to get rid of this virus? Thank you in advance....

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:38 AM

Posted 04 December 2011 - 01:57 PM

will it boot into safe mode via hitting F8 just after the BIOS Post screen?

#3 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 04 December 2011 - 02:06 PM

First of all, thank you for the reply Bleepin Madman.

I tried to boot into Safe Mode. Windows lists all of the files it processes - the last file loaded is CLASSPNP.SYS, then it crashes and just re-boots again. So, I guess the short answer is "no, it will not boot into safe mode"

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:38 PM

Posted 05 December 2011 - 01:51 AM

Hello Robert Burghardt,

Welcome to Bleeping computer. I will be assisting you with this issue.

I'll move the topic to the appropriate forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 December 2011 - 08:50 AM

Thank you for the reply, Farbar. Right now, I have the system restored to an old recovery point so I can boot fine and use the computer. Of course, the virus is still there, too.

For these steps you specify using the recovery tool, it seems like those are steps to fix the boot problem, is that correct?

Since my computer is currently booting OK, but still has the virus, I think I'm looking for a way to get rid of this virus without killing the boot process. OR, should I go ahead and have Norton kill the virus (and kill the boot process) and then follow the instructions you gave to get the FIRST.TXT log?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:38 PM

Posted 05 December 2011 - 09:21 AM

Without going into details the tool can remove the main infection without killing the boot process, then from the normal mode the leftovers could be easily removed without risk of getting a none bootable computer.

So I suggest you run the tool as instructed from System Recovery Options and post the log.

#7 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 December 2011 - 10:39 AM

OK, thank you, I will do that in the next hour or so. Thank you!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:38 PM

Posted 05 December 2011 - 11:00 AM

:thumbup2:

#9 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 December 2011 - 04:54 PM

