Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did i get scammed ???


  • This topic is locked This topic is locked
17 replies to this topic

#1 kathy915

kathy915

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 22 November 2012 - 10:29 AM

I was advised to send my topic here - this is my original post. Also is my email truly lost, I gave them my password. I usualy am so careful about opening emails I feel so stupid :(.
I recently got an email with Hey Kathy in subject line and I opened it and the link about jobs. A week later ( which was yesterday) some of my email contacts got the same email from me. Today I go to go on my email and my password has been changed. I cannot access it and it directs me to call At&T. I do. They go thru several techs who tell me my email is permantly gone and no longer accessible and that my computer is now at risk. The suggest I need an expert to fix it and direct me to a company called PC Care Experts. After I pay them and allow them remote access to my computer I start thinking have I been scammed? I currently am having no issues with the computer but don't know if they did anything while they had remote access. I gave them my CC info to charge and that charge is on my CC. I searched and everything I am reading says they are a scam. I called them and someone does answer and denies that they are a legit company. I am not sure what to do at this point - they did post once on here http://www.bleepingcomputer.com/forums/topic324874.html/page__p__1804071__hl__pcexperts__fromsearch__1#entry1804071
at above link - I am asking if anyone knows if they are legit or not and were they lying that my email is gone (this is a ten year old email with lots of saved info)!!
Thanks for any help anyone can provide. I hope I havent made this to confusing.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Kathy at 8:41:34 on 2012-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.2030 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dmwu.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Southwest Airlines Ding\Ding\Ding.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Kathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines Ding\Ding\Ding.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-5-18 57952]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-5-18 20832]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-5-18 13408]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-18 2655768]
R2 WebOptimizer;WebOptimizer;C:\windows\System32\dmwu.exe [2012-9-26 1259888]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-5-18 57856]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-18 947304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-21 23:31:17 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E624783C-DDD6-48B5-A257-456B6546260B}\gapaengine.dll
2012-11-21 23:31:15 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA6DFA13-6DB3-493D-84B1-8045A510C285}\mpengine.dll
2012-11-21 23:30:06 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-21 23:30:04 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-21 21:42:48 -------- d-----w- C:\Users\Kathy\AppData\Local\LogMeIn Rescue Applet
2012-11-20 13:24:03 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F66A1905-7F20-452A-9C7A-BBDB8F984D46}\mpengine.dll
2012-11-16 09:06:38 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 09:06:37 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-16 09:06:37 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-16 09:06:37 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-16 09:01:38 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-16 09:01:38 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-16 09:01:38 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-16 09:01:38 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-16 09:01:38 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-16 09:01:38 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-16 09:01:38 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-13 18:03:15 -------- d-----w- C:\Users\Kathy\AppData\Local\Ashampoo Music Studio 2012
2012-11-13 18:02:38 -------- d-----w- C:\Users\Kathy\AppData\Local\Programs
2012-11-13 17:56:55 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2012-11-13 17:56:08 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-11-13 17:56:07 -------- d-----w- C:\ProgramData\Tarma Installer
2012-11-13 17:56:05 -------- d-----w- C:\Program Files (x86)\Download Manager and Options
.
==================== Find3M ====================
.
2012-11-21 20:58:58 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-21 20:58:58 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-10-08 03:56:34 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-08 03:56:34 821736 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-09-30 01:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-09-13 13:26:50 1259888 ----a-w- C:\windows\System32\dmwu.exe
2012-09-13 13:25:38 35328 ----a-w- C:\windows\System32\ImHttpComm.dll
2012-09-12 02:19:05 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 04:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 04:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-28 15:14:19 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2012-08-28 15:14:16 916456 ----a-w- C:\windows\System32\deployJava1.dll
2012-08-28 15:14:16 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
.
============= FINISH: 8:41:52.91 ===============

Attached Files


Edited by kathy915, 22 November 2012 - 01:38 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 26 November 2012 - 09:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 26 November 2012 - 11:52 PM

I just subscribed - also my son installed combo dragon on the computer since I posted and I had to download 7 zip file manager to zip the file

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 27 November 2012 - 06:50 PM

I don't know PC Care Experts but if you were directed there by AT&T that is a bit surprising, I would have thought they wouldn't have been able to refer to a third party. Anyway, let's check out your PC (for free! :))

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE

#5 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 27 November 2012 - 09:08 PM

I spoke to yahoo email help and they said they would not redirect you to a 3rd party. Another lesson learned in this computer world. Thanks again fpor your help. I also deleted Microsoft essentials that PC experts downloaded because it kept blocking combo fix.

