Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"System Restore" Virus and related malware: redirecting my goo

Started by Kutgrl , Nov 10 2011 06:12 PM

  • Please log in to reply

#1
Kutgrl
Posted 10 November 2011 - 06:12 PM

Kutgrl

    New Member

  • Member
  • Pip
  • 1 posts
http://www.geekstogo..._1#entry2081308

{Hello All,

My mother ask me to help her with her computer because it "crashed" on 10/26/11. I found that I can log into her account and see files and get online and run security software and I believe the virus or whatever it is was downloaded through her account. When I log into the other family members accounts I get a start menu with nothing and no desktop icons. When I first came on, I was getting pop-ups immediately about infected files and a "system restore" pop up that would not go away. In addition, another pop up would appear and when I googled it, it was a trojan or some sort but I didn't write down what it said. I've tried Norton, Malwarebytes' and trojan killer (told me i had a 15 day trial and runs and then asks me to pay $40, which i didn't). I also tried removing it myself and nothing has worked. Norton supposedly removed 2 viruses and some trojans and malware (trojan.smoaler, Invoice_copy_N694.exe, suspicious.cloud.7.F, WS.Trojan.H... those are the ones I wrote down. Malwarebytes found another 5 infected registries and Trojan Killer found one virus which was the system restore after I thought I removed it. In my startup under msconfig I did find ymxrym.exe which I don't know and can't find any info on, awffirbxktix.exe which when I googled said it can't be trusted, and ceadygfmvfo.exe which when I googled directed me to this website because another member had that same file. I'm not getting the annoying pop ups anymore but all the other accounts still have no files and when I google something and click the link I'm redirected to some random website. I'm not really sure what you need from me but I have included my hijackthis log below... Please help!}
UPDATE!!!: Today I ran tdsskiller from kasperky which didn't find anything and I ran malwarebytes again and found 1 virus which was "removed" (c:/system volume information/_restore{8a2ff72e-925c-4693-95a8-cfaca1846f05}\rp1\a0000021.exe)I ran a full scan from norton and malware and trojan killer again and came up with nothing. In addition, I reset my Internet Explorer and still when I search a topic using google or bing it redirects me to a random website. I looked into my startup under msconfig and I disabled the Awffirbxktix.exe and ceadygfmvfo.exe, it shows their path as (Documents and Settings/All Users/Applications and Data/...) but when I go there I don't see anything. I ran the unhider.exe and restore.exe from grindinsoft and I have back all documents and everything looks fine and seems to work fine until I go on the internet. I have pasted the OTL.txt below. Please let me know what next step I need to take. Thank you so much in advance :)