Here are the contents of the FRST.TXT file:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-05 16:50:54
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-05-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKU\Shannon\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
HKU\Shannon\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [12210176 2011-11-11] (SugarSync, Inc.)
HKU\Shannon\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-23] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 lxedCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
2 lxed_device; C:\windows\system32\lxedcoms.exe -service [1052328 2010-04-14] ( )
2 N360; "C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\diMaster.dll" /prefetch:1 [262584 2010-12-02] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [103792 2010-01-28] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-02] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [476792 2010-11-10] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111203.009\ENG64.SYS [117880 2011-12-02] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111203.009\EX64.SYS [2048632 2011-12-02] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\drivers\N360x64\0500000.07D\SRTSP64.SYS [735864 2010-11-22] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0500000.07D\SRTSPX64.SYS [40568 2010-11-22] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0500000.07D\SYMDS64.SYS [450608 2010-10-20] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0500000.07D\SYMEFA64.SYS [802864 2010-11-17] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174640 2011-12-03] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0500000.07D\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\drivers\N360x64\0500000.07D\SYMNETS.SYS [382072 2010-11-30] (Symantec Corporation)
1 cgnuzjtu; \??\C:\windows\system32\drivers\cgnuzjtu.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-04 11:39 - 2011-12-04 11:39 - 0000000 ____D C:\Program Files\Symantec
2011-12-04 11:00 - 2011-12-04 11:00 - 0002520 ____A C:\Users\Shannon\Documents\Norton Antivirus results 4-Dec-2011 2pm.txt
2011-12-04 07:49 - 2011-12-04 07:49 - 0007606 ____A C:\Users\Shannon\AppData\Local\Resmon.ResmonCfg
2011-12-03 23:26 - 2011-12-03 23:26 - 0000000 ____D C:\Users\Shannon\AppData\Local\Symantec
2011-12-03 19:29 - 2011-12-04 15:56 - 0000000 ____D C:\Windows\System32\SPReview
2011-12-03 19:24 - 2011-12-04 15:56 - 0000000 ____D C:\a4fd4b23700150152971e447f8
2011-12-03 19:24 - 2011-12-03 19:24 - 0000000 ____D C:\Windows\System32\EventProviders
2011-12-03 19:17 - 2011-10-27 20:05 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-03 19:02 - 2011-12-03 19:02 - 0174640 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2011-12-03 19:02 - 2011-12-03 19:02 - 0007440 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2011-12-03 19:02 - 2011-12-03 19:02 - 0003225 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2011-12-03 19:02 - 2011-12-03 19:02 - 0000854 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2011-12-03 19:02 - 2010-08-20 20:59 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2011-12-03 18:58 - 2011-12-03 18:58 - 0397928 ____A (Symantec Corporation) C:\Users\Shannon\Downloads\Norton_Download_Manager.exe
2011-12-03 18:58 - 2011-12-03 18:58 - 0001381 ____A C:\Users\Shannon\Desktop\Norton Installation Files.lnk
2011-12-03 16:09 - 2011-12-03 16:09 - 0000000 ___HD C:\$AVG
2011-12-03 15:39 - 2011-12-03 15:39 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\AVG2012
2011-12-03 15:37 - 2011-12-03 20:02 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2011-12-03 15:37 - 2011-12-03 20:02 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2011-12-03 15:36 - 2011-12-03 20:02 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-12-03 15:36 - 2011-12-03 20:02 - 0000000 ____D C:\Users\All Users\AVG2012
2011-12-03 15:36 - 2011-12-03 20:02 - 0000000 ____D C:\ProgramData\AVG2012
2011-12-03 15:35 - 2011-12-03 20:28 - 0000000 ____D C:\Program Files (x86)\AVG
2011-12-03 15:32 - 2011-12-03 20:44 - 0000000 ____D C:\Users\All Users\MFAData
2011-12-03 15:32 - 2011-12-03 20:44 - 0000000 ____D C:\ProgramData\MFAData
2011-12-03 13:01 - 2011-12-03 16:44 - 0001863 ____A C:\aaw7boot.log
2011-12-03 11:03 - 2011-12-03 21:09 - 0000000 ____D C:\Program Files (x86)\adawaretb
2011-12-03 11:03 - 2011-12-03 20:55 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2011-12-03 11:03 - 2011-12-03 20:55 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2011-12-03 11:03 - 2011-12-03 20:55 - 0000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2011-12-03 11:03 - 2011-12-03 20:40 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-12-03 11:03 - 2011-12-03 20:40 - 0000000 ____D C:\ProgramData\Lavasoft
2011-12-03 11:03 - 2011-12-03 20:40 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-12-03 11:03 - 2011-12-03 11:03 - 0000000 ____D C:\Users\Shannon\AppData\Local\adaware
2011-12-01 19:03 - 2011-12-01 19:03 - 0014290 ____A C:\Users\Shannon\Documents\The China Problem Revisited.docx
2011-11-30 19:16 - 2011-12-03 20:51 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\SUPERAntiSpyware.com
2011-11-30 19:15 - 2011-12-03 21:27 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-11-30 19:15 - 2011-11-30 19:15 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-11-30 19:15 - 2011-11-30 19:15 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-11-30 16:29 - 2011-12-04 03:04 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-30 16:29 - 2011-12-03 20:51 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-30 16:29 - 2011-12-03 20:51 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-30 16:29 - 2011-11-30 16:29 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Malwarebytes
2011-11-30 16:27 - 2011-12-03 21:09 - 0000000 ____D C:\Users\Shannon\Downloads\tdsskiller
2011-11-30 16:27 - 2011-11-30 16:28 - 0075112 ____A C:\TDSSKiller.2.6.21.0_30.11.2011_19.27.46_log.txt
2011-11-30 16:27 - 2011-11-30 16:27 - 1547774 ____A C:\Users\Shannon\Downloads\tdsskiller.zip
2011-11-30 13:59 - 2011-11-30 13:59 - 0017706 ____A C:\Users\Shannon\Downloads\Sub