ComboFix 12-11-27.01 - Kathy 11/27/2012 19:31:04.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.1873 [GMT -6:00]
Running from: c:\users\Kathy\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\smartdl
c:\program files (x86)\smartdl\gunzip.exe
c:\program files (x86)\smartdl\status
c:\program files (x86)\smartdl\TorrentSearch.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 01:35 . 2012-11-28 01:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-28 01:35 . 2012-11-28 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 06:25 . 2012-11-24 06:25 -------- d-----w- c:\users\Kathy\AppData\Local\Macromedia
2012-11-23 04:14 . 2012-11-23 04:14 -------- d-----w- C:\GeekBuddyRSP
2012-11-23 04:14 . 2012-11-23 04:14 -------- d-----w- c:\program files (x86)\Common Files\Comodo
2012-11-23 04:13 . 2012-11-23 04:13 -------- d-----w- c:\programdata\CPA_VA
2012-11-23 04:12 . 2012-11-23 04:29 45832 ----a-w- c:\windows\SysWow64\certsentry.dll
2012-11-23 04:12 . 2012-11-23 04:29 54024 ----a-w- c:\windows\system32\certsentry.dll
2012-11-23 04:06 . 2012-11-23 04:14 -------- d-----w- c:\programdata\Comodo
2012-11-23 04:05 . 2012-11-23 04:13 -------- d-----w- c:\program files\COMODO
2012-11-23 04:05 . 2012-11-23 04:05 -------- d-----w- c:\users\Kathy\AppData\Local\Comodo
2012-11-23 04:05 . 2012-11-23 04:14 -------- d-----w- c:\program files (x86)\Comodo
2012-11-23 04:05 . 2012-11-23 04:05 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-11-22 17:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-22 17:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-22 17:30 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-22 17:30 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-22 17:30 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-22 17:30 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-22 17:30 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-22 17:30 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-22 17:30 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-22 17:30 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-22 17:30 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-22 15:58 . 2012-11-22 15:58 -------- d-----w- c:\programdata\Motive
2012-11-22 14:57 . 2012-11-22 14:57 -------- d-----w- c:\program files (x86)\7-Zip
2012-11-22 14:57 . 2012-11-22 14:57 -------- d-----w- c:\programdata\Yahoo!
2012-11-22 14:57 . 2012-11-23 04:03 -------- d-----w- c:\programdata\Yahoo! Companion
2012-11-22 14:57 . 2012-11-22 14:57 -------- d-----w- c:\program files (x86)\Yahoo!
2012-11-22 14:57 . 2012-11-22 14:57 -------- d-----w- c:\users\Kathy\AppData\Roaming\Yahoo!
2012-11-21 21:42 . 2012-11-22 02:23 -------- d-----w- c:\users\Kathy\AppData\Local\LogMeIn Rescue Applet
2012-11-20 13:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F66A1905-7F20-452A-9C7A-BBDB8F984D46}\mpengine.dll
2012-11-16 09:06 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 09:06 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 09:06 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 09:06 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 09:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 09:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 09:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 09:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 09:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-13 18:03 . 2012-11-13 18:05 -------- d-----w- c:\users\Kathy\AppData\Local\Ashampoo Music Studio 2012
2012-11-13 18:02 . 2012-11-13 18:02 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2012-11-13 17:56 . 2012-11-13 17:59 -------- d-----w- c:\program files (x86)\Free Download Manager
2012-11-13 17:56 . 2012-11-13 17:56 -------- d-----w- c:\program files (x86)\Yontoo
2012-11-13 17:56 . 2012-11-13 17:56 -------- d-----w- c:\programdata\Tarma Installer
2012-11-13 17:56 . 2012-11-13 17:59 -------- d-----w- c:\program files (x86)\Download Manager and Options
2012-11-08 05:38 . 2012-11-08 05:38 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-08 05:38 . 2012-11-08 05:38 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-08 05:38 . 2012-11-08 05:38 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-08 05:37 . 2012-11-08 05:37 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-08 05:37 . 2012-11-08 05:37 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-08 05:37 . 2012-11-08 05:37 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-08 05:37 . 2012-11-08 05:37 390392 ----a-w- c:\windows\system32\guard64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 06:25 . 2012-04-04 23:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-24 06:25 . 2011-11-20 13:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-16 09:01 . 2012-02-09 14:44 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 20:00 . 2012-02-27 17:59 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-11-09 20:00 . 2012-02-27 17:58 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-09 20:00 . 2012-02-27 17:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-08 03:56 . 2012-10-08 03:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-08 03:56 . 2012-05-03 09:51 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-30 01:54 . 2012-06-18 20:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 18:46 . 2012-03-04 02:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-20 18:46 . 2012-03-04 02:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-14 19:19 . 2012-10-10 13:27 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 13:26 . 2012-09-26 17:19 1259888 ----a-w- c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-26 17:19 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-12 02:19 . 2012-02-28 00:38 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-09-07 04:21 . 2012-09-07 04:21 8192 ----a-r- c:\users\Kathy\AppData\Roaming\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
2012-08-31 18:19 . 2012-10-10 13:27 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 13:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:27 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 13:27 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-08-31 . E453ACF4E7D44E5530B5D5F2B9CA8563 . 1659760 . . [6.1.7601.17945] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys
[7] 2012-08-31 . B2746D84DDF68D09B41B72DF745CCBA6 . 1687408 . . [6.1.7601.22104] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\erdnt\cache64\ntfs.sys
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[7] 2010-11-21 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[7] 2012-08-31 . E453ACF4E7D44E5530B5D5F2B9CA8563 . 1659760 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2012-10-03 . 37608401DFDB388CAF66917F6B2D6FB0 . 1914248 . . [6.1.7601.17964] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[7] 2012-10-03 . D5707FC2300AA5B04B7BFE86D40C0133 . 1902472 . . [6.1.7601.22124] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[7] 2012-08-22 . F782CAD3CEDBB3F9FFE3BF2775D92DDC . 1913200 . . [6.1.7601.17939] .. c:\windows\erdnt\cache64\tcpip.sys
[7] 2012-08-22 . F782CAD3CEDBB3F9FFE3BF2775D92DDC . 1913200 . . [6.1.7601.17939] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[7] 2012-08-22 . 7880A26B7D3B96FDA8EFD9F985036B1D . 1901936 . . [6.1.7601.22097] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7601.17802] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[7] 2012-03-30 . 885B202006EE17AE99B9FBCEC9AF88C9 . 1901424 . . [6.1.7601.21954] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-04-25 . B77977AEB2FF159D01DB08A309989C5F . 1927552 . . [6.1.7601.21712] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[7] 2011-04-25 . 92CE29D95AC9DD2D0EE9061D551BA250 . 1923968 . . [6.1.7601.17603] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[7] 2011-03-19 . CB6A53EF141CC3DA32DA54F7E75D301B . 1927552 . . [6.1.7601.21687] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[7] 2011-03-19 . DC08410DB2D0CC542DACAC7A90E6CB7A . 1924480 . . [6.1.7601.17582] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[7] 2010-11-21 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[7] 2012-10-03 . 37608401DFDB388CAF66917F6B2D6FB0 . 1914248 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2012-06-04 . 7E7D2DACF65D750D466F36BD3D09AE20 . 186880 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[7] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7601.17856] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7601.17827] .. c:\windows\erdnt\cache64\cryptsvc.dll
[7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7601.17827] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[7] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7601.21979] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[7] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2012-08-20 . EAF41CFBA5281834CBC383C710AC7965 . 1162240 . . [6.1.7601.17932] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll
[7] 2012-08-20 . 624B34180C79D67C470C155DB81FFB8E . 1163264 . . [6.1.7601.22091] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\erdnt\cache64\kernel32.dll
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[7] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[7] 2012-08-20 . EAF41CFBA5281834CBC383C710AC7965 . 1162240 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
.
[7] 2012-10-08 . 6D4F838E72EEEB3D6FB16A5A45632560 . 17811968 . . [9.00.8112.16455] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_87c4e241f4e1f6f6\mshtml.dll
[7] 2012-10-08 . 1FB8062D4C3A4C7B8ECA7BBD1E743000 . 17812992 . . [9.00.8112.20562] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_8840ae430e0a66ac\mshtml.dll
[7] 2012-08-24 . F244DA6DD2C365ABAFD076222C22C2BE . 17810944 . . [9.00.8112.16450] .. c:\windows\erdnt\cache64\mshtml.dll
[7] 2012-08-24 . F244DA6DD2C365ABAFD076222C22C2BE . 17810944 . . [9.00.8112.16450] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_87bfe0cff4e67843\mshtml.dll
[7] 2012-08-24 . 522A528C296A9AEF3F0C289FF7093315 . 17810944 . . [9.00.8112.20557] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_88507fa10dfdc96e\mshtml.dll
[7] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16448] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll
[7] 2012-06-29 . C4DE0E2B31F60ACB15E6B4154E26298A . 17809920 . . [9.00.8112.20554] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll
[7] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16447] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll
[7] 2012-06-02 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.20553] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll
[7] 2012-05-18 . DE469470D93DEB4A1A81EDE72B848198 . 17807360 . . [9.00.8112.16446] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll
[7] 2012-05-18 . BE1E4779329040ED334651CD877C416D . 17807360 . . [9.00.8112.20551] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll
[7] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16443] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll
[7] 2012-02-28 . 97BB8C752A400556A4FF2E1AAFA0A138 . 17790976 . . [9.00.8112.20548] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll
[7] 2012-01-01 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll
[7] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16441] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
[7] 2011-12-14 . 153963F44A26A7840ACDF52C2CD1B9DC . 17790464 . . [9.00.8112.20546] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_885a4f430df69426\mshtml.dll
[7] 2011-11-05 . 312DD305113BE3ACA3A849B45048247E . 9018880 . . [8.00.7601.17720] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_8c1491faafd6aebd\mshtml.dll
[7] 2011-11-05 . 8CCB66627CF562B7294847277A0F9F68 . 9018368 . . [8.00.7601.21855] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_8c82c073c908210d\mshtml.dll
[7] 2011-10-01 . 6954EE1BBF29632A73791910E89951A8 . 9011200 . . [8.00.7601.17699] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_8bd1e33ab007593c\mshtml.dll
[7] 2011-10-01 . 187A4AE835C9C269447A7ACE944744FB . 9011200 . . [8.00.7601.21830] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_8c935ed9c8fc6a78\mshtml.dll
[7] 2011-01-07 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll
[7] 2011-01-07 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll
[7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[7] 2012-10-08 . 6D4F838E72EEEB3D6FB16A5A45632560 . 17811968 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[7] 2012-10-08 . A19DB004D954BBC9C4EC125711E1D1C2 . 1392128 . . [9.00.8112.16455] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_766ac323748b8dc0\wininet.dll
[7] 2012-10-08 . 789EAD6F3CE42F3322818988400986E9 . 1392128 . . [9.00.8112.20562] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_76e68f248db3fd76\wininet.dll
[7] 2012-08-24 . 3D165C53E40236A68B7102D1A622D4E0 . 1392128 . . [9.00.8112.16450] .. c:\windows\erdnt\cache64\wininet.dll
[7] 2012-08-24 . 3D165C53E40236A68B7102D1A622D4E0 . 1392128 . . [9.00.8112.16450] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_7665c1b174900f0d\wininet.dll
[7] 2012-08-24 . 456D4E9006DF149C250D40B813290471 . 1392128 . . [9.00.8112.20557] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_76f660828da76038\wininet.dll
[7] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16448] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_767893ed7480bdd4\wininet.dll
[7] 2012-06-29 . 8BA7EDA2656ED7FBC93BDD5CB02B8D4E . 1392128 . . [9.00.8112.20554] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_76f35fa48daa1433\wininet.dll
[7] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16447] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll
[7] 2012-06-02 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.20553] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll
[7] 2012-05-18 . 870ECFEBD41C7B8F9C6777748368D51F . 1392128 . . [9.00.8112.16446] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll
[7] 2012-05-18 . BDC16D105BF011D4B1C3F09CF7A64314 . 1392128 . . [9.00.8112.20551] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll
[7] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16443] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll
[7] 2012-02-28 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.20548] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll
[7] 2012-01-01 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll
[7] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16441] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll
[7] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.20546] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll
[7] 2011-11-05 . 4EFC156290537BB9706D3A7A1A4B8733 . 1188864 . . [8.00.7601.17720] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_7aba72dc2f804587\wininet.dll
[7] 2011-11-05 . 8F2CC83B92626A3B7E1DF360720FAD30 . 1189376 . . [8.00.7601.21855] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_7b28a15548b1b7d7\wininet.dll
[7] 2011-08-20 . DB33A1489C1DA1F37AC2D84CB9756DD1 . 1188864 . . [8.00.7601.17671] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_7a8561a42fa7ed6c\wininet.dll
[7] 2011-08-20 . 2B4973A8A9D0336EEF6E10DBD6E5B87D . 1189376 . . [8.00.7601.21795] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_7afd5fbf48d22a74\wininet.dll
[7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2012-10-08 . A19DB004D954BBC9C4EC125711E1D1C2 . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[7] 2012-08-30 . FE905D59663E86BFE51623947B7425FD . 5559664 . . [6.1.7601.17944] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe
[7] 2012-08-30 . A0D1C0E813A7C6E17C029375AC2ACE18 . 5562736 . . [6.1.7601.22103] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\erdnt\cache64\ntoskrnl.exe
[7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[7] 2011-11-19 . 1AFFF8D5352AECEF2ECD47FFA02D7F7D . 5559152 . . [6.1.7601.17727] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe
[7] 2011-11-19 . 70A2D18E0B2A1ADBAE90008684E030AC . 5561200 . . [6.1.7601.21863] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe
[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2012-08-30 . FE905D59663E86BFE51623947B7425FD . 5559664 . . [6.1.7601.17944] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
[7] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7601.22010] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[7] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7601.17856] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] .. c:\windows\erdnt\cache86\cryptsvc.dll
[7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[7] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7601.21979] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[7] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[7] 2012-08-20 . 9B98D47916EAD4F69EF51B56B0C2323C . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll
[7] 2012-08-20 . 9B98D47916EAD4F69EF51B56B0C2323C . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
[7] 2012-08-20 . 305681B4B695D4A888B941965FFC2C17 . 1114112 . . [6.1.7601.22091] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
[7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\erdnt\cache86\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[7] 2010-11-21 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[7] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[7] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16455] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_92198c942942b8f1\mshtml.dll
[7] 2012-10-08 . F7B251DA2FA89933771289793DCAA08B . 12321280 . . [9.00.8112.20562] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_92955895426b28a7\mshtml.dll
[7] 2012-08-24 . 975D1EA99A0FE8104B72440995B3C20B . 12319744 . . [9.00.8112.20557] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_92a529f3425e8b69\mshtml.dll
[7] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16450] .. c:\windows\erdnt\cache86\mshtml.dll
[7] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16450] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_92148b2229473a3e\mshtml.dll
[7] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16448] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll
[7] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.20554] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll
[7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16447] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll
[7] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.20553] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll
[7] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16446] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll
[7] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.20551] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll
[7] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16443] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll
[7] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.20548] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll
[7] 2012-01-01 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16440] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll
[7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16441] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll
[7] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.20546] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll
[7] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7601.17720] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_96693c4ce43770b8\mshtml.dll
[7] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7601.21855] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_96d76ac5fd68e308\mshtml.dll
[7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7601.21830] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_96e8092bfd5d2c73\mshtml.dll
[7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7601.17699] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_96268d8ce4681b37\mshtml.dll
[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll
[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll
[7] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[7] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[7] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16455] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll
[7] 2012-10-08 . 6E3AC8A54A1881806BA2B58539483788 . 1129472 . . [9.00.8112.20562] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll
[7] 2012-08-24 . 2895E29EFCFC0B1BCF8AEE1A0C67913C . 1129472 . . [9.00.8112.20557] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_1ad7c4fed549ef02\wininet.dll
[7] 2012-08-24 . 5553611E2F9EA6F613079177F1233068 . 1129472 . . [9.00.8112.16450] .. c:\windows\erdnt\cache86\wininet.dll
[7] 2012-08-24 . 5553611E2F9EA6F613079177F1233068 . 1129472 . . [9.00.8112.16450] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_1a47262dbc329dd7\wininet.dll
[7] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16448] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
[7] 2012-06-28 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.20554] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
[7] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16447] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
[7] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.20553] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
[7] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16446] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
[7] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.20551] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
[7] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16443] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[7] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.20548] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[7] 2012-01-01 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16440] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16441] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[7] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.20546] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll
[7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[7] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] .. c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\erdnt\cache86\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-11-19 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[7] 2011-11-19 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2010-11-21 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[7] 2012-10-08 . 270A1342BD5AF95CA25A586B4C2F1522 . 748704 . . [9.00.8112.16455] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[7] 2012-10-08 . CECB15F834FC2B4B150449717ADE18DD . 748704 . . [9.00.8112.20562] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[7] 2012-08-24 . 62188720CE27B982B4285C03163C9FB3 . 748680 . . [9.00.8112.20557] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[7] 2012-08-24 . 22CC6CDBA678790046693654C3B212E4 . 748680 . . [9.00.8112.16450] .. c:\windows\erdnt\cache86\iexplore.exe
[7] 2012-08-24 . 22CC6CDBA678790046693654C3B212E4 . 748680 . . [9.00.8112.16450] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[7] 2012-06-29 . 93569D46D79F9756ED077156496AFE23 . 748664 . . [9.00.8112.16448] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[7] 2012-06-28 . EB4105348272018D096FEB655CD1608C . 748664 . . [9.00.8112.20554] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[7] 2012-06-02 . 34B01BBD8F00B6B9C9248DC4F1E3CD01 . 748664 . . [9.00.8112.16447] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[7] 2012-06-02 . BE967C74B89577B78FB57C061E12B04C . 748664 . . [9.00.8112.20553] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[7] 2012-05-17 . 0129BB16161C2FD9A6B19111AB047198 . 748664 . . [9.00.8112.16446] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[7] 2012-05-17 . 268982F1FD671A077C6A2AF41E351436 . 748664 . . [9.00.8112.20551] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[7] 2012-01-01 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2010-11-21 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
.
.
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[7] 2012-08-30 . 5355A85D26EECFA3A68B1F55B0C59A20 . 3917168 . . [6.1.7601.22103] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[7] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\erdnt\cache86\ntoskrnl.exe
[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[7] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[7] 2011-11-19 . F0F0E99A65F598A1A7720F5111C4DA8F . 3913584 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[7] 2011-11-19 . 00B12EA93ED392FBD09F07B63E926647 . 3916656 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines Ding\Ding\Ding.exe [2006-6-22 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2012-11-1 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-05-18 57952]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-05-18 13408]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-11-08 22736]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-08 584056]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-11-01 70352]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-11-15 1868432]
S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [2010-12-17 57856]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-06-24 947304]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:25]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 23:53]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 23:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\
FF - ExtSQL: 2012-11-23 15:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-23 15:30; ClickCutterFFAutoCopy@clickcutter.com; c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions\ClickCutterFFAutoCopy@clickcutter.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
Wow6432Node-HKLM-Run-tvncontrol - c:\program files (x86)\Common Files\Comodo\tvnserver.exe
WebBrowser-{2421D847-721C-404F-87B4-BBD2B95D1087} - (no file)
AddRemove-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\uninstall.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-27 19:41:19
ComboFix-quarantined-files.txt 2012-11-28 01:41
.
Pre-Run: 1,375,182,344,192 bytes free
Post-Run: 1,375,728,115,712 bytes free
.
- - End Of File - - 091C603101A611A42A179D36EB90E61E

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 28 November 2012 - 07:45 PM

Good news, Combofix didn't find anything so let's now run an online scan to look for lesser threats

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#7 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 29 November 2012 - 12:01 AM

I did give that company remote access to my computer and they were on it for about 2 hrs

Here was what you needed:

This was scan results (but I beleive they were all deleted)

C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Kathy\AppData\Local\Temp\NOD5C6C.tmp a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\Kathy\Desktop\New folder (8)\red and black\corel_paint_shop_pro_x4_activation_code.rar_downloader_224a.exe a variant of Win32/YourFileDownloader application cleaned by deleting - quarantined

I clicked to delete quarentined files and hit finish

Heres the log had to search for it
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7e7dee2377f47844882c9db41bd3152d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-29 04:42:43
# local_time=2012-11-28 10:42:43 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 0 3821294 0 0
# compatibility_mode=5893 16776573 100 94 0 105705146 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=161072
# found=4
# cleaned=4
# scan_time=2467
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Kathy\AppData\Local\Temp\NOD5C6C.tmp a variant of Win32/Adware.Yontoo.A application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\Kathy\Desktop\New folder (8)\red and black\corel_paint_shop_pro_x4_activation_code.rar_downloader_224a.exe a variant of Win32/YourFileDownloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 29 November 2012 - 08:28 PM

Let's check that, it looks like it's failing to delete on reboot

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Posted Image
m0le is a proud member of UNITE

#9 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 30 November 2012 - 12:26 AM

# AdwCleaner v2.010 - Logfile created 11/29/2012 at 23:24:19
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kathy - KATHY-PC
# Boot Mode : Normal
# Running from : C:\Users\Kathy\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Kathy\AppData\Local\Conduit
Folder Found : C:\Users\Kathy\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kathy\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Kathy\AppData\Roaming\yourfiledownloader
Folder Found : C:\windows\SysWOW64\WNLT

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Web Assistant
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKU\S-1-5-21-3671395269-1973450857-935886706-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.12] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=F033DA9FEF3E5E205FB22950632E985F&tbp=homepage&v=1_2",
Found [l.1435] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=F033DA9FEF3E5E205FB22950632E985F&tbp=homepage&v=1_2",

*************************

AdwCleaner[R1].txt - [5344 octets] - [29/11/2012 23:24:19]

########## EOF - C:\AdwCleaner[R1].txt - [5404 octets] ##########

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 01 December 2012 - 07:29 AM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Posted Image
m0le is a proud member of UNITE

#11 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 01 December 2012 - 10:50 AM

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 09:42:14
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kathy - KATHY-PC
# Boot Mode : Normal
# Running from : C:\Users\Kathy\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Kathy\AppData\Local\Conduit
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kathy\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Kathy\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKU\S-1-5-21-3671395269-1973450857-935886706-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa[...]
Deleted [l.1435] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u[...]

*************************

AdwCleaner[R1].txt - [5457 octets] - [29/11/2012 23:24:19]
AdwCleaner[S1].txt - [5329 octets] - [01/12/2012 09:42:14]

########## EOF - C:\AdwCleaner[S1].txt - [5389 octets] ##########

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 01 December 2012 - 06:28 PM

That's the rest of the adware dealt with. Please run OTL so I can take a last look manually

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#13 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 02 December 2012 - 03:28 AM

Since we are almost done I have three questions 1) Was there anything unusual or harmful on my computer? and 2) If the other company had remote access for about 2 hours shouldn't they have cleaned all this up? 3) Should or can I have comcast change my IP address as a precaution since I have come to understand they can reacess my computer at any time that way?
Thanks again for all you time and help !!



OTL logfile created on: 12/2/2012 2:16:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.85 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 68.55% Memory free
11.70 Gb Paging File | 9.74 Gb Available in Paging File | 83.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1372.09 Gb Total Space | 1280.33 Gb Free Space | 93.31% Space Free | Partition Type: NTFS
Drive F: | 968.25 Mb Total Space | 879.69 Mb Free Space | 90.85% Space Free | Partition Type: FAT

Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/02 02:16:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Downloads\OTL.exe
PRC - [2012/11/28 05:45:16 | 001,868,432 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012/11/20 00:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/01 08:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
PRC - [2012/11/01 08:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
PRC - [2012/11/01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
PRC - [2012/10/31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/08 10:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/10/05 07:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 07:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/09 12:19:08 | 000,265,216 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files (x86)\Southwest Airlines Ding\Ding\Ding.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/20 00:17:34 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/16 03:37:16 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/16 03:37:07 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/16 03:30:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/16 03:30:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 03:30:17 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/16 03:30:08 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 03:30:03 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 03:30:01 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/16 03:29:53 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 03:29:49 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 03:29:47 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 03:29:46 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 03:29:39 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/20 19:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/09/20 11:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/09/09 12:19:30 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
MOD - [2010/09/09 12:18:58 | 000,211,456 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/07 23:37:40 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/13 07:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/28 05:45:16 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/11/24 00:25:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/20 00:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012/10/31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/05 07:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 07:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/07 23:37:58 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 17:53:51 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/05/18 17:53:51 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 21:44:24 | 000,057,856 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 22:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 00:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/09/20 19:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/23 19:23:52 | 000,947,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/08 07:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2010/03/22 19:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes\{2B335528-1AFC-4945-BD99-8C3E291A0855}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_enUS456US456
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_enUS456US456
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes\{7CD31641-0BB2-4EE7-9019-B4A21FF10C78}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ClickCutterFFAutoCopy%40clickcutter.com:1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/23 15:27:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/23 15:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2012/10/06 19:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\extensions
[2012/11/23 15:31:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions
[2012/11/23 15:30:58 | 000,031,378 | ---- | M] () (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions\ClickCutterFFAutoCopy@clickcutter.com.xpi
[2012/11/23 15:28:54 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\r15i7la1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/23 15:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/20 00:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 00:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 00:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/11/27 19:35:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines Ding\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35FEA2FF-196B-4271-BC0A-57E9EE1B3B9B}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D32F1A80-B3A1-48D1-BCF3-34A17114EBFA}: NameServer = 8.26.56.26,156.154.70.22
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/29 08:55:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/28 21:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/27 19:28:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/27 19:26:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/27 19:26:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/27 19:26:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/27 19:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/24 00:25:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Macromedia
[2012/11/23 15:27:41 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Mozilla
[2012/11/23 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/23 15:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/22 22:14:09 | 000,000,000 | ---D | C] -- C:\GeekBuddyRSP
[2012/11/22 22:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012/11/22 22:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/11/22 22:12:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/11/22 22:12:26 | 000,054,024 | ---- | C] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
[2012/11/22 22:12:26 | 000,045,832 | ---- | C] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
[2012/11/22 22:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/11/22 22:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/11/22 22:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/11/22 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Comodo
[2012/11/22 22:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/11/22 22:05:40 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2012/11/22 11:32:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/22 11:32:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2012/11/22 11:32:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/22 11:32:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2012/11/22 11:32:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys
[2012/11/22 11:32:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2012/11/22 11:32:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2012/11/22 11:32:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2012/11/22 11:32:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2012/11/22 11:32:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2012/11/22 11:32:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2012/11/22 11:32:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2012/11/22 11:32:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2012/11/22 11:32:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2012/11/22 11:32:08 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2012/11/22 11:32:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2012/11/22 11:32:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2012/11/22 11:32:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2012/11/22 11:32:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2012/11/22 11:32:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2012/11/22 11:32:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2012/11/22 11:32:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2012/11/22 11:32:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2012/11/22 11:32:04 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2012/11/22 11:32:03 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2012/11/22 11:30:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/11/22 11:30:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/11/22 11:30:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/11/22 11:30:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/11/22 09:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/11/22 08:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/11/22 08:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/11/22 08:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/11/22 08:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/11/22 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Yahoo!
[2012/11/22 08:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/11/21 15:42:48 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\LogMeIn Rescue Applet
[2012/11/16 15:49:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\siue
[2012/11/16 03:06:37 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 03:06:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/16 03:02:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/16 03:02:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/16 03:02:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/16 03:02:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/16 03:02:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/16 03:02:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/16 03:02:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/16 03:02:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/16 03:02:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/16 03:02:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/16 03:02:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/16 03:02:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/16 03:02:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/16 03:02:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/16 03:02:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/16 03:01:38 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/16 03:01:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/16 03:01:38 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/16 03:01:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 23:19:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/15 23:19:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/15 23:19:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/15 23:19:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/15 23:19:18 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/15 23:19:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/15 23:19:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/15 23:19:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/15 23:19:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/15 23:19:09 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/15 23:19:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012/11/13 12:03:15 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Ashampoo Music Studio 2012
[2012/11/13 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2012/11/13 11:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012/11/13 11:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Download Manager and Options
[2012/11/13 09:36:48 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\brendan mckendree
[2012/11/07 23:37:58 | 000,022,736 | ---- | C] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys
[2012/11/07 23:37:38 | 000,041,240 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdcsr.dll
[2012/11/07 23:37:36 | 000,301,264 | ---- | C] (COMODO) -- C:\windows\SysWow64\guard32.dll
[2012/11/07 23:37:32 | 000,390,392 | ---- | C] (COMODO) -- C:\windows\SysNative\guard64.dll
[2011/05/18 17:53:07 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/02 01:36:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 01:31:38 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 01:31:36 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012/12/01 17:35:04 | 000,054,024 | ---- | M] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
[2012/12/01 17:35:04 | 000,045,832 | ---- | M] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
[2012/12/01 09:50:56 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 09:50:56 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 09:47:57 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/01 09:47:57 | 000,624,162 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/01 09:47:57 | 000,106,538 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/01 09:44:26 | 000,685,545 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/12/01 09:43:12 | 417,665,023 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/28 22:19:05 | 000,002,479 | ---- | M] () -- C:\scu.dat
[2012/11/27 19:35:37 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/27 19:28:27 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/11/27 19:21:25 | 000,775,713 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
[2012/11/24 00:25:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/11/24 00:25:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/23 15:27:31 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 22:14:07 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/11/22 22:14:07 | 000,001,962 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/11/22 22:14:07 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/11/22 22:08:22 | 000,000,136 | ---- | M] () -- C:\windows\wininit.ini
[2012/11/22 22:06:16 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2012/11/22 22:06:01 | 000,001,069 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/11/22 22:05:52 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/11/22 22:05:40 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
[2012/11/22 11:37:53 | 000,002,308 | ---- | M] () -- C:\Users\Kathy\Desktop\New Compressed (zipped) Folder.zip
[2012/11/22 09:17:09 | 000,002,205 | ---- | M] () -- C:\Users\Kathy\Desktop\Attach.7z
[2012/11/22 09:00:10 | 000,696,320 | ---- | M] () -- C:\Users\Kathy\Documents\Database1.accdb
[2012/11/22 08:57:30 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\7-Zip File Manager.lnk
[2012/11/21 23:52:20 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job
[2012/11/21 17:26:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/16 03:26:19 | 000,522,616 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/13 12:03:09 | 000,001,299 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 2012.lnk
[2012/11/13 12:03:09 | 000,000,181 | ---- | M] () -- C:\Users\Public\Desktop\Software Deals.url
[2012/11/07 23:37:58 | 000,022,736 | ---- | M] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys
[2012/11/07 23:37:38 | 000,041,240 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdcsr.dll
[2012/11/07 23:37:36 | 000,301,264 | ---- | M] (COMODO) -- C:\windows\SysWow64\guard32.dll
[2012/11/07 23:37:32 | 000,390,392 | ---- | M] (COMODO) -- C:\windows\SysNative\guard64.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 22:12:26 | 000,002,479 | ---- | C] () -- C:\scu.dat
[2012/11/27 19:26:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/27 19:26:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/27 19:26:31 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/27 19:26:31 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/27 19:26:31 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/23 15:27:31 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/23 15:27:31 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 22:14:07 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/11/22 22:14:07 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/11/22 22:14:07 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/11/22 22:08:22 | 000,000,136 | ---- | C] () -- C:\windows\wininit.ini
[2012/11/22 22:07:10 | 000,775,713 | ---- | C] () -- C:\windows\SysNative\drivers\sfi.dat
[2012/11/22 22:06:16 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2012/11/22 22:06:01 | 000,001,069 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/11/22 22:05:52 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/11/22 11:37:45 | 000,002,308 | ---- | C] () -- C:\Users\Kathy\Desktop\New Compressed (zipped) Folder.zip
[2012/11/22 09:16:17 | 000,002,205 | ---- | C] () -- C:\Users\Kathy\Desktop\Attach.7z
[2012/11/22 08:57:30 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\7-Zip File Manager.lnk
[2012/11/21 23:52:20 | 000,000,892 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cdc875899bf979.job
[2012/11/21 17:54:00 | 000,247,773 | ---- | C] () -- C:\Users\Kathy\Desktop\PC Care Experts - Safe Cart.pdf
[2012/11/21 17:30:16 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/11/16 03:06:40 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 03:01:38 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 12:03:09 | 000,001,299 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 2012.lnk
[2012/11/13 12:03:09 | 000,000,181 | ---- | C] () -- C:\Users\Public\Desktop\Software Deals.url
[2012/04/04 20:24:02 | 000,003,302 | ---- | C] () -- C:\windows\BRPARAM.INI
[2012/02/27 18:38:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/23 13:03:03 | 000,000,245 | ---- | C] () -- C:\windows\PowerReg.dat
[2011/05/19 07:29:37 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2011/05/18 18:36:53 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011/05/18 18:36:53 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2011/05/18 17:46:00 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2011/05/18 17:46:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe
[2011/05/18 17:45:58 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe
[2011/05/18 17:45:58 | 000,000,767 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2011/05/18 17:45:58 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2011/05/18 17:45:06 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/05/18 17:43:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/02/12 13:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:59 PM

Posted 02 December 2012 - 05:27 PM

Yes, I believe they should have been able to remove this adware but some people would leave these files here as they are borderline. There's nothing very nasty here at all. The OTL clean below is just to remove one piece of adware and clear your temp folder. Your ISP should be able to change the IP address if you request it, or at least guide you through the router configuration that you need to do.


We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\S-1-5-21-3671395269-1973450857-935886706-1002\..\SearchScopes\{2B335528-1AFC-4945-BD99-8C3E291A0855}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
    :commands
    [EmptyTemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Posted Image
m0le is a proud member of UNITE

#15 kathy915

kathy915
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 02 December 2012 - 09:40 PM

Thanks for the info. Also is comodo antivirus good - my son put it on here. I also have malwarebytes.


All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3671395269-1973450857-935886706-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2B335528-1AFC-4945-BD99-8C3E291A0855}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B335528-1AFC-4945-BD99-8C3E291A0855}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathy
->Temp folder emptied: 323323 bytes
->Temporary Internet Files folder emptied: 283543801 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 363567250 bytes
->Google Chrome cache emptied: 398147485 bytes
->Flash cache emptied: 5821 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65823405 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3160479 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,063.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12022012_203218

Files\Folders moved on Reboot...
File\Folder C:\Users\Kathy\AppData\Local\Temp\Low\~DF9089F3E7BCFECAF0.TMP not found!
C:\Users\Kathy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T7R3G49G\rsa[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users