OTL logfile created on: 11/10/2011 6:27:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Karen Diedrick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.11 Mb Total Physical Memory | 223.26 Mb Available Physical Memory | 24.97% Memory free
1.08 Gb Paging File | 0.54 Gb Available in Paging File | 49.81% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.71 Gb Total Space | 36.60 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Karen Diedrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 18:26:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen Diedrick\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/09/11 23:18:20 | 000,143,360 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
PRC - [2005/08/05 22:02:08 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005/06/30 12:05:56 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
PRC - [2005/06/23 16:29:36 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 19:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/18 14:33:42 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/01/20 12:48:38 | 000,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2006/04/20 07:34:38 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005/06/23 16:29:36 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2005/06/13 12:11:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/06/06 11:39:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005/06/03 21:32:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2010/01/11 13:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/09/11 23:18:20 | 000,143,360 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe -- (Pantech&Curitel Utility Service)
SRV - [2005/06/23 16:29:36 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/20 12:48:38 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/12/22 19:50:04 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/11/09 09:51:37 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 09:51:37 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/08 18:33:57 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/08 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111110.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/08 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111110.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/07 23:02:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111109.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/10/27 18:12:04 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/26 19:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 18:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 21:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 21:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 21:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 21:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2010/07/21 03:40:20 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2010/06/08 15:36:10 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2010/06/08 15:36:10 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2010/06/08 15:35:46 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/06/08 15:30:34 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/05/16 20:09:06 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 20:03:32 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/02/11 20:02:50 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/01/11 13:11:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/15 13:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/07/07 14:42:52 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/11/02 15:36:12 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/07/02 11:46:16 | 000,050,424 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzs2k12.sys -- (HPZs2k12) Storage Class Driver for IEEE-1284.4 (HPZ12)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/30 19:30:14 | 000,058,240 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCWWAN.sys -- (PTDCWWAN)
DRV - [2007/04/09 00:25:20 | 000,005,888 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PWCTLDRV.sys -- (PWCTLDRV)
DRV - [2007/04/06 02:49:26 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWVsp.sys -- (PTDWVsp) Curitel PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/06 02:49:20 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWMdm.sys -- (PTDWMdm) Curitel PC Card Drivers (UDP)
DRV - [2007/04/06 02:49:16 | 000,027,392 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWBus.sys -- (PTDWBus) Curitel PC Card Composite Device driver (UDP)
DRV - [2007/04/01 05:45:30 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/01 05:45:26 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2007/04/01 05:45:22 | 000,027,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2007/01/22 19:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/04/20 07:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/03/14 12:02:19 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/08/18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/08/16 21:51:10 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/07/06 00:36:36 | 001,245,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/03 21:49:42 | 000,009,600 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/19 12:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 15:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/04/12 18:19:42 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/26 05:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/12/22 19:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/11/15 18:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 17:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/06/28 12:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 2C 2C 29 DE 9F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/11/08 23:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/11/10 17:58:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/12 19:22:45 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...swdir8d196a.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{071DD716-FFFF-4992-900C-EDC54FE39221}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Karen Diedrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d2cdb74-c8ae-11df-a5d1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0d2cdb74-c8ae-11df-a5d1-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d2cdb74-c8ae-11df-a5d1-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{740c26e2-ec75-11db-a2a0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{740c26e2-ec75-11db-a2a0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{740c26e2-ec75-11db-a2a0-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{85d81148-cb75-11dd-a476-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{85d81148-cb75-11dd-a476-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85d81148-cb75-11dd-a476-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AppLaunch.exe AUTORUN=1
O33 - MountPoints2\{8a416801-4b7b-11dc-a331-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8a416801-4b7b-11dc-a331-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a416801-4b7b-11dc-a331-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 18:26:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karen Diedrick\Desktop\OTL.exe
[2011/11/09 22:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/11/09 11:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GridinSoft
[2011/11/09 11:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/09 00:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/09 00:02:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/08 23:03:02 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdiv.sys
[2011/11/08 23:03:01 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdi.sys
[2011/11/08 23:03:00 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnets.sys
[2011/11/08 23:02:59 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/11/08 23:02:59 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.sys
[2011/11/08 23:02:59 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.sys
[2011/11/08 23:02:58 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.sys
[2011/11/08 23:02:57 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ironx86.sys
[2011/11/08 23:02:56 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.sys
[2011/11/08 22:09:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1302000.00A
[2011/11/08 21:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Diedrick\Local Settings\Application Data\NPE
[2011/11/08 18:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Diedrick\My Documents\Symantec
[2011/11/08 18:33:57 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/08 18:33:57 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/08 18:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/11/08 18:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/11/08 18:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/11/08 18:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/11/08 18:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/08 18:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Diedrick\Start Menu\Programs\Norton
[2011/11/08 18:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/11/08 18:02:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Karen Diedrick\Recent
[2011/10/26 05:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2011/10/26 05:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2006/03/14 12:02:16 | 000,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\ControlACS.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 18:31:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6AC19431-68A0-496F-AC91-5B5E5A5BF828}.job
[2011/11/10 18:26:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen Diedrick\Desktop\OTL.exe
[2011/11/10 18:07:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/10 17:58:29 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\HHTAZND.job
[2011/11/10 17:58:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 17:58:07 | 937,607,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 16:04:12 | 000,697,451 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/11/10 14:38:41 | 000,446,436 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/10 14:38:41 | 000,073,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/10 14:18:32 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/11/09 23:00:22 | 000,056,410 | ---- | M] () -- C:\logfile
[2011/11/09 22:16:27 | 000,030,370 | ---- | M] () -- C:\Program Files\HIJACKTHIS[1].EXE-0C7E290A.pf
[2011/11/09 11:58:32 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2011/11/09 00:03:10 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 23:36:12 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/11/08 23:03:29 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/11/08 18:39:27 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/08 18:33:57 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/08 18:33:57 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/08 18:33:57 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/08 18:33:56 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/08 18:31:22 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Karen Diedrick\Desktop\Norton Installation Files.lnk
[2011/11/03 19:43:43 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/11/02 19:08:42 | 000,007,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/10/26 05:09:33 | 000,070,656 | RHS- | M] () -- C:\WINDOWS\System32\ntvdmo.dll
[2011/10/14 08:41:32 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/10 14:36:39 | 937,607,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/10 13:00:09 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Desktop\Internet Explorer.lnk
[2011/11/10 01:20:54 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