2011-11-30 06:22 - 2011-12-04 15:56 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-11-30 06:22 - 2011-12-04 15:44 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-11-27 13:59 - 2011-11-27 13:59 - 0000000 __ASH C:\Users\Shannon\AppData\Local.LOG2
2011-11-27 13:59 - 2011-11-27 13:59 - 0000000 __ASH C:\Users\Shannon\AppData\Local.LOG1
2011-11-27 10:15 - 2011-11-30 06:22 - 0000000 ____D C:\Program Files (x86)\Norton Security Suite
2011-11-27 10:14 - 2011-11-27 10:14 - 0000000 ____D C:\Users\Shannon\Documents\Symantec
2011-11-27 10:13 - 2011-11-27 10:13 - 0000000 ____D C:\Users\Public\Downloads\Norton
2011-11-27 10:04 - 2011-11-27 10:05 - 0000000 ____D C:\Users\Shannon\AppData\Local\ID Vault
2011-11-27 10:04 - 2011-11-27 10:04 - 0000000 ____D C:\Users\All Users\IsolatedStorage
2011-11-27 10:04 - 2011-11-27 10:04 - 0000000 ____D C:\ProgramData\IsolatedStorage
2011-11-27 10:03 - 2011-12-03 21:04 - 0000000 ____D C:\Program Files (x86)\SFT
2011-11-27 10:03 - 2011-11-27 10:11 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\ID Vault
2011-11-27 10:03 - 2011-11-27 10:03 - 0000000 ____D C:\Users\All Users\GID
2011-11-27 10:03 - 2011-11-27 10:03 - 0000000 ____D C:\ProgramData\GID
2011-11-27 10:02 - 2011-12-03 21:27 - 0000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2011-11-27 10:02 - 2011-11-27 18:10 - 0000000 ____D C:\Program Files (x86)\xfin_portal
2011-11-27 10:02 - 2011-11-27 10:02 - 0000000 ____D C:\Program Files (x86)\comcasttb
2011-11-27 10:02 - 2011-11-27 10:02 - 0000000 ____D C:\Program Files (x86)\CA
2011-11-27 10:01 - 2011-12-03 21:04 - 0000000 ____D C:\Users\All Users\White Sky, Inc
2011-11-27 10:01 - 2011-12-03 21:04 - 0000000 ____D C:\ProgramData\White Sky, Inc
2011-11-23 07:48 - 2011-11-23 07:48 - 0000000 ____A C:\Windows\SysWOW64\c0TR2o2.com.b
2011-11-23 07:44 - 2011-12-05 11:08 - 0000350 ____A C:\Windows\Tasks\At30.job
2011-11-23 07:44 - 2011-12-05 11:08 - 0000348 ____A C:\Windows\Tasks\At29.job
2011-11-23 07:44 - 2011-12-05 10:08 - 0000350 ____A C:\Windows\Tasks\At28.job
2011-11-23 07:44 - 2011-12-05 10:08 - 0000348 ____A C:\Windows\Tasks\At27.job
2011-11-23 07:44 - 2011-12-05 09:08 - 0000350 ____A C:\Windows\Tasks\At26.job
2011-11-23 07:44 - 2011-12-05 09:08 - 0000348 ____A C:\Windows\Tasks\At25.job
2011-11-23 07:44 - 2011-12-05 08:08 - 0000350 ____A C:\Windows\Tasks\At24.job
2011-11-23 07:44 - 2011-12-05 08:08 - 0000348 ____A C:\Windows\Tasks\At23.job
2011-11-23 07:44 - 2011-12-05 07:08 - 0000350 ____A C:\Windows\Tasks\At22.job
2011-11-23 07:44 - 2011-12-05 07:08 - 0000348 ____A C:\Windows\Tasks\At21.job
2011-11-23 07:44 - 2011-12-05 06:08 - 0000350 ____A C:\Windows\Tasks\At20.job
2011-11-23 07:44 - 2011-12-05 06:08 - 0000348 ____A C:\Windows\Tasks\At19.job
2011-11-23 07:44 - 2011-12-05 05:08 - 0000350 ____A C:\Windows\Tasks\At18.job
2011-11-23 07:44 - 2011-12-05 05:08 - 0000348 ____A C:\Windows\Tasks\At17.job
2011-11-23 07:44 - 2011-12-04 19:08 - 0000350 ____A C:\Windows\Tasks\At46.job
2011-11-23 07:44 - 2011-12-04 19:08 - 0000348 ____A C:\Windows\Tasks\At45.job
2011-11-23 07:44 - 2011-12-04 18:08 - 0000350 ____A C:\Windows\Tasks\At44.job
2011-11-23 07:44 - 2011-12-04 18:08 - 0000348 ____A C:\Windows\Tasks\At43.job
2011-11-23 07:44 - 2011-12-04 13:08 - 0000350 ____A C:\Windows\Tasks\At34.job
2011-11-23 07:44 - 2011-12-04 13:08 - 0000348 ____A C:\Windows\Tasks\At33.job
2011-11-23 07:44 - 2011-11-28 17:08 - 0000350 ____A C:\Windows\Tasks\At42.job
2011-11-23 07:44 - 2011-11-28 17:08 - 0000348 ____A C:\Windows\Tasks\At41.job
2011-11-23 07:44 - 2011-11-28 16:08 - 0000350 ____A C:\Windows\Tasks\At40.job
2011-11-23 07:44 - 2011-11-28 16:08 - 0000348 ____A C:\Windows\Tasks\At39.job
2011-11-23 07:44 - 2011-11-28 15:08 - 0000350 ____A C:\Windows\Tasks\At38.job
2011-11-23 07:44 - 2011-11-28 15:08 - 0000348 ____A C:\Windows\Tasks\At37.job
2011-11-23 07:44 - 2011-11-28 14:08 - 0000350 ____A C:\Windows\Tasks\At36.job
2011-11-23 07:44 - 2011-11-28 14:08 - 0000348 ____A C:\Windows\Tasks\At35.job
2011-11-23 07:44 - 2011-11-28 12:08 - 0000350 ____A C:\Windows\Tasks\At32.job
2011-11-23 07:44 - 2011-11-28 12:08 - 0000348 ____A C:\Windows\Tasks\At31.job
2011-11-23 07:44 - 2011-11-27 20:08 - 0000350 ____A C:\Windows\Tasks\At48.job
2011-11-23 07:44 - 2011-11-27 20:08 - 0000348 ____A C:\Windows\Tasks\At47.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At8.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At6.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At4.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At2.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At16.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At14.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At12.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At10.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At9.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At7.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At5.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At3.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At15.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At13.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At11.job
2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At1.job
2011-11-23 07:44 - 2011-11-23 07:51 - 0000112 ____A C:\Users\All Users\j2WCw0.dat
2011-11-23 07:44 - 2011-11-23 07:51 - 0000112 ____A C:\ProgramData\j2WCw0.dat
2011-11-23 07:33 - 2011-11-23 07:33 - 0000000 ____D C:\Windows\system64
2011-11-20 16:15 - 2011-12-03 21:20 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-20 12:45 - 2011-11-20 12:49 - 0012677 ____A C:\Users\Shannon\Documents\Tori Xmas List 2011.docx
2011-11-17 07:48 - 2011-11-17 07:48 - 0008111 ____A C:\Users\Shannon\Downloads\Diversity Iceberg SB doc.notebook
2011-11-09 15:40 - 2011-11-09 15:40 - 0012609 ____A C:\Users\Shannon\Documents\PTCA Gen Mem Mtg 110911.docx
2011-11-09 14:40 - 2011-11-09 15:35 - 0013790 ____A C:\Users\Shannon\Documents\PTCA Board Mtg 119.docx
2011-11-09 10:33 - 2011-09-29 08:24 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-09 10:33 - 2011-09-28 20:09 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-07 06:05 - 2011-11-07 06:06 - 0000000 ____D C:\Users\Shannon\Documents\BASD Strategic PLanning


============ 3 Months Modified Files and Folders =============

2011-12-05 16:51 - 2011-12-05 16:50 - 0000000 ____D C:\FRST
2011-12-05 11:47 - 2011-10-18 08:59 - 0000000 ____D C:\Users\Shannon\Documents\Mod Am Hist
2011-12-05 11:47 - 2010-06-11 05:14 - 1345567 ____A C:\Windows\WindowsUpdate.log
2011-12-05 11:31 - 2010-09-04 09:15 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-12-05 11:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At30.job
2011-12-05 11:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At29.job
2011-12-05 10:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At28.job
2011-12-05 10:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At27.job
2011-12-05 09:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At26.job
2011-12-05 09:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At25.job
2011-12-05 08:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At24.job
2011-12-05 08:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At23.job
2011-12-05 07:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At22.job
2011-12-05 07:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At21.job
2011-12-05 06:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At20.job
2011-12-05 06:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At19.job
2011-12-05 05:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At18.job
2011-12-05 05:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At17.job
2011-12-05 04:35 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-05 04:35 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-05 04:33 - 2009-07-13 20:51 - 0074877 ____A C:\Windows\setupact.log
2011-12-05 04:27 - 2010-09-04 09:15 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-12-05 04:27 - 2010-06-11 05:11 - 3062255616 __ASH C:\hiberfil.sys
2011-12-05 04:27 - 2010-03-23 17:53 - 0242332 ____A C:\Windows\PFRO.log
2011-12-05 04:27 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-04 19:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At46.job
2011-12-04 19:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At45.job
2011-12-04 18:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At44.job
2011-12-04 18:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At43.job
2011-12-04 15:59 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-12-04 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-12-04 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-12-04 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-12-04 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-12-04 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-12-04 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-12-04 15:59 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-12-04 15:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2011-12-04 15:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2011-12-04 15:57 - 2009-07-13 19:20 - 0000000 ___AD C:\Windows\System32\sysprep
2011-12-04 15:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2011-12-04 15:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2011-12-04 15:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2011-12-04 15:56 - 2011-12-03 19:29 - 0000000 ____D C:\Windows\System32\SPReview
2011-12-04 15:56 - 2011-12-03 19:24 - 0000000 ____D C:\a4fd4b23700150152971e447f8
2011-12-04 15:56 - 2011-11-30 06:22 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-04 15:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-12-04 15:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-12-04 15:56 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-04 15:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-12-04 15:44 - 2011-11-30 06:22 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-12-04 15:41 - 2011-05-19 08:16 - 0000000 ____D C:\Users\All Users\Real
2011-12-04 15:41 - 2011-05-19 08:16 - 0000000 ____D C:\ProgramData\Real
2011-12-04 15:41 - 2010-06-11 05:46 - 0000000 ____D C:\Users\All Users\Norton
2011-12-04 15:41 - 2010-06-11 05:46 - 0000000 ____D C:\ProgramData\Norton
2011-12-04 13:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At34.job
2011-12-04 13:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At33.job
2011-12-04 13:02 - 2010-09-04 09:06 - 0000000 ____D C:\users\Shannon
2011-12-04 13:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-12-04 11:39 - 2011-12-04 11:39 - 0000000 ____D C:\Program Files\Symantec
2011-12-04 11:00 - 2011-12-04 11:00 - 0002520 ____A C:\Users\Shannon\Documents\Norton Antivirus results 4-Dec-2011 2pm.txt
2011-12-04 08:05 - 2010-06-11 05:46 - 0000000 ____D C:\Users\All Users\NortonInstaller
2011-12-04 08:05 - 2010-06-11 05:46 - 0000000 ____D C:\ProgramData\NortonInstaller
2011-12-04 07:49 - 2011-12-04 07:49 - 0007606 ____A C:\Users\Shannon\AppData\Local\Resmon.ResmonCfg
2011-12-04 03:04 - 2011-11-30 16:29 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-03 23:31 - 2010-09-04 09:59 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Tific
2011-12-03 23:26 - 2011-12-03 23:26 - 0000000 ____D C:\Users\Shannon\AppData\Local\Symantec
2011-12-03 21:27 - 2011-11-30 19:15 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-12-03 21:27 - 2011-11-27 10:02 - 0000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2011-12-03 21:27 - 2011-03-22 14:38 - 0000000 ____D C:\Program Files (x86)\SugarSync
2011-12-03 21:27 - 2010-12-16 18:29 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-12-03 21:27 - 2010-09-04 11:39 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-12-03 21:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-12-03 21:26 - 2010-03-23 17:27 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-12-03 21:26 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2011-12-03 21:26 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2011-12-03 21:26 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2011-12-03 21:26 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2011-12-03 21:26 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2011-12-03 21:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2011-12-03 21:20 - 2011-11-20 16:15 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-03 21:20 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2011-12-03 21:20 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2011-12-03 21:20 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2011-12-03 21:20 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2011-12-03 21:20 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2011-12-03 21:20 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2011-12-03 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2011-12-03 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2011-12-03 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2011-12-03 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2011-12-03 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2011-12-03 21:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2011-12-03 21:19 - 2011-05-19 08:16 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Real
2011-12-03 21:19 - 2011-02-23 18:12 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Skype
2011-12-03 21:19 - 2011-02-23 17:46 - 0000000 ____D C:\Users\All Users\Skype
2011-12-03 21:19 - 2011-02-23 17:46 - 0000000 ____D C:\ProgramData\Skype
2011-12-03 21:19 - 2010-09-04 11:40 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-03 21:19 - 2010-09-04 11:40 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-03 21:19 - 2010-09-04 11:39 - 0000000 ____D C:\Users\Shannon\AppData\Local\Apple
2011-12-03 21:19 - 2010-09-04 09:59 - 0000000 ____D C:\Users\Shannon\AppData\Local\Tific
2011-12-03 21:19 - 2010-09-04 09:39 - 0000000 ____D C:\Users\Shannon\AppData\Local\TOSHIBA_Corporation
2011-12-03 21:19 - 2010-09-04 09:24 - 0000000 ____D C:\Users\Shannon\AppData\Local\Adobe
2011-12-03 21:19 - 2010-09-04 09:14 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Mozilla
2011-12-03 21:19 - 2010-09-04 09:14 - 0000000 ____D C:\Users\Shannon\AppData\Local\Mozilla
2011-12-03 21:19 - 2010-09-04 09:12 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Adobe
2011-12-03 21:19 - 2010-09-04 09:06 - 0000000 ____D C:\Users\Shannon\AppData\LocalLow
2011-12-03 21:19 - 2010-06-11 05:53 - 0000000 ____D C:\Windows\System32\Drivers\NortonPCCheckupx64
2011-12-03 21:19 - 2010-06-11 05:49 - 0000000 ____D C:\Users\All Users\WildTangent
2011-12-03 21:19 - 2010-06-11 05:49 - 0000000 ____D C:\ProgramData\WildTangent
2011-12-03 21:19 - 2010-03-23 17:27 - 0000000 ____D C:\Users\All Users\Toshiba
2011-12-03 21:19 - 2010-03-23 17:27 - 0000000 ____D C:\ProgramData\Toshiba
2011-12-03 21:19 - 2010-03-23 17:24 - 0000000 ____D C:\Windows\Downloaded Installations
2011-12-03 21:19 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2011-12-03 21:19 - 2009-07-13 20:45 - 0000000 ___AD C:\Windows\Setup
2011-12-03 21:19 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2011-12-03 21:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2011-12-03 21:18 - 2011-10-29 07:01 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-12-03 21:18 - 2011-10-16 17:19 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2011-12-03 21:18 - 2011-05-19 08:16 - 0000000 ____D C:\Program Files (x86)\Real
2011-12-03 21:18 - 2011-03-07 11:49 - 0000000 ____D C:\Program Files (x86)\ETS
2011-12-03 21:18 - 2011-02-28 12:33 - 0000000 ____D C:\Program Files\InterActual
2011-12-03 21:18 - 2011-02-23 18:12 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-12-03 21:18 - 2011-01-27 18:35 - 0000000 ____D C:\Program Files (x86)\Safari
2011-12-03 21:18 - 2010-12-16 18:29 - 0000000 ____D C:\Program Files\iTunes
2011-12-03 21:18 - 2010-12-16 18:29 - 0000000 ____D C:\Program Files\iPod
2011-12-03 21:18 - 2010-12-16 18:21 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-12-03 21:18 - 2010-12-09 17:57 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-12-03 21:18 - 2010-12-09 17:57 - 0000000 ____D C:\Program Files (x86)\Acro Software
2011-12-03 21:18 - 2010-11-27 12:50 - 0000000 ____D C:\Program Files\Lexmark
2011-12-03 21:18 - 2010-11-27 12:50 - 0000000 ____D C:\Program Files (x86)\Lexmark Toolbar
2011-12-03 21:18 - 2010-11-27 12:50 - 0000000 ____D C:\Program Files (x86)\Lexmark S600 Series
2011-12-03 21:18 - 2010-11-27 12:49 - 0000000 ____D C:\Lexmark
2011-12-03 21:18 - 2010-11-26 19:55 - 0000000 ____D C:\Program Files\Lexmark S600 Series
2011-12-03 21:18 - 2010-11-02 16:52 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-12-03 21:18 - 2010-09-04 11:40 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-12-03 21:18 - 2010-09-04 11:40 - 0000000 ____D C:\ProgramData\Apple Computer
2011-12-03 21:18 - 2010-09-04 11:39 - 0000000 ____D C:\Users\All Users\Apple
2011-12-03 21:18 - 2010-09-04 11:39 - 0000000 ____D C:\ProgramData\Apple
2011-12-03 21:18 - 2010-09-04 11:39 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-03 21:18 - 2010-09-04 09:50 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2011-12-03 21:18 - 2010-06-11 05:53 - 0000000 ____D C:\Program Files (x86)\Norton PC Checkup
2011-12-03 21:18 - 2010-06-11 05:52 - 0000000 ____D C:\Program Files\Intuit
2011-12-03 21:18 - 2010-06-11 05:52 - 0000000 ____D C:\Program Files (x86)\Intuit
2011-12-03 21:18 - 2010-06-11 05:49 - 0000000 ____D C:\Program Files (x86)\TOSHIBA Games
2011-12-03 21:18 - 2010-06-11 05:46 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2011-12-03 21:18 - 2010-06-11 05:46 - 0000000 ____D C:\Program Files (x86)\Corel
2011-12-03 21:18 - 2010-06-11 05:38 - 0000000 ____D C:\Program Files (x86)\Cisco
2011-12-03 21:18 - 2010-06-11 05:36 - 0000000 ____D C:\Program Files\Synaptics
2011-12-03 21:18 - 2010-06-11 05:36 - 0000000 ____D C:\Program Files (x86)\Realtek
2011-12-03 21:18 - 2010-06-11 05:34 - 0000000 ____D C:\Program Files\CONEXANT
2011-12-03 21:18 - 2010-06-11 05:28 - 0000000 ____D C:\Intel
2011-12-03 21:18 - 2010-06-11 05:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-12-03 21:18 - 2010-06-11 05:21 - 0000000 ____D C:\Program Files\Microsoft Office
2011-12-03 21:18 - 2010-06-11 05:20 - 0000000 __RHD C:\MSOCache
2011-12-03 21:18 - 2010-06-11 05:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-12-03 21:18 - 2010-06-11 05:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-12-03 21:18 - 2010-03-23 17:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-12-03 21:18 - 2010-03-23 17:30 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-12-03 21:18 - 2010-03-23 17:29 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-12-03 21:18 - 2010-03-23 17:27 - 0000000 ____D C:\Users\All Users\Google
2011-12-03 21:18 - 2010-03-23 17:27 - 0000000 ____D C:\ProgramData\Google
2011-12-03 21:18 - 2010-03-23 17:27 - 0000000 ____D C:\Program Files\Google
2011-12-03 21:18 - 2010-03-23 17:27 - 0000000 ____D C:\Program Files (x86)\Google
2011-12-03 21:18 - 2010-03-23 17:24 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-12-03 21:18 - 2010-03-23 17:24 - 0000000 ____D C:\Program Files\TOSHIBA
2011-12-03 21:18 - 2010-03-23 17:24 - 0000000 ____D C:\Program Files (x86)\TOSHIBA
2011-12-03 21:18 - 2010-03-23 17:24 - 0000000 ____D C:\Program Files (x86)\Java
2011-12-03 21:18 - 2010-03-23 17:21 - 0000000 ____D C:\Program Files (x86)\Intel
2011-12-03 21:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2011-12-03 21:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2011-12-03 21:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2011-12-03 21:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2011-12-03 21:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2011-12-03 21:18 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2011-12-03 21:18 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2011-12-03 21:18 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-12-03 21:18 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2011-12-03 21:18 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-12-03 21:09 - 2011-12-03 11:03 - 0000000 ____D C:\Program Files (x86)\adawaretb
2011-12-03 21:09 - 2011-11-30 16:27 - 0000000 ____D C:\Users\Shannon\Downloads\tdsskiller
2011-12-03 21:04 - 2011-11-27 10:03 - 0000000 ____D C:\Program Files (x86)\SFT
2011-12-03 21:04 - 2011-11-27 10:01 - 0000000 ____D C:\Users\All Users\White Sky, Inc
2011-12-03 21:04 - 2011-11-27 10:01 - 0000000 ____D C:\ProgramData\White Sky, Inc
2011-12-03 20:55 - 2011-12-03 11:03 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2011-12-03 20:55 - 2011-12-03 11:03 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2011-12-03 20:55 - 2011-12-03 11:03 - 0000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2011-12-03 20:51 - 2011-11-30 19:16 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\SUPERAntiSpyware.com
2011-12-03 20:51 - 2011-11-30 16:29 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-03 20:51 - 2011-11-30 16:29 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-03 20:44 - 2011-12-03 15:32 - 0000000 ____D C:\Users\All Users\MFAData
2011-12-03 20:44 - 2011-12-03 15:32 - 0000000 ____D C:\ProgramData\MFAData
2011-12-03 20:40 - 2011-12-03 11:03 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-12-03 20:40 - 2011-12-03 11:03 - 0000000 ____D C:\ProgramData\Lavasoft
2011-12-03 20:40 - 2011-12-03 11:03 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2011-12-03 20:28 - 2011-12-03 15:35 - 0000000 ____D C:\Program Files (x86)\AVG
2011-12-03 20:02 - 2011-12-03 15:37 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2011-12-03 20:02 - 2011-12-03 15:37 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2011-12-03 20:02 - 2011-12-03 15:36 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-12-03 20:02 - 2011-12-03 15:36 - 0000000 ____D C:\Users\All Users\AVG2012
2011-12-03 20:02 - 2011-12-03 15:36 - 0000000 ____D C:\ProgramData\AVG2012
2011-12-03 19:24 - 2011-12-03 19:24 - 0000000 ____D C:\Windows\System32\EventProviders
2011-12-03 19:02 - 2011-12-03 19:02 - 0174640 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2011-12-03 19:02 - 2011-12-03 19:02 - 0007440 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2011-12-03 19:02 - 2011-12-03 19:02 - 0003225 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2011-12-03 19:02 - 2011-12-03 19:02 - 0000854 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2011-12-03 18:58 - 2011-12-03 18:58 - 0397928 ____A (Symantec Corporation) C:\Users\Shannon\Downloads\Norton_Download_Manager.exe
2011-12-03 18:58 - 2011-12-03 18:58 - 0001381 ____A C:\Users\Shannon\Desktop\Norton Installation Files.lnk
2011-12-03 18:45 - 2010-09-04 09:14 - 0001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-12-03 18:45 - 2010-09-04 09:14 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-12-03 18:36 - 2011-10-13 23:42 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Nava
2011-12-03 16:44 - 2011-12-03 13:01 - 0001863 ____A C:\aaw7boot.log
2011-12-03 16:09 - 2011-12-03 16:09 - 0000000 ___HD C:\$AVG
2011-12-03 15:39 - 2011-12-03 15:39 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\AVG2012
2011-12-03 11:03 - 2011-12-03 11:03 - 0000000 ____D C:\Users\Shannon\AppData\Local\adaware
2011-12-03 10:45 - 2011-03-22 14:38 - 0000000 ____D C:\Users\Shannon\AppData\Local\SugarSync
2011-12-01 19:03 - 2011-12-01 19:03 - 0014290 ____A C:\Users\Shannon\Documents\The China Problem Revisited.docx
2011-12-01 05:48 - 2011-01-18 09:07 - 0000000 ____D C:\Users\Shannon\Documents\sju
2011-11-30 19:15 - 2011-11-30 19:15 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-11-30 19:15 - 2011-11-30 19:15 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-11-30 16:29 - 2011-11-30 16:29 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\Malwarebytes
2011-11-30 16:28 - 2011-11-30 16:27 - 0075112 ____A C:\TDSSKiller.2.6.21.0_30.11.2011_19.27.46_log.txt
2011-11-30 16:27 - 2011-11-30 16:27 - 1547774 ____A C:\Users\Shannon\Downloads\tdsskiller.zip
2011-11-30 13:59 - 2011-11-30 13:59 - 0017706 ____A C:\Users\Shannon\Downloads\Sub
2011-11-30 06:22 - 2011-11-27 10:15 - 0000000 ____D C:\Program Files (x86)\Norton Security Suite
2011-11-29 08:39 - 2010-12-09 18:00 - 0000000 ____D C:\Users\Shannon\AppData\Local\CutePDF Writer
2011-11-29 06:25 - 2009-07-13 21:08 - 0032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-11-28 17:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At42.job
2011-11-28 17:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At41.job
2011-11-28 16:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At40.job
2011-11-28 16:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At39.job
2011-11-28 15:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At38.job
2011-11-28 15:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At37.job
2011-11-28 14:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At36.job
2011-11-28 14:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At35.job
2011-11-28 12:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At32.job
2011-11-28 12:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At31.job
2011-11-28 11:35 - 2009-07-13 21:13 - 0726368 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-27 20:08 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At48.job
2011-11-27 20:08 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At47.job
2011-11-27 18:15 - 2010-03-23 17:09 - 0000000 ____D C:\Program Files\PlayReady
2011-11-27 18:15 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-11-27 18:15 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Offline Web Pages
2011-11-27 18:15 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-11-27 18:15 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2011-11-27 18:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2011-11-27 18:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2011-11-27 18:13 - 2010-06-11 05:37 - 0000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2011-11-27 18:13 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2011-11-27 18:12 - 2011-10-16 17:19 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\vlc
2011-11-27 18:12 - 2011-03-07 11:29 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\GetRightToGo
2011-11-27 18:12 - 2010-12-02 18:13 - 0000000 ____D C:\Windows\Minidump
2011-11-27 18:11 - 2010-12-09 17:58 - 0000000 ____D C:\Program Files (x86)\GPLGS
2011-11-27 18:11 - 2010-11-27 13:02 - 0000000 ____D C:\Users\All Users\Ezprint
2011-11-27 18:11 - 2010-11-27 13:02 - 0000000 ____D C:\ProgramData\Ezprint
2011-11-27 18:11 - 2010-11-27 12:53 - 0000000 ____D C:\Users\All Users\Lx_cats
2011-11-27 18:11 - 2010-11-27 12:53 - 0000000 ____D C:\ProgramData\Lx_cats
2011-11-27 18:11 - 2010-11-27 12:50 - 0000000 ____D C:\Program Files (x86)\Lexmark
2011-11-27 18:11 - 2010-09-04 11:39 - 0000000 ____D C:\Program Files\Bonjour
2011-11-27 18:11 - 2010-09-04 09:49 - 0000000 ____D C:\Users\Shannon\AppData\Local\Microsoft Help
2011-11-27 18:11 - 2010-06-11 05:53 - 0000000 ____D C:\Program Files (x86)\Toshiba Online Backup
2011-11-27 18:11 - 2010-06-11 05:38 - 0000000 ____D C:\Program Files (x86)\Realtek WLAN Driver
2011-11-27 18:11 - 2010-06-11 05:21 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-11-27 18:11 - 2010-06-11 05:21 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-11-27 18:11 - 2010-03-23 17:29 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2011-11-27 18:10 - 2011-11-27 10:02 - 0000000 ____D C:\Program Files (x86)\xfin_portal
2011-11-27 18:09 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-11-27 16:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2011-11-27 15:41 - 2010-09-04 09:07 - 0000000 ____D C:\Users\Shannon\AppData\Local\VirtualStore
2011-11-27 13:59 - 2011-11-27 13:59 - 0000000 __ASH C:\Users\Shannon\AppData\Local.LOG2
2011-11-27 13:59 - 2011-11-27 13:59 - 0000000 __ASH C:\Users\Shannon\AppData\Local.LOG1
2011-11-27 10:14 - 2011-11-27 10:14 - 0000000 ____D C:\Users\Shannon\Documents\Symantec
2011-11-27 10:13 - 2011-11-27 10:13 - 0000000 ____D C:\Users\Public\Downloads\Norton
2011-11-27 10:11 - 2011-11-27 10:03 - 0000000 ____D C:\Users\Shannon\AppData\Roaming\ID Vault
2011-11-27 10:05 - 2011-11-27 10:04 - 0000000 ____D C:\Users\Shannon\AppData\Local\ID Vault
2011-11-27 10:04 - 2011-11-27 10:04 - 0000000 ____D C:\Users\All Users\IsolatedStorage
2011-11-27 10:04 - 2011-11-27 10:04 - 0000000 ____D C:\ProgramData\IsolatedStorage
2011-11-27 10:03 - 2011-11-27 10:03 - 0000000 ____D C:\Users\All Users\GID
2011-11-27 10:03 - 2011-11-27 10:03 - 0000000 ____D C:\ProgramData\GID
2011-11-27 10:02 - 2011-11-27 10:02 - 0000000 ____D C:\Program Files (x86)\comcasttb
2011-11-27 10:02 - 2011-11-27 10:02 - 0000000 ____D C:\Program Files (x86)\CA
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At8.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At6.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At4.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At2.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At16.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At14.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At12.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At10.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At9.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At7.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At5.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At3.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At15.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At13.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At11.job
2011-11-23 16:26 - 2011-11-23 07:44 - 0000348 ____A C:\Windows\Tasks\At1.job
2011-11-23 08:15 - 2011-10-07 12:14 - 0000000 ____D C:\Users\Shannon\Documents\Recipes
2011-11-23 07:51 - 2011-11-23 07:44 - 0000112 ____A C:\Users\All Users\j2WCw0.dat
2011-11-23 07:51 - 2011-11-23 07:44 - 0000112 ____A C:\ProgramData\j2WCw0.dat
2011-11-23 07:48 - 2011-11-23 07:48 - 0000000 ____A C:\Windows\SysWOW64\c0TR2o2.com.b
2011-11-23 07:33 - 2011-11-23 07:33 - 0000000 ____D C:\Windows\system64
2011-11-20 16:15 - 2011-05-15 05:52 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-20 12:49 - 2011-11-20 12:45 - 0012677 ____A C:\Users\Shannon\Documents\Tori Xmas List 2011.docx
2011-11-18 09:10 - 2011-10-07 12:43 - 0000000 ____D C:\Users\Shannon\Documents\Bullying
2011-11-17 07:48 - 2011-11-17 07:48 - 0008111 ____A C:\Users\Shannon\Downloads\Diversity Iceberg SB doc.notebook
2011-11-09 16:59 - 2010-11-04 16:22 - 0000000 ____D C:\Users\Shannon\Documents\PTCA
2011-11-09 15:40 - 2011-11-09 15:40 - 0012609 ____A C:\Users\Shannon\Documents\PTCA Gen Mem Mtg 110911.docx
2011-11-09 15:35 - 2011-11-09 14:40 - 0013790 ____A C:\Users\Shannon\Documents\PTCA Board Mtg 119.docx
2011-11-09 14:33 - 2009-07-13 20:45 - 0424808 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-07 06:06 - 2011-11-07 06:05 - 0000000 ____D C:\Users\Shannon\Documents\BASD Strategic PLanning
2011-11-01 09:59 - 2011-11-01 09:59 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-11-01 09:59 - 2011-11-01 09:59 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-11-01 09:57 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2011-10-29 07:00 - 2011-10-29 06:59 - 39401336 ____A (Apple Inc.) C:\Users\Shannon\Downloads\QuickTimeInstaller.exe
2011-10-27 20:05 - 2011-12-03 19:17 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-25 08:51 - 2011-10-25 08:50 - 0012969 ____A C:\Users\Shannon\Documents\Xmas brainstorm 2011.docx
2011-10-16 17:19 - 2011-10-16 17:19 - 0001081 ____A C:\Users\Public\Desktop\VLC media player.lnk
2011-10-16 17:18 - 2011-10-16 17:18 - 21073936 ____A C:\Users\Shannon\Downloads\vlc-1.1.11-win32.exe
2011-10-15 09:57 - 2006-02-05 22:48 - 28474147 ____A C:\Users\Shannon\Desktop\381030_64kb.mp3
2011-10-15 09:56 - 2011-10-15 09:56 - 28474309 ____A C:\Users\Shannon\Downloads\OrsonWellesMrBruns_64kb_mp3.zip
2011-10-13 16:14 - 2011-10-05 05:37 - 0000000 ____D C:\Users\Shannon\Documents\Culinary Architect
2011-10-12 15:47 - 2011-03-01 07:54 - 0000000 ____D C:\Users\Shannon\Documents\Scouts
2011-10-07 12:31 - 2011-10-07 12:31 - 0012698 ____A C:\Users\Shannon\Documents\bellas blossoms.docx
2011-10-07 12:12 - 2011-10-07 12:12 - 0014851 ____A C:\Users\Shannon\Documents\Dr beerer gifted tracking research.docx
2011-10-07 12:05 - 2011-10-07 12:05 - 0051829 ____A C:\Users\Shannon\Downloads\vCards(2).zip
2011-10-07 12:04 - 2011-10-07 12:04 - 0051908 ____A C:\Users\Shannon\Downloads\vCards.zip
2011-09-30 21:24 - 2011-10-13 11:40 - 9326080 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 20:42 - 2011-10-13 11:40 - 5990912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 19:21 - 2011-10-13 11:40 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 18:59 - 2011-10-13 11:40 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-29 08:24 - 2011-11-09 10:33 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-28 20:09 - 2011-11-09 10:33 - 3141120 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-27 04:29 - 2011-09-27 04:29 - 0013329 ____A C:\Users\Shannon\Documents\Apple Cake.docx
2011-09-27 04:20 - 2011-08-04 15:00 - 0254464 ____A C:\Users\Shannon\Documents\Play 15-Film production.doc
2011-09-25 15:14 - 2011-09-25 15:14 - 0012761 ____A C:\Users\Shannon\Documents\Duran Duran set list.docx
2011-09-21 17:40 - 2011-09-21 17:40 - 0012638 ____A C:\Users\Shannon\Documents\Gr 5 tim raines at Gilbertsville elem.docx
2011-09-21 15:34 - 2011-09-21 15:34 - 0013903 ____A C:\Users\Shannon\Documents\Reservation Details.docx
2011-09-17 06:27 - 2010-11-02 16:52 - 0002025 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-09-16 17:23 - 2011-09-16 17:23 - 0012910 ____A C:\Users\Shannon\Documents\disney friend songs.docx
2011-09-11 13:31 - 2011-09-11 13:31 - 0759479 ____A C:\Users\Shannon\Documents\tori seed project 2011.docx
2011-09-07 15:35 - 2011-09-07 15:35 - 0267483 ____A C:\Users\Shannon\Documents\Smore recipes.docx
2011-09-07 08:51 - 2011-09-07 08:51 - 0193574 ____A C:\Users\Shannon\Downloads\pdfeconomics.pdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3893.86 MB
Available physical RAM: 3337.41 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3319.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105827W0G) (Fixed) (Total:286.41 GB) (Free:211.84 GB) NTFS ==>[System with boot components]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components]
4 Drive f: (HP v125w) (Removable) (Total:7.63 GB) (Free:0.21 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7830 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 287 GB

Disk: 0
Partition 1
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==========================================================

Last Boot: 2011-12-01 05:28

======================= End Of Log ==========================

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:38 PM

Posted 05 December 2011 - 05:33 PM

Well done. :thumbup2:

We remove the main infection now. After reboot if Norton found anything don't worry and let it removed. The infection can't make the computer unbootable any more.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    SubSystems: [Windows] ==> ZeroAccess
    1 cgnuzjtu; \??\C:\windows\system32\drivers\cgnuzjtu.sys [x]
    C:\windows\system32\drivers\cgnuzjtu.sys
    2011-11-23 07:44 - 2011-12-05 11:08 - 0000350 ____A C:\Windows\Tasks\At30.job
    2011-11-23 07:44 - 2011-12-05 11:08 - 0000348 ____A C:\Windows\Tasks\At29.job
    2011-11-23 07:44 - 2011-12-05 10:08 - 0000350 ____A C:\Windows\Tasks\At28.job
    2011-11-23 07:44 - 2011-12-05 10:08 - 0000348 ____A C:\Windows\Tasks\At27.job
    2011-11-23 07:44 - 2011-12-05 09:08 - 0000350 ____A C:\Windows\Tasks\At26.job
    2011-11-23 07:44 - 2011-12-05 09:08 - 0000348 ____A C:\Windows\Tasks\At25.job
    2011-11-23 07:44 - 2011-12-05 08:08 - 0000350 ____A C:\Windows\Tasks\At24.job
    2011-11-23 07:44 - 2011-12-05 08:08 - 0000348 ____A C:\Windows\Tasks\At23.job
    2011-11-23 07:44 - 2011-12-05 07:08 - 0000350 ____A C:\Windows\Tasks\At22.job
    2011-11-23 07:44 - 2011-12-05 07:08 - 0000348 ____A C:\Windows\Tasks\At21.job
    2011-11-23 07:44 - 2011-12-05 06:08 - 0000350 ____A C:\Windows\Tasks\At20.job
    2011-11-23 07:44 - 2011-12-05 06:08 - 0000348 ____A C:\Windows\Tasks\At19.job
    2011-11-23 07:44 - 2011-12-05 05:08 - 0000350 ____A C:\Windows\Tasks\At18.job
    2011-11-23 07:44 - 2011-12-05 05:08 - 0000348 ____A C:\Windows\Tasks\At17.job
    2011-11-23 07:44 - 2011-12-04 19:08 - 0000350 ____A C:\Windows\Tasks\At46.job
    2011-11-23 07:44 - 2011-12-04 19:08 - 0000348 ____A C:\Windows\Tasks\At45.job
    2011-11-23 07:44 - 2011-12-04 18:08 - 0000350 ____A C:\Windows\Tasks\At44.job
    2011-11-23 07:44 - 2011-12-04 18:08 - 0000348 ____A C:\Windows\Tasks\At43.job
    2011-11-23 07:44 - 2011-12-04 13:08 - 0000350 ____A C:\Windows\Tasks\At34.job
    2011-11-23 07:44 - 2011-12-04 13:08 - 0000348 ____A C:\Windows\Tasks\At33.job
    2011-11-23 07:44 - 2011-11-28 17:08 - 0000350 ____A C:\Windows\Tasks\At42.job
    2011-11-23 07:44 - 2011-11-28 17:08 - 0000348 ____A C:\Windows\Tasks\At41.job
    2011-11-23 07:44 - 2011-11-28 16:08 - 0000350 ____A C:\Windows\Tasks\At40.job
    2011-11-23 07:44 - 2011-11-28 16:08 - 0000348 ____A C:\Windows\Tasks\At39.job
    2011-11-23 07:44 - 2011-11-28 15:08 - 0000350 ____A C:\Windows\Tasks\At38.job
    2011-11-23 07:44 - 2011-11-28 15:08 - 0000348 ____A C:\Windows\Tasks\At37.job
    2011-11-23 07:44 - 2011-11-28 14:08 - 0000350 ____A C:\Windows\Tasks\At36.job
    2011-11-23 07:44 - 2011-11-28 14:08 - 0000348 ____A C:\Windows\Tasks\At35.job
    2011-11-23 07:44 - 2011-11-28 12:08 - 0000350 ____A C:\Windows\Tasks\At32.job
    2011-11-23 07:44 - 2011-11-28 12:08 - 0000348 ____A C:\Windows\Tasks\At31.job
    2011-11-23 07:44 - 2011-11-27 20:08 - 0000350 ____A C:\Windows\Tasks\At48.job
    2011-11-23 07:44 - 2011-11-27 20:08 - 0000348 ____A C:\Windows\Tasks\At47.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At8.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At6.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At4.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At2.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At16.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At14.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At12.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000350 ____A C:\Windows\Tasks\At10.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At9.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At7.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At5.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At3.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At15.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At13.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At11.job
    2011-11-23 07:44 - 2011-11-23 16:26 - 0000348 ____A C:\Windows\Tasks\At1.job
    c:\windows\system32\consrv.dll
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Restart and boot to normal mode.
  • Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#11 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 December 2011 - 05:45 PM

Thank you SO much! My wife needs to use her computer right now for finals, so I am going to wait about a week until her tests are done and I can try this out.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:38 PM

Posted 05 December 2011 - 05:51 PM

As you like. But the fix takes only a few minutes and after that the computer is pretty clean. However, I can't say the condition of the computer remains the same after one week unless it is totally disconnected from internet.

It is all up to you.:)

#13 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 December 2011 - 05:57 PM

OK - I'm going for it tonight!!! Will let you know how it goes.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:38 PM

Posted 05 December 2011 - 05:59 PM

Gog decision. :thumbup2:

The Malwarebytes scan takes usually from 4 to 10 minutes. If possible do that also.

#15 Robert Burghardt

Robert Burghardt
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 December 2011 - 06:08 PM

Here is the FIXLOG.TXT file:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-05 18:06:35 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
cgnuzjtu service deleted successfully.
C:\windows\system32\drivers\cgnuzjtu.sys not found.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\windows\system32\consrv.dll moved successfully.

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users