[2011/11/09 22:24:45 | 000,030,370 | ---- | C] () -- C:\Program Files\HIJACKTHIS[1].EXE-0C7E290A.pf
[2011/11/09 11:56:14 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2011/11/09 00:03:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 23:34:26 | 000,697,451 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/11/08 23:05:11 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/11/08 23:03:01 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.cat
[2011/11/08 23:03:01 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.inf
[2011/11/08 23:03:00 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.cat
[2011/11/08 23:03:00 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.inf
[2011/11/08 23:02:59 | 000,007,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/11/08 23:02:59 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.cat
[2011/11/08 23:02:59 | 000,003,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/11/08 23:02:59 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.inf
[2011/11/08 23:02:58 | 000,007,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.cat
[2011/11/08 23:02:58 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.cat
[2011/11/08 23:02:58 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.inf
[2011/11/08 23:02:58 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.inf
[2011/11/08 23:02:57 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.cat
[2011/11/08 23:02:57 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.inf
[2011/11/08 23:02:56 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.cat
[2011/11/08 23:02:56 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.inf
[2011/11/08 22:09:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/11/08 18:33:57 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/08 18:33:57 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/08 18:33:32 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/11/08 18:24:55 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Desktop\Norton Installation Files.lnk
[2011/10/26 05:09:34 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\HHTAZND.job
[2011/10/26 05:09:33 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\ntvdmo.dll
[2010/10/29 16:34:55 | 000,429,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/06 17:27:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\KMSTMVM.ini
[2010/08/18 09:47:16 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Application Data\FeatureManagerSettings.xml.RC4
[2010/08/18 09:47:16 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Application Data\FeatureManagerSettingsBackup.xml.RC4
[2010/08/18 09:47:16 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FeatureManagerBackup.xml.RC4
[2010/08/18 09:47:16 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FeatureManager.xml.RC4
[2010/08/18 09:47:16 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Application Data\Profiles.xml
[2010/08/11 21:24:01 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Application Data\ANICONFIG_{BF833205-149F-4C76-9787-C0AE69979463}.ini
[2010/08/11 21:21:35 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/07/02 05:43:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/02 05:42:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/11 20:02:00 | 002,028,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2009/01/28 09:49:33 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Local Settings\Application Data\keyfile3.drm
[2008/07/07 14:42:52 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/06/30 07:29:18 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\KmTwain.ini
[2008/06/09 11:20:47 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/08/12 11:36:42 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/11/13 18:57:22 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/14 00:32:09 | 000,099,736 | ---- | C] () -- C:\WINDOWS\CPEins05.dat
[2006/09/14 00:32:09 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/09/12 22:57:19 | 000,109,931 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2006/09/12 22:57:19 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2006/09/12 22:38:08 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/09/12 22:34:39 | 000,108,720 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2006/09/12 22:34:39 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2006/09/07 18:27:11 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/08 01:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/08 01:24:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2006/08/04 23:40:06 | 000,000,723 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/07/27 08:24:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2006/07/19 23:28:27 | 000,001,180 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/05/08 09:58:55 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/20 07:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 07:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/04/17 22:19:29 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/11 00:31:36 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Local Settings\Application Data\fusioncache.dat
[2006/04/11 00:03:09 | 000,104,292 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/04/11 00:03:09 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/04/10 16:20:07 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Karen Diedrick\Application Data\wklnhst.dat
[2006/04/10 09:27:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/10 08:46:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/03/14 12:09:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/14 12:02:16 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/03/14 12:02:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/03/14 12:02:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/03/14 12:02:14 | 000,095,617 | ---- | C] () -- C:\WINDOWS\atiicdxx.dat
[2006/03/14 12:01:55 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/03/14 12:01:55 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/08/16 21:49:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/16 21:33:26 | 000,000,593 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/16 21:29:01 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/16 21:23:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/16 21:23:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/16 21:23:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/16 21:23:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/16 21:23:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/16 21:23:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/16 19:51:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/08/16 19:18:14 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/08/16 19:18:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/08/16 19:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/08/16 19:15:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/08/16 19:13:41 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/08/16 19:13:41 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/16 19:10:22 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/16 19:10:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/16 19:10:22 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/16 19:10:22 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/16 19:06:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/16 19:06:31 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/08/16 19:06:31 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/08/16 19:06:31 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxeq.dat
[2005/08/16 17:12:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 17:08:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 17:03:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 17:02:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 16:33:05 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 16:30:13 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2005/08/16 16:30:13 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2005/08/16 16:30:13 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2005/08/16 16:30:13 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2005/08/16 16:30:13 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/08/16 16:29:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 16:29:30 | 000,446,436 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 16:29:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 16:29:29 | 000,073,618 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 16:29:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 16:29:28 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 16:29:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 16:29:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 16:29:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 16:29:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 16:28:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 16:28:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/16 09:58:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 09:57:31 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/02 12:39:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/06/20 12:24:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/06/13 12:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/06/10 18:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/06/06 11:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/06/06 11:39:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 18:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/07/15 07:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/11/24 17:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2007/10/29 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/01/02 23:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/21 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/08/18 08:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2011/02/07 14:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/11/06 10:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/08/16 21:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/02 21:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/02/18 20:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/18 09:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Bytemobile
[2010/11/21 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\CallingID
[2010/11/21 14:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\comcasttb
[2005/08/16 19:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\InterTrust
[2006/07/11 19:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\InterVideo
[2006/09/01 19:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Nikon
[2007/01/02 23:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\PlayFirst
[2010/10/21 14:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Research In Motion
[2010/08/18 08:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Sierra Wireless
[2006/07/21 17:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Smith Micro
[2008/12/16 09:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Sprint
[2010/08/12 13:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\supportdotcom
[2009/12/30 22:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Template
[2005/08/16 19:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\toshiba
[2007/02/08 17:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Diedrick\Application Data\Viewpoint
[2010/08/12 19:20:48 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2011/11/10 17:58:29 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\HHTAZND.job
[2011/11/10 18:31:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6AC19431-68A0-496F-AC91-5B5E5A5BF828}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP