Jump to content

Trojan.Dropper.BCMiner, Firewall Not Working


Recommended Posts

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thanks!

Here's is the report.

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Yumi [Admin rights]

Mode: Scan -- Date: 07/24/2012 14:05:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEVT-26A23T0 SATA Disk Device +++++

--- User ---

[MBR] 37813ef70d7816a7a17850ac08a6fa78

[bSP] a0066a7a7f8db035b72449acb6126d60 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9627 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19720192 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19924992 | Size: 295515 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

I restarted my computer, and I keep tapping F8 but I don't get the Advanced Boot Options.

But these are the reports I got:

Scan result of Farbar Recovery Scan Tool Version: 24-07-2012

Ran by Yumi at 24-07-2012 14:41:34

Running from D:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-07-24 14:21 - 2012-07-24 14:41 - 00000000 ____D C:\FRST

2012-07-24 14:05 - 2012-07-24 14:05 - 00001769 ____A C:\Users\Yumi\Desktop\RKreport[1].txt

2012-07-24 14:05 - 2012-07-24 14:05 - 00000000 ____D C:\Users\Yumi\Desktop\RK_Quarantine

2012-07-24 12:25 - 2012-07-24 12:25 - 00013480 ____A C:\Users\Yumi\Desktop\Attach.txt

2012-07-24 12:24 - 2012-07-24 12:24 - 00021300 ____A C:\Users\Yumi\Desktop\DDS.txt

2012-07-24 09:20 - 2012-07-24 09:20 - 00000000 ___AH C:\Users\Yumi\Documents\Default.rdp

2012-07-24 09:07 - 2012-07-24 09:07 - 00000020 ___SH C:\Users\QBDataServiceUser20\ntuser.ini

2012-07-24 09:07 - 2012-07-24 09:07 - 00000000 ____D C:\users\QBDataServiceUser20

2012-07-24 09:07 - 2011-11-15 18:36 - 00000000 ____D C:\Users\QBDataServiceUser20\AppData\Local\Microsoft Help

2012-07-24 09:07 - 2010-08-19 01:29 - 00000000 ____D C:\Users\QBDataServiceUser20\AppData\Roaming\Macromedia

2012-07-23 08:28 - 2012-07-23 08:28 - 00000000 __SHD C:\found.000

2012-07-20 09:10 - 2012-07-20 09:10 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-20 09:10 - 2012-07-20 09:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-20 09:10 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-19 16:26 - 2012-07-19 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.194C83E476DD5A74

2012-07-19 08:32 - 2012-07-19 08:34 - 00017920 __ASH C:\Users\Yumi\Desktop\Thumbs.db

2012-07-17 15:34 - 2012-07-17 15:34 - 00000000 ____D C:\Users\Yumi\AppData\Local\Macromedia

2012-07-17 15:33 - 2012-07-17 15:33 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-17 15:33 - 2012-07-17 15:33 - 00000000 ____D C:\Users\Yumi\AppData\Local\Mozilla

2012-07-17 15:33 - 2012-07-17 15:33 - 00000000 ____D C:\Users\All Users\Mozilla

2012-07-17 15:33 - 2012-07-17 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-07-17 15:33 - 2012-07-17 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-07-17 15:32 - 2012-07-17 15:32 - 16814136 ____A (Mozilla) C:\Users\Yumi\Downloads\Firefox Setup 14.0.1.exe

2012-07-17 12:34 - 2012-07-17 12:35 - 00005152 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-07-17 12:30 - 2012-07-17 12:36 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

2012-07-17 12:30 - 2012-07-17 12:30 - 00000000 ____D C:\Reg_Backup

2012-07-17 12:28 - 2012-07-17 12:28 - 00000000 ____D C:\Users\Yumi\Documents\tweaking.com_windows_repair_aio[1]

2012-07-17 10:51 - 2012-07-17 11:53 - 00000000 ____D C:\Users\Yumi\AppData\Local\Deployment

2012-07-17 10:51 - 2012-07-17 10:51 - 00000000 ____D C:\Users\Yumi\AppData\Local\Apps\2.0

2012-07-17 10:20 - 2012-07-17 15:33 - 00000000 ____D C:\Users\Yumi\AppData\Roaming\Mozilla

2012-07-17 10:20 - 2012-07-17 10:47 - 00000000 ____D C:\Users\All Users\WeCareReminder

2012-07-17 09:46 - 2012-07-17 09:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-17 09:35 - 2012-07-19 13:14 - 00000000 ____D C:\Users\All Users\0C1D173D000A5C5400091427F875F002

2012-07-17 09:15 - 2012-07-17 09:15 - 00191488 ____A C:\Users\Yumi\Downloads\07-16-2012 Canadian Invoice.xls

2012-07-16 11:51 - 2012-07-16 11:51 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice (1).xls

2012-07-16 11:23 - 2012-07-16 11:23 - 00021514 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342452164_68.tif

2012-07-16 09:22 - 2012-07-16 09:22 - 00014128 ____A C:\Users\Yumi\Downloads\AR Aging Summary (31).xlsx

2012-07-16 08:33 - 2012-07-16 08:33 - 00034068 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342439542_50.tif

2012-07-13 17:32 - 2012-07-13 17:32 - 00000000 ____A C:\Users\Yumi\Downloads\07-13-2012 Packing Slip (5).pdf.crdownload

2012-07-13 17:30 - 2012-07-13 17:30 - 00191488 ____A C:\Users\Yumi\Downloads\07-13-2012 Canadian Invoice.xls

2012-07-13 16:39 - 2012-07-13 16:39 - 00053955 ____A C:\Users\Yumi\Downloads\VOICE_20120713_1342211934_35.gsm

2012-07-13 16:37 - 2012-07-13 16:37 - 00015468 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342211834_44.tif

2012-07-13 15:45 - 2012-07-13 15:45 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (2).xls

2012-07-13 15:01 - 2012-07-13 15:01 - 00016064 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342206053_73.tif

2012-07-13 12:29 - 2012-07-13 12:29 - 00030934 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342196932_32.tif

2012-07-13 10:40 - 2012-07-13 10:40 - 00008758 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342190309_56.tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68.tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (5).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (4).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (3).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (2).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (1).tif

2012-07-12 11:03 - 2012-07-12 11:03 - 00189952 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (1).xls

2012-07-11 17:35 - 2012-06-11 23:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 17:12 - 2012-07-11 17:12 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice.xls

2012-07-11 14:08 - 2012-07-11 14:08 - 00015946 ____A C:\Users\Yumi\Downloads\FAX_20120711_1342027030_94.tif

2012-07-11 08:38 - 2012-06-09 01:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 08:38 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 08:38 - 2012-06-06 02:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 08:38 - 2012-06-06 02:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 08:38 - 2012-06-06 02:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 08:38 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 08:38 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 08:38 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-11 08:38 - 2012-06-02 01:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 08:38 - 2012-06-02 01:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 08:38 - 2012-06-02 01:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 08:38 - 2012-06-02 01:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 08:38 - 2012-06-02 01:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 08:38 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 08:38 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 08:38 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 08:38 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-11 08:38 - 2010-06-25 23:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 08:38 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-10 11:37 - 2012-07-10 11:37 - 00024790 ____A C:\Users\Yumi\Downloads\FAX_20120710_1341934528_34.tif

2012-07-09 15:46 - 2012-07-09 15:46 - 00008822 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341862824_30.tif

2012-07-09 14:34 - 2012-07-09 14:34 - 00011346 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341858809_69.tif

2012-07-09 08:46 - 2012-07-09 08:46 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (30).xlsx

2012-07-09 08:45 - 2012-07-09 08:45 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (29).xlsx

2012-07-06 12:34 - 2012-07-06 12:34 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice.xls

2012-07-05 17:21 - 2012-07-05 17:21 - 00027320 ____A C:\Users\Yumi\Downloads\FAX_20120705_1341522679_62.tif

2012-07-03 15:47 - 2012-07-03 15:47 - 00000000 ____D C:\Users\Yumi\AppData\Local\{EB852CEC-AF86-4DDB-BFDC-A6352CEE6402}

2012-07-03 15:47 - 2012-07-03 15:47 - 00000000 ____D C:\Users\Yumi\AppData\Local\{3C712FD6-C98D-44FF-8CFD-DD1D686239B3}

2012-07-03 08:32 - 2012-07-03 08:33 - 00028496 ____A C:\Users\Yumi\Downloads\FAX_20120702_1341267741_48.tif

2012-07-02 16:38 - 2012-07-02 16:38 - 00148992 ____A C:\Users\Yumi\Downloads\Quote Sheet.xls

2012-07-02 11:58 - 2012-07-02 11:58 - 00014464 ____A C:\Users\Yumi\Downloads\AR Aging Summary (28).xlsx

2012-07-02 09:51 - 2012-07-02 09:51 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (2).xls

2012-06-29 12:20 - 2012-06-29 12:20 - 00000000 ____D C:\Users\Yumi\AppData\Local\{8C2E87FE-B09A-4B5D-A714-9EA82FF71145}

2012-06-29 12:20 - 2012-06-29 12:20 - 00000000 ____D C:\Users\Yumi\AppData\Local\{1419143B-9D4E-4E5E-B04F-A879DD0C1410}

2012-06-29 11:47 - 2012-06-29 11:47 - 00043455 ____A C:\Users\Yumi\Downloads\Italian Wenge Inventory.xlsx

2012-06-29 11:19 - 2012-06-29 11:19 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (2).xls

2012-06-29 11:03 - 2012-06-29 11:03 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (1).xls

2012-06-29 09:31 - 2012-06-29 09:31 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice.xls

2012-06-29 08:44 - 2012-06-29 08:44 - 00016424 ____A C:\Users\Yumi\Downloads\FAX_20120629_1340973699_44.tif

2012-06-27 16:46 - 2012-06-27 16:46 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (1).xls

2012-06-27 16:45 - 2012-06-27 16:45 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice.xls

2012-06-27 15:53 - 2012-06-27 15:53 - 00011926 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340826708_93.tif

2012-06-27 14:14 - 2012-06-27 14:14 - 00026042 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340818459_33.tif

2012-06-27 11:07 - 2012-06-27 11:07 - 00018314 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340809412_72.tif

2012-06-26 12:38 - 2012-06-26 12:38 - 00048640 ____A C:\Users\Yumi\Downloads\6_26 Orlando, FL.xls

2012-06-26 11:45 - 2012-06-26 11:45 - 00012592 ____A C:\Users\Yumi\Downloads\FAX_20120626_1340725381_24.tif

2012-06-26 08:30 - 2012-06-26 08:30 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32 (1).tif

2012-06-26 08:28 - 2012-06-26 08:29 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32.tif

2012-06-25 14:40 - 2012-06-25 14:40 - 00007474 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340649565_39.tif

2012-06-25 14:40 - 2012-06-25 14:40 - 00000000 ____D C:\Users\Yumi\AppData\Local\{2BE283D9-ACF2-4122-8156-6E9897DC956D}

2012-06-25 08:42 - 2012-06-25 08:42 - 00014434 ____A C:\Users\Yumi\Downloads\AR Aging Summary (27).xlsx

============ 3 Months Modified Files ========================

2012-07-24 14:40 - 2010-09-03 19:48 - 02052277 ____A C:\Windows\WindowsUpdate.log

2012-07-24 14:38 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-24 14:38 - 2009-07-14 00:51 - 00075934 ____A C:\Windows\setupact.log

2012-07-24 14:34 - 2009-07-14 00:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-24 14:34 - 2009-07-14 00:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-24 14:13 - 2012-04-18 10:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-24 14:05 - 2012-07-24 14:05 - 00001769 ____A C:\Users\Yumi\Desktop\RKreport[1].txt

2012-07-24 12:25 - 2012-07-24 12:25 - 00013480 ____A C:\Users\Yumi\Desktop\Attach.txt

2012-07-24 12:24 - 2012-07-24 12:24 - 00021300 ____A C:\Users\Yumi\Desktop\DDS.txt

2012-07-24 09:28 - 2012-02-16 15:19 - 00001372 ____A C:\Users\Public\Desktop\QB Connection Diagnostic Tool.lnk

2012-07-24 09:20 - 2012-07-24 09:20 - 00000000 ___AH C:\Users\Yumi\Documents\Default.rdp

2012-07-24 09:07 - 2012-07-24 09:07 - 00000020 ___SH C:\Users\QBDataServiceUser20\ntuser.ini

2012-07-23 13:23 - 2009-07-14 01:13 - 00004978 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-23 11:44 - 2011-03-07 09:27 - 00019475 ____A C:\Users\Yumi\Desktop\AR Aging Summary.xlsx

2012-07-23 08:30 - 2010-08-19 01:58 - 00358832 ____A C:\Windows\PFRO.log

2012-07-20 09:10 - 2012-07-20 09:10 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-19 16:26 - 2012-07-19 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.194C83E476DD5A74

2012-07-19 08:34 - 2012-07-19 08:32 - 00017920 __ASH C:\Users\Yumi\Desktop\Thumbs.db

2012-07-17 15:33 - 2012-07-17 15:33 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-17 15:32 - 2012-07-17 15:32 - 16814136 ____A (Mozilla) C:\Users\Yumi\Downloads\Firefox Setup 14.0.1.exe

2012-07-17 12:36 - 2012-07-17 12:30 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

2012-07-17 12:35 - 2012-07-17 12:34 - 00005152 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-07-17 09:15 - 2012-07-17 09:15 - 00191488 ____A C:\Users\Yumi\Downloads\07-16-2012 Canadian Invoice.xls

2012-07-16 11:51 - 2012-07-16 11:51 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice (1).xls

2012-07-16 11:23 - 2012-07-16 11:23 - 00021514 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342452164_68.tif

2012-07-16 09:22 - 2012-07-16 09:22 - 00014128 ____A C:\Users\Yumi\Downloads\AR Aging Summary (31).xlsx

2012-07-16 08:33 - 2012-07-16 08:33 - 00034068 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342439542_50.tif

2012-07-13 17:32 - 2012-07-13 17:32 - 00000000 ____A C:\Users\Yumi\Downloads\07-13-2012 Packing Slip (5).pdf.crdownload

2012-07-13 17:30 - 2012-07-13 17:30 - 00191488 ____A C:\Users\Yumi\Downloads\07-13-2012 Canadian Invoice.xls

2012-07-13 16:39 - 2012-07-13 16:39 - 00053955 ____A C:\Users\Yumi\Downloads\VOICE_20120713_1342211934_35.gsm

2012-07-13 16:37 - 2012-07-13 16:37 - 00015468 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342211834_44.tif

2012-07-13 15:45 - 2012-07-13 15:45 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (2).xls

2012-07-13 15:01 - 2012-07-13 15:01 - 00016064 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342206053_73.tif

2012-07-13 12:29 - 2012-07-13 12:29 - 00030934 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342196932_32.tif

2012-07-13 10:40 - 2012-07-13 10:40 - 00008758 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342190309_56.tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68.tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (5).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (4).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (3).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (2).tif

2012-07-13 08:37 - 2012-07-13 08:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (1).tif

2012-07-12 16:45 - 2010-11-04 10:10 - 00002178 ____A C:\Users\Yumi\Sti_Trace.log

2012-07-12 12:13 - 2012-04-18 10:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-12 12:13 - 2012-01-20 09:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-12 11:03 - 2012-07-12 11:03 - 00189952 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (1).xls

2012-07-12 08:36 - 2009-07-14 00:45 - 00450264 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 17:32 - 2010-11-08 09:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-11 17:12 - 2012-07-11 17:12 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice.xls

2012-07-11 14:08 - 2012-07-11 14:08 - 00015946 ____A C:\Users\Yumi\Downloads\FAX_20120711_1342027030_94.tif

2012-07-10 11:37 - 2012-07-10 11:37 - 00024790 ____A C:\Users\Yumi\Downloads\FAX_20120710_1341934528_34.tif

2012-07-09 15:46 - 2012-07-09 15:46 - 00008822 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341862824_30.tif

2012-07-09 14:34 - 2012-07-09 14:34 - 00011346 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341858809_69.tif

2012-07-09 08:46 - 2012-07-09 08:46 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (30).xlsx

2012-07-09 08:45 - 2012-07-09 08:45 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (29).xlsx

2012-07-06 12:34 - 2012-07-06 12:34 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice.xls

2012-07-05 17:21 - 2012-07-05 17:21 - 00027320 ____A C:\Users\Yumi\Downloads\FAX_20120705_1341522679_62.tif

2012-07-03 13:46 - 2012-07-20 09:10 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 08:33 - 2012-07-03 08:32 - 00028496 ____A C:\Users\Yumi\Downloads\FAX_20120702_1341267741_48.tif

2012-07-02 16:38 - 2012-07-02 16:38 - 00148992 ____A C:\Users\Yumi\Downloads\Quote Sheet.xls

2012-07-02 11:58 - 2012-07-02 11:58 - 00014464 ____A C:\Users\Yumi\Downloads\AR Aging Summary (28).xlsx

2012-07-02 09:51 - 2012-07-02 09:51 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (2).xls

2012-06-29 11:47 - 2012-06-29 11:47 - 00043455 ____A C:\Users\Yumi\Downloads\Italian Wenge Inventory.xlsx

2012-06-29 11:19 - 2012-06-29 11:19 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (2).xls

2012-06-29 11:03 - 2012-06-29 11:03 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (1).xls

2012-06-29 09:31 - 2012-06-29 09:31 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice.xls

2012-06-29 08:44 - 2012-06-29 08:44 - 00016424 ____A C:\Users\Yumi\Downloads\FAX_20120629_1340973699_44.tif

2012-06-27 16:46 - 2012-06-27 16:46 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (1).xls

2012-06-27 16:45 - 2012-06-27 16:45 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice.xls

2012-06-27 15:53 - 2012-06-27 15:53 - 00011926 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340826708_93.tif

2012-06-27 14:14 - 2012-06-27 14:14 - 00026042 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340818459_33.tif

2012-06-27 11:07 - 2012-06-27 11:07 - 00018314 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340809412_72.tif

2012-06-26 12:38 - 2012-06-26 12:38 - 00048640 ____A C:\Users\Yumi\Downloads\6_26 Orlando, FL.xls

2012-06-26 11:45 - 2012-06-26 11:45 - 00012592 ____A C:\Users\Yumi\Downloads\FAX_20120626_1340725381_24.tif

2012-06-26 08:30 - 2012-06-26 08:30 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32 (1).tif

2012-06-26 08:29 - 2012-06-26 08:28 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32.tif

2012-06-25 14:40 - 2012-06-25 14:40 - 00007474 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340649565_39.tif

2012-06-25 08:42 - 2012-06-25 08:42 - 00014434 ____A C:\Users\Yumi\Downloads\AR Aging Summary (27).xlsx

2012-06-21 09:33 - 2012-06-21 09:33 - 00001071 ____A C:\Users\Yumi\Downloads\Documents - Shortcut.lnk

2012-06-20 16:51 - 2012-06-20 16:51 - 00014066 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340225230_67.tif

2012-06-20 16:30 - 2012-06-20 16:30 - 00015420 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340224088_72.tif

2012-06-20 16:02 - 2012-06-20 16:02 - 00017608 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340222448_73.tif

2012-06-20 14:54 - 2012-06-20 14:54 - 00017550 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340218409_76.tif

2012-06-20 12:56 - 2012-04-12 17:21 - 00002701 ____A C:\Users\Yumi\Desktop\dackor stock inventory - Shortcut.lnk

2012-06-20 11:33 - 2012-06-20 11:33 - 00016778 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340206319_35.tif

2012-06-20 11:23 - 2012-06-20 11:23 - 00026624 ____A C:\Users\Yumi\Downloads\June 2012.xls

2012-06-20 11:02 - 2012-06-20 11:02 - 00016896 ____A C:\Users\Yumi\Downloads\Copy of Pat Benefits Report (1).xls

2012-06-20 10:15 - 2012-06-20 10:15 - 00840704 ____A C:\Users\Yumi\Downloads\DAKOR FOIL DAMAGE.xls

2012-06-20 09:56 - 2010-08-19 02:05 - 00113801 ____A C:\Windows\DirectX.log

2012-06-19 15:31 - 2012-06-19 15:31 - 00015952 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340134153_56.tif

2012-06-19 15:28 - 2012-06-19 15:28 - 00008974 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340133992_85.tif

2012-06-19 14:37 - 2012-06-19 14:37 - 00016668 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340127325_85.tif

2012-06-19 10:37 - 2012-06-19 10:37 - 00194048 ____A C:\Users\Yumi\Downloads\06-18-2012 Canadian Invoice (1).xls

2012-06-19 09:46 - 2012-06-19 09:46 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice (3).xls

2012-06-19 09:07 - 2012-06-19 09:07 - 00014704 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340110946_94 (1).tif

2012-06-19 09:04 - 2012-06-19 09:04 - 00014704 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340110946_94.tif

2012-06-18 14:30 - 2012-06-18 14:30 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice (2).xls

2012-06-18 14:04 - 2012-06-18 14:04 - 00027372 ____A C:\Users\Yumi\Downloads\FAX_20120618_1340040011_55.tif

2012-06-18 08:47 - 2012-06-18 08:47 - 00014569 ____A C:\Users\Yumi\Downloads\AR Aging Summary (26).xlsx

2012-06-15 17:08 - 2012-06-15 17:08 - 00194048 ____A C:\Users\Yumi\Downloads\06-18-2012 Canadian Invoice.xls

2012-06-14 16:45 - 2012-06-14 16:45 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice (1).xls

2012-06-14 16:38 - 2012-06-14 16:38 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice.xls

2012-06-14 15:37 - 2012-06-14 15:37 - 00041088 ____A C:\Users\Yumi\Downloads\FAX_20120614_1339702527_76.tif

2012-06-14 14:08 - 2012-06-14 14:08 - 00008217 ____A C:\Users\Yumi\Downloads\VOICE_20120614_1339696756_39.gsm

2012-06-14 12:50 - 2012-06-14 12:50 - 00009446 ____A C:\Users\Yumi\Downloads\FAX_20120614_1339690200_26.tif

2012-06-14 12:40 - 2012-06-14 12:40 - 00021800 ____A C:\Users\Yumi\Downloads\FAX_20120614_1339685209_56.tif

2012-06-13 17:04 - 2012-06-13 17:04 - 00018974 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339621222_38.tif

2012-06-13 15:58 - 2012-06-13 15:58 - 00036834 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339615519_80 (1).tif

2012-06-13 15:30 - 2012-06-13 15:30 - 00036834 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339615519_80.tif

2012-06-13 09:49 - 2012-06-13 09:49 - 00047800 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339587885_82.tif

2012-06-12 15:38 - 2012-06-12 15:38 - 00189952 ____A C:\Users\Yumi\Downloads\06-11-2012 Canadian Invoice (1).xls

2012-06-12 08:29 - 2012-06-12 08:29 - 00027086 ____A C:\Users\Yumi\Downloads\FAX_20120611_1339455112_42 (1).tif

2012-06-12 08:28 - 2012-06-12 08:28 - 00027086 ____A C:\Users\Yumi\Downloads\FAX_20120611_1339455112_42.tif

2012-06-11 23:08 - 2012-07-11 17:35 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-11 14:13 - 2012-06-11 14:13 - 00014521 ____A C:\Users\Yumi\Downloads\AR Aging Summary (25).xlsx

2012-06-11 08:44 - 2012-06-11 08:44 - 00022716 ____A C:\Users\Yumi\Downloads\FAX_20120609_1339217964_76.tif

2012-06-11 08:34 - 2012-06-11 08:34 - 00016074 ____A C:\Users\Yumi\Downloads\FAX_20120608_1339196306_91.tif

2012-06-09 01:43 - 2012-07-11 08:38 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-09 00:41 - 2012-07-11 08:38 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 17:21 - 2012-06-08 17:21 - 00189952 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice (3).xls

2012-06-08 17:09 - 2012-06-08 17:09 - 00194048 ____A C:\Users\Yumi\Downloads\06-06-2012 Canadian Invoice (1).xls

2012-06-08 16:35 - 2012-06-08 16:35 - 00190464 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice (2).xls

2012-06-08 16:17 - 2012-06-08 16:17 - 00189952 ____A C:\Users\Yumi\Downloads\06-11-2012 Canadian Invoice.xls

2012-06-07 17:18 - 2012-06-07 17:18 - 00035470 ____A C:\Users\Yumi\Downloads\FAX_20120607_1339103445_87.tif

2012-06-07 12:12 - 2012-06-07 12:12 - 00195072 ____A C:\Users\Yumi\Downloads\06-05-2012 Canadian Invoice (2).xls

2012-06-07 10:09 - 2012-06-07 10:09 - 00189952 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice (1).xls

2012-06-07 09:54 - 2012-06-07 09:54 - 00189952 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice.xls

2012-06-06 16:32 - 2012-06-06 16:32 - 00012290 ____A C:\Users\Yumi\Downloads\FAX_20120606_1339014615_77.tif

2012-06-06 12:48 - 2012-06-06 12:48 - 00018018 ____A C:\Users\Yumi\Downloads\FAX_20120606_1339001256_24.tif

2012-06-06 09:11 - 2012-06-06 09:11 - 00194048 ____A C:\Users\Yumi\Downloads\06-06-2012 Canadian Invoice.xls

2012-06-06 02:06 - 2012-07-11 08:38 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 02:06 - 2012-07-11 08:38 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 02:02 - 2012-07-11 08:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 01:05 - 2012-07-11 08:38 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 01:05 - 2012-07-11 08:38 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 01:03 - 2012-07-11 08:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 16:42 - 2012-06-05 16:42 - 00189952 ____A C:\Users\Yumi\Downloads\05-31-2012 Canadian Invoice (2).xls

2012-06-05 12:38 - 2011-02-03 16:42 - 00001011 ____A C:\Users\Yumi\Desktop\Dropbox.lnk

2012-06-05 10:38 - 2012-06-05 10:38 - 00194048 ____A C:\Users\Yumi\Downloads\06-05-2012 Canadian Invoice (1).xls

2012-06-05 10:37 - 2012-06-05 10:37 - 00194048 ____A C:\Users\Yumi\Downloads\06-05-2012 Canadian Invoice.xls

2012-06-04 11:16 - 2012-06-04 11:16 - 00015912 ____A C:\Users\Yumi\Downloads\FAX_20120604_1338822858_62.tif

2012-06-04 11:06 - 2012-06-04 11:06 - 00009222 ____A C:\Users\Yumi\Downloads\FAX_20120604_1338822362_30.tif

2012-06-04 10:49 - 2012-06-04 10:49 - 00026546 ____A C:\Users\Yumi\Downloads\FAX_20120604_1338821335_25.tif

2012-06-04 08:41 - 2012-06-04 08:41 - 00014363 ____A C:\Users\Yumi\Downloads\AR Aging Summary (24).xlsx

2012-06-02 18:19 - 2012-06-21 08:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 18:19 - 2012-06-21 08:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 18:19 - 2012-06-21 08:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 18:19 - 2012-06-21 08:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 18:19 - 2012-06-21 08:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 18:15 - 2012-06-21 08:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 18:15 - 2012-06-21 08:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 15:19 - 2012-06-21 08:34 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 15:15 - 2012-06-21 08:34 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:50 - 2012-07-11 08:38 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 01:48 - 2012-07-11 08:38 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 01:48 - 2012-07-11 08:38 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 01:45 - 2012-07-11 08:38 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 01:44 - 2012-07-11 08:38 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-02 00:40 - 2012-07-11 08:38 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-02 00:40 - 2012-07-11 08:38 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-02 00:39 - 2012-07-11 08:38 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-02 00:34 - 2012-07-11 08:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 17:16 - 2012-06-01 17:16 - 00082514 ____A C:\Users\Yumi\Downloads\FAX_20120601_1338585337_28.tif

2012-06-01 16:09 - 2012-06-01 16:09 - 00037880 ____A C:\Users\Yumi\Downloads\FAX_20120601_1338581324_31.tif

2012-06-01 09:19 - 2012-06-01 09:19 - 00016428 ____A C:\Users\Yumi\Downloads\FAX_20120601_1338556292_84.tif

2012-05-31 14:02 - 2012-05-31 14:02 - 00015878 ____A C:\Users\Yumi\Downloads\FAX_20120531_1338486434_65.tif

2012-05-31 12:25 - 2010-10-30 08:19 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-31 11:49 - 2012-05-31 11:49 - 00194048 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (6).xls

2012-05-31 11:48 - 2012-05-31 11:48 - 00194048 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (5).xls

2012-05-31 10:30 - 2012-05-31 10:30 - 00189952 ____A C:\Users\Yumi\Downloads\05-31-2012 Canadian Invoice (1).xls

2012-05-31 09:20 - 2012-05-31 09:20 - 00191488 ____A C:\Users\Yumi\Downloads\05-31-2012 Canadian Invoice.xls

2012-05-30 16:33 - 2012-05-30 16:33 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (5).xls

2012-05-30 15:57 - 2012-05-30 15:57 - 00193536 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (4).xls

2012-05-30 15:09 - 2012-05-30 15:09 - 00190976 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice (3).xls

2012-05-30 15:08 - 2012-05-30 15:08 - 00190976 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice (2).xls

2012-05-30 12:54 - 2012-05-30 12:54 - 00013378 ____A C:\Users\Yumi\Downloads\FAX_20120530_1338396846_79.tif

2012-05-30 12:54 - 2012-05-30 12:54 - 00013378 ____A C:\Users\Yumi\Downloads\FAX_20120530_1338396846_79 (1).tif

2012-05-30 11:13 - 2012-05-30 11:13 - 00195072 ____A C:\Users\Yumi\Downloads\05-30-2012 Canadian Invoice (2).xls

2012-05-30 10:38 - 2012-05-30 10:38 - 00195072 ____A C:\Users\Yumi\Downloads\05-30-2012 Canadian Invoice (1).xls

2012-05-30 10:07 - 2012-05-30 10:07 - 00190976 ____A C:\Users\Yumi\Downloads\05-30-2012 Canadian Invoice.xls

2012-05-29 14:31 - 2012-05-29 14:31 - 00190464 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (3).xls

2012-05-29 12:48 - 2012-05-29 12:48 - 00014892 ____A C:\Users\Yumi\Downloads\FAX_20120529_1338310102_75.tif

2012-05-29 12:12 - 2012-05-29 12:12 - 00038360 ____A C:\Users\Yumi\Downloads\FAX_20120529_1338307933_65.tif

2012-05-29 11:48 - 2012-05-29 11:48 - 00194048 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (2).xls

2012-05-29 10:59 - 2012-05-29 10:59 - 00190464 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (1).xls

2012-05-29 10:34 - 2012-05-29 10:34 - 00193536 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice.xls

2012-05-29 09:39 - 2012-05-29 09:39 - 00010500 ____A C:\Users\Yumi\Downloads\FAX_20120529_1338298375_87.tif

2012-05-29 09:36 - 2012-05-29 09:36 - 00036828 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337887996_78 (1).tif

2012-05-29 09:36 - 2012-05-29 09:36 - 00035920 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337879243_31 (1).tif

2012-05-29 08:47 - 2012-05-29 08:47 - 00013697 ____A C:\Users\Yumi\Downloads\AR Aging Summary (23).xlsx

2012-05-25 17:37 - 2012-05-25 17:37 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (4).xls

2012-05-25 11:37 - 2012-05-25 11:37 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (3).xls

2012-05-25 11:35 - 2012-05-25 11:35 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (2).xls

2012-05-25 11:30 - 2012-05-25 11:30 - 00193536 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (1).xls

2012-05-25 10:46 - 2012-05-25 10:46 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice.xls

2012-05-24 15:55 - 2012-05-24 15:55 - 00012638 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337889261_37.tif

2012-05-24 15:33 - 2012-05-24 15:33 - 00036828 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337887996_78.tif

2012-05-24 13:08 - 2012-05-24 13:08 - 00035920 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337879243_31.tif

2012-05-23 16:13 - 2012-05-23 16:13 - 00190976 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice (1).xls

2012-05-23 15:35 - 2012-05-23 15:35 - 00022742 ____A C:\Users\Yumi\Downloads\1669437242.tif

2012-05-23 15:35 - 2012-05-23 15:35 - 00021520 ____A C:\Users\Yumi\Downloads\205641437.tif

2012-05-23 14:56 - 2012-05-23 14:56 - 00189952 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice.xls

2012-05-23 14:03 - 2012-05-23 14:03 - 00024816 ____A C:\Users\Yumi\Downloads\FAX_20120523_1337794800_49.tif

2012-05-22 15:32 - 2012-05-22 15:32 - 00189952 ____A C:\Users\Yumi\Downloads\05-22-2012 Canadian Invoice.xls

2012-05-22 09:12 - 2012-05-22 09:12 - 00018004 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337692319_63.tif

2012-05-22 08:59 - 2012-05-22 08:59 - 00009682 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337691358_70.tif

2012-05-22 08:31 - 2012-05-22 08:31 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84 (3).tif

2012-05-22 08:31 - 2012-05-22 08:31 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84 (2).tif

2012-05-22 08:31 - 2012-05-22 08:31 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84 (1).tif

2012-05-22 08:30 - 2012-05-22 08:30 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84.tif

2012-05-21 14:16 - 2012-05-21 14:16 - 00013967 ____A C:\Users\Yumi\Downloads\AR Aging Summary (22).xlsx

2012-05-21 09:37 - 2012-05-21 09:37 - 00009298 ____A C:\Users\Yumi\Downloads\FAX_20120521_1337607224_91 (1).tif

2012-05-21 09:34 - 2012-05-21 09:34 - 00009298 ____A C:\Users\Yumi\Downloads\FAX_20120521_1337607224_91.tif

2012-05-18 11:40 - 2012-05-18 11:40 - 00189952 ____A C:\Users\Yumi\Downloads\05-18-2012 Canadian Invoice (1).xls

2012-05-18 09:36 - 2012-05-18 09:36 - 00189952 ____A C:\Users\Yumi\Downloads\05-18-2012 Canadian Invoice.xls

2012-05-17 15:26 - 2012-05-17 15:26 - 00015370 ____A C:\Users\Yumi\Downloads\FAX_20120517_1337282449_44.tif

2012-05-17 10:36 - 2012-05-17 10:36 - 00190976 ____A C:\Users\Yumi\Downloads\05-17-2012 Canadian Invoice.xls

2012-05-16 15:02 - 2012-05-16 15:02 - 00015689 ____A C:\Users\Yumi\Downloads\Inventory.xlsx

2012-05-15 00:01 - 2012-06-13 15:29 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-14 23:59 - 2012-06-13 15:29 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-14 23:03 - 2012-06-13 15:29 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-14 23:00 - 2012-06-13 15:29 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-14 16:21 - 2012-05-14 16:21 - 00015560 ____A C:\Users\Yumi\Downloads\FAX_20120514_1337026400_27.tif

2012-05-14 15:46 - 2012-05-14 15:46 - 00013962 ____A C:\Users\Yumi\Downloads\AR Aging Summary (21).xlsx

2012-05-14 14:57 - 2012-05-14 14:57 - 00009966 ____A C:\Users\Yumi\Downloads\FAX_20120514_1337021800_24.tif

2012-05-14 08:54 - 2012-05-14 08:54 - 00042630 ____A C:\Users\Yumi\Downloads\FAX_20120514_1337000053_59.tif

2012-05-11 11:33 - 2012-05-11 11:33 - 00190464 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice.xls

2012-05-09 17:23 - 2012-05-09 17:23 - 00193536 ____A C:\Users\Yumi\Downloads\05-08-2012 Canadian Invoice (2).xls

2012-05-09 14:51 - 2012-05-09 14:51 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Cordoba Pine) (2).xls

2012-05-09 14:50 - 2012-05-09 14:50 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Exact Match Hardrock Maple).xls

2012-05-09 14:50 - 2012-05-09 14:50 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Cordoba Pine) (1).xls

2012-05-09 14:49 - 2012-05-09 14:49 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Cordoba Pine).xls

2012-05-08 10:48 - 2012-05-08 10:48 - 00012083 ____A C:\Users\Yumi\Downloads\Dackor 3DL Update April 2012.xlsx

2012-05-08 10:47 - 2012-05-08 10:47 - 00193536 ____A C:\Users\Yumi\Downloads\05-08-2012 Canadian Invoice (1).xls

2012-05-08 10:46 - 2012-05-08 10:46 - 00193536 ____A C:\Users\Yumi\Downloads\05-08-2012 Canadian Invoice.xls

2012-05-07 17:40 - 2012-05-07 17:40 - 00013879 ____A C:\Users\Yumi\Downloads\AR Aging Summary (20).xlsx

2012-05-07 15:14 - 2012-05-07 15:14 - 00147675 ____A C:\Users\Yumi\Downloads\VOICE_20120507_1336418008_67.gsm

2012-05-07 15:06 - 2012-05-07 15:06 - 00190464 ____A C:\Users\Yumi\Downloads\PO #28459 Canadian Invoice (1).xls

2012-05-07 12:36 - 2012-05-07 12:36 - 00189952 ____A C:\Users\Yumi\Downloads\05-03-2012 Canadian Invoice (2).xls

2012-05-04 10:21 - 2012-05-04 10:21 - 00190464 ____A C:\Users\Yumi\Downloads\PO #28459 Canadian Invoice.xls

2012-05-04 07:06 - 2012-06-13 15:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 06:03 - 2012-06-13 15:29 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 06:03 - 2012-06-13 15:29 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-03 11:07 - 2012-05-03 11:07 - 00189952 ____A C:\Users\Yumi\Downloads\05-03-2012 Canadian Invoice.xls

2012-05-03 11:07 - 2012-05-03 11:07 - 00189952 ____A C:\Users\Yumi\Downloads\05-03-2012 Canadian Invoice (1).xls

2012-05-02 12:32 - 2012-05-02 12:32 - 00190976 ____A C:\Users\Yumi\Downloads\05-02-2012 Canadian Invoice (1).xls

2012-05-02 12:24 - 2012-05-02 12:24 - 00190976 ____A C:\Users\Yumi\Downloads\05-02-2012 Canadian Invoice.xls

2012-05-01 01:40 - 2012-06-13 15:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-30 12:24 - 2012-04-30 12:24 - 00014012 ____A C:\Users\Yumi\Downloads\AR Aging Summary (19).xlsx

2012-04-30 10:14 - 2012-04-30 10:14 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (4).xls

2012-04-30 10:06 - 2012-04-30 10:06 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (3).xls

2012-04-27 23:55 - 2012-06-13 15:28 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-27 11:07 - 2012-04-27 11:07 - 00193536 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (2).xls

2012-04-26 14:06 - 2012-04-26 14:06 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice.xls

2012-04-26 14:06 - 2012-04-26 14:06 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (1).xls

2012-04-26 01:41 - 2012-06-13 15:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-26 01:41 - 2012-06-13 15:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-26 01:34 - 2012-06-13 15:29 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

ZeroAccess:

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L\00000004.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L\1afb2d56

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L\201d3dde

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\00000004.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\00000008.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\000000cb.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\80000000.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\80000032.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 48%

Total physical RAM: 2810.9 MB

Available physical RAM: 1442.45 MB

Total Pagefile: 5619.99 MB

Available Pagefile: 3877.94 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.59 GB) (Free:236.24 GB) NTFS

2 Drive d: () (Removable) (Total:3.75 GB) (Free:3.42 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 1024 KB

Disk 1 Online 3843 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 9 GB 1024 KB

Partition 2 Primary 100 MB 9 GB

Partition 3 Primary 288 GB 9 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 Recovery NTFS Partition 9 GB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 288 GB Healthy Boot

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3839 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 D FAT32 Removable 3839 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 13:53

======================= End Of Log ==========================

Services.exe Report:

Farbar Recovery Scan Tool Version: 24-07-2012

Ran by Yumi at 2012-07-24 14:44:23

Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 19:19] - [2009-07-13 21:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Link to post
Share on other sites

Thanks, it took a while but it worked! Anyway, here are the reports:

FRST.exe:

Scan result of Farbar Recovery Scan Tool Version: 24-07-2012

Ran by SYSTEM at 24-07-2012 15:27:43

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1424896 2006-03-21] (CANON INC.)

HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [89080 2010-07-15] (Sony Electronics Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)

HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1439496 2010-10-19] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [155648 2003-09-29] (Scansoft, Inc.)

HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [69632 2006-03-21] (ScanSoft, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Users\Yumi\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-11-18] (McAfee, Inc.)

4 QuickBooksDB20; C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [678912 2009-08-17] (Intuit, Inc.)

2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=2000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=inteldata" [252416 2010-05-25] (Sony Corporation)

3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe" [302448 2010-02-08] (Sony Corporation)

3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2010-04-08] (Sony Corporation)

2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)

2 IAStorDataMgrSvc; [x]

2 MSSQL$DDNI; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-24 10:21 - 2012-07-24 10:41 - 00000000 ____D C:\FRST

2012-07-24 10:05 - 2012-07-24 10:05 - 00001769 ____A C:\Users\Yumi\Desktop\RKreport[1].txt

2012-07-24 10:05 - 2012-07-24 10:05 - 00000000 ____D C:\Users\Yumi\Desktop\RK_Quarantine

2012-07-24 08:25 - 2012-07-24 08:25 - 00013480 ____A C:\Users\Yumi\Desktop\Attach.txt

2012-07-24 08:24 - 2012-07-24 08:24 - 00021300 ____A C:\Users\Yumi\Desktop\DDS.txt

2012-07-24 05:20 - 2012-07-24 05:20 - 00000000 ___AH C:\Users\Yumi\Documents\Default.rdp

2012-07-24 05:07 - 2012-07-24 05:07 - 00000020 ___SH C:\Users\QBDataServiceUser20\ntuser.ini

2012-07-24 05:07 - 2012-07-24 05:07 - 00000000 ____D C:\users\QBDataServiceUser20

2012-07-24 05:07 - 2011-11-15 14:36 - 00000000 ____D C:\Users\QBDataServiceUser20\AppData\Local\Microsoft Help

2012-07-24 05:07 - 2010-08-18 21:29 - 00000000 ____D C:\Users\QBDataServiceUser20\AppData\Roaming\Macromedia

2012-07-23 04:28 - 2012-07-23 04:28 - 00000000 __SHD C:\found.000

2012-07-20 05:10 - 2012-07-20 05:10 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-20 05:10 - 2012-07-20 05:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-20 05:10 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-19 12:26 - 2012-07-19 12:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.194C83E476DD5A74

2012-07-19 04:32 - 2012-07-19 04:34 - 00017920 __ASH C:\Users\Yumi\Desktop\Thumbs.db

2012-07-17 11:34 - 2012-07-17 11:34 - 00000000 ____D C:\Users\Yumi\AppData\Local\Macromedia

2012-07-17 11:33 - 2012-07-17 11:33 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Users\Yumi\AppData\Local\Mozilla

2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Users\All Users\Mozilla

2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-07-17 11:32 - 2012-07-17 11:32 - 16814136 ____A (Mozilla) C:\Users\Yumi\Downloads\Firefox Setup 14.0.1.exe

2012-07-17 08:34 - 2012-07-17 08:35 - 00005152 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-07-17 08:30 - 2012-07-17 08:36 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

2012-07-17 08:30 - 2012-07-17 08:30 - 00000000 ____D C:\Reg_Backup

2012-07-17 08:28 - 2012-07-17 08:28 - 00000000 ____D C:\Users\Yumi\Documents\tweaking.com_windows_repair_aio[1]

2012-07-17 06:51 - 2012-07-17 07:53 - 00000000 ____D C:\Users\Yumi\AppData\Local\Deployment

2012-07-17 06:51 - 2012-07-17 06:51 - 00000000 ____D C:\Users\Yumi\AppData\Local\Apps\2.0

2012-07-17 06:20 - 2012-07-17 11:33 - 00000000 ____D C:\Users\Yumi\AppData\Roaming\Mozilla

2012-07-17 06:20 - 2012-07-17 06:47 - 00000000 ____D C:\Users\All Users\WeCareReminder

2012-07-17 05:46 - 2012-07-17 05:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-17 05:35 - 2012-07-19 09:14 - 00000000 ____D C:\Users\All Users\0C1D173D000A5C5400091427F875F002

2012-07-17 05:15 - 2012-07-17 05:15 - 00191488 ____A C:\Users\Yumi\Downloads\07-16-2012 Canadian Invoice.xls

2012-07-16 07:51 - 2012-07-16 07:51 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice (1).xls

2012-07-16 07:23 - 2012-07-16 07:23 - 00021514 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342452164_68.tif

2012-07-16 05:22 - 2012-07-16 05:22 - 00014128 ____A C:\Users\Yumi\Downloads\AR Aging Summary (31).xlsx

2012-07-16 04:33 - 2012-07-16 04:33 - 00034068 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342439542_50.tif

2012-07-13 13:32 - 2012-07-13 13:32 - 00000000 ____A C:\Users\Yumi\Downloads\07-13-2012 Packing Slip (5).pdf.crdownload

2012-07-13 13:30 - 2012-07-13 13:30 - 00191488 ____A C:\Users\Yumi\Downloads\07-13-2012 Canadian Invoice.xls

2012-07-13 12:39 - 2012-07-13 12:39 - 00053955 ____A C:\Users\Yumi\Downloads\VOICE_20120713_1342211934_35.gsm

2012-07-13 12:37 - 2012-07-13 12:37 - 00015468 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342211834_44.tif

2012-07-13 11:45 - 2012-07-13 11:45 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (2).xls

2012-07-13 11:01 - 2012-07-13 11:01 - 00016064 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342206053_73.tif

2012-07-13 08:29 - 2012-07-13 08:29 - 00030934 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342196932_32.tif

2012-07-13 06:40 - 2012-07-13 06:40 - 00008758 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342190309_56.tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68.tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (5).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (4).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (3).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (2).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (1).tif

2012-07-12 07:03 - 2012-07-12 07:03 - 00189952 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (1).xls

2012-07-11 13:35 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 13:12 - 2012-07-11 13:12 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice.xls

2012-07-11 10:08 - 2012-07-11 10:08 - 00015946 ____A C:\Users\Yumi\Downloads\FAX_20120711_1342027030_94.tif

2012-07-11 04:38 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 04:38 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 04:38 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 04:38 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 04:38 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 04:38 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 04:38 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 04:38 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-11 04:38 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 04:38 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 04:38 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 04:38 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 04:38 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 04:38 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 04:38 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 04:38 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 04:38 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-11 04:38 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 04:38 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-10 07:37 - 2012-07-10 07:37 - 00024790 ____A C:\Users\Yumi\Downloads\FAX_20120710_1341934528_34.tif

2012-07-09 11:46 - 2012-07-09 11:46 - 00008822 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341862824_30.tif

2012-07-09 10:34 - 2012-07-09 10:34 - 00011346 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341858809_69.tif

2012-07-09 04:46 - 2012-07-09 04:46 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (30).xlsx

2012-07-09 04:45 - 2012-07-09 04:45 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (29).xlsx

2012-07-06 08:34 - 2012-07-06 08:34 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice.xls

2012-07-05 13:21 - 2012-07-05 13:21 - 00027320 ____A C:\Users\Yumi\Downloads\FAX_20120705_1341522679_62.tif

2012-07-03 11:47 - 2012-07-03 11:47 - 00000000 ____D C:\Users\Yumi\AppData\Local\{EB852CEC-AF86-4DDB-BFDC-A6352CEE6402}

2012-07-03 11:47 - 2012-07-03 11:47 - 00000000 ____D C:\Users\Yumi\AppData\Local\{3C712FD6-C98D-44FF-8CFD-DD1D686239B3}

2012-07-03 04:32 - 2012-07-03 04:33 - 00028496 ____A C:\Users\Yumi\Downloads\FAX_20120702_1341267741_48.tif

2012-07-02 12:38 - 2012-07-02 12:38 - 00148992 ____A C:\Users\Yumi\Downloads\Quote Sheet.xls

2012-07-02 07:58 - 2012-07-02 07:58 - 00014464 ____A C:\Users\Yumi\Downloads\AR Aging Summary (28).xlsx

2012-07-02 05:51 - 2012-07-02 05:51 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (2).xls

2012-06-29 08:20 - 2012-06-29 08:20 - 00000000 ____D C:\Users\Yumi\AppData\Local\{8C2E87FE-B09A-4B5D-A714-9EA82FF71145}

2012-06-29 08:20 - 2012-06-29 08:20 - 00000000 ____D C:\Users\Yumi\AppData\Local\{1419143B-9D4E-4E5E-B04F-A879DD0C1410}

2012-06-29 07:47 - 2012-06-29 07:47 - 00043455 ____A C:\Users\Yumi\Downloads\Italian Wenge Inventory.xlsx

2012-06-29 07:19 - 2012-06-29 07:19 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (2).xls

2012-06-29 07:03 - 2012-06-29 07:03 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (1).xls

2012-06-29 05:31 - 2012-06-29 05:31 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice.xls

2012-06-29 04:44 - 2012-06-29 04:44 - 00016424 ____A C:\Users\Yumi\Downloads\FAX_20120629_1340973699_44.tif

2012-06-27 12:46 - 2012-06-27 12:46 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (1).xls

2012-06-27 12:45 - 2012-06-27 12:45 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice.xls

2012-06-27 11:53 - 2012-06-27 11:53 - 00011926 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340826708_93.tif

2012-06-27 10:14 - 2012-06-27 10:14 - 00026042 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340818459_33.tif

2012-06-27 07:07 - 2012-06-27 07:07 - 00018314 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340809412_72.tif

2012-06-26 08:38 - 2012-06-26 08:38 - 00048640 ____A C:\Users\Yumi\Downloads\6_26 Orlando, FL.xls

2012-06-26 07:45 - 2012-06-26 07:45 - 00012592 ____A C:\Users\Yumi\Downloads\FAX_20120626_1340725381_24.tif

2012-06-26 04:30 - 2012-06-26 04:30 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32 (1).tif

2012-06-26 04:28 - 2012-06-26 04:29 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32.tif

2012-06-25 10:40 - 2012-06-25 10:40 - 00007474 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340649565_39.tif

2012-06-25 10:40 - 2012-06-25 10:40 - 00000000 ____D C:\Users\Yumi\AppData\Local\{2BE283D9-ACF2-4122-8156-6E9897DC956D}

2012-06-25 04:42 - 2012-06-25 04:42 - 00014434 ____A C:\Users\Yumi\Downloads\AR Aging Summary (27).xlsx

============ 3 Months Modified Files ========================

2012-07-24 11:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-24 11:23 - 2009-07-13 20:51 - 00075990 ____A C:\Windows\setupact.log

2012-07-24 11:13 - 2012-04-18 06:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-24 10:47 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-24 10:47 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-24 10:40 - 2010-09-03 15:48 - 02054036 ____A C:\Windows\WindowsUpdate.log

2012-07-24 10:05 - 2012-07-24 10:05 - 00001769 ____A C:\Users\Yumi\Desktop\RKreport[1].txt

2012-07-24 08:25 - 2012-07-24 08:25 - 00013480 ____A C:\Users\Yumi\Desktop\Attach.txt

2012-07-24 08:24 - 2012-07-24 08:24 - 00021300 ____A C:\Users\Yumi\Desktop\DDS.txt

2012-07-24 05:28 - 2012-02-16 11:19 - 00001372 ____A C:\Users\Public\Desktop\QB Connection Diagnostic Tool.lnk

2012-07-24 05:20 - 2012-07-24 05:20 - 00000000 ___AH C:\Users\Yumi\Documents\Default.rdp

2012-07-24 05:07 - 2012-07-24 05:07 - 00000020 ___SH C:\Users\QBDataServiceUser20\ntuser.ini

2012-07-23 09:23 - 2009-07-13 21:13 - 00004978 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-23 07:44 - 2011-03-07 05:27 - 00019475 ____A C:\Users\Yumi\Desktop\AR Aging Summary.xlsx

2012-07-23 04:30 - 2010-08-18 21:58 - 00358832 ____A C:\Windows\PFRO.log

2012-07-20 05:10 - 2012-07-20 05:10 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-19 12:26 - 2012-07-19 12:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.194C83E476DD5A74

2012-07-19 04:34 - 2012-07-19 04:32 - 00017920 __ASH C:\Users\Yumi\Desktop\Thumbs.db

2012-07-17 11:33 - 2012-07-17 11:33 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-17 11:32 - 2012-07-17 11:32 - 16814136 ____A (Mozilla) C:\Users\Yumi\Downloads\Firefox Setup 14.0.1.exe

2012-07-17 08:36 - 2012-07-17 08:30 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

2012-07-17 08:35 - 2012-07-17 08:34 - 00005152 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-07-17 05:15 - 2012-07-17 05:15 - 00191488 ____A C:\Users\Yumi\Downloads\07-16-2012 Canadian Invoice.xls

2012-07-16 07:51 - 2012-07-16 07:51 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice (1).xls

2012-07-16 07:23 - 2012-07-16 07:23 - 00021514 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342452164_68.tif

2012-07-16 05:22 - 2012-07-16 05:22 - 00014128 ____A C:\Users\Yumi\Downloads\AR Aging Summary (31).xlsx

2012-07-16 04:33 - 2012-07-16 04:33 - 00034068 ____A C:\Users\Yumi\Downloads\FAX_20120716_1342439542_50.tif

2012-07-13 13:32 - 2012-07-13 13:32 - 00000000 ____A C:\Users\Yumi\Downloads\07-13-2012 Packing Slip (5).pdf.crdownload

2012-07-13 13:30 - 2012-07-13 13:30 - 00191488 ____A C:\Users\Yumi\Downloads\07-13-2012 Canadian Invoice.xls

2012-07-13 12:39 - 2012-07-13 12:39 - 00053955 ____A C:\Users\Yumi\Downloads\VOICE_20120713_1342211934_35.gsm

2012-07-13 12:37 - 2012-07-13 12:37 - 00015468 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342211834_44.tif

2012-07-13 11:45 - 2012-07-13 11:45 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (2).xls

2012-07-13 11:01 - 2012-07-13 11:01 - 00016064 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342206053_73.tif

2012-07-13 08:29 - 2012-07-13 08:29 - 00030934 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342196932_32.tif

2012-07-13 06:40 - 2012-07-13 06:40 - 00008758 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342190309_56.tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68.tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (5).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (4).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (3).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (2).tif

2012-07-13 04:37 - 2012-07-13 04:37 - 00018844 ____A C:\Users\Yumi\Downloads\FAX_20120713_1342182381_68 (1).tif

2012-07-12 12:45 - 2010-11-04 06:10 - 00002178 ____A C:\Users\Yumi\Sti_Trace.log

2012-07-12 08:13 - 2012-04-18 06:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-12 08:13 - 2012-01-20 05:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-12 07:03 - 2012-07-12 07:03 - 00189952 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice (1).xls

2012-07-12 04:36 - 2009-07-13 20:45 - 00450264 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 13:32 - 2010-11-08 05:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-11 13:12 - 2012-07-11 13:12 - 00193536 ____A C:\Users\Yumi\Downloads\07-12-2012 Canadian Invoice.xls

2012-07-11 10:08 - 2012-07-11 10:08 - 00015946 ____A C:\Users\Yumi\Downloads\FAX_20120711_1342027030_94.tif

2012-07-10 07:37 - 2012-07-10 07:37 - 00024790 ____A C:\Users\Yumi\Downloads\FAX_20120710_1341934528_34.tif

2012-07-09 11:46 - 2012-07-09 11:46 - 00008822 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341862824_30.tif

2012-07-09 10:34 - 2012-07-09 10:34 - 00011346 ____A C:\Users\Yumi\Downloads\FAX_20120709_1341858809_69.tif

2012-07-09 04:46 - 2012-07-09 04:46 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (30).xlsx

2012-07-09 04:45 - 2012-07-09 04:45 - 00014235 ____A C:\Users\Yumi\Downloads\AR Aging Summary (29).xlsx

2012-07-06 08:34 - 2012-07-06 08:34 - 00190464 ____A C:\Users\Yumi\Downloads\07-09-2012 Canadian Invoice.xls

2012-07-05 13:21 - 2012-07-05 13:21 - 00027320 ____A C:\Users\Yumi\Downloads\FAX_20120705_1341522679_62.tif

2012-07-03 09:46 - 2012-07-20 05:10 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 04:33 - 2012-07-03 04:32 - 00028496 ____A C:\Users\Yumi\Downloads\FAX_20120702_1341267741_48.tif

2012-07-02 12:38 - 2012-07-02 12:38 - 00148992 ____A C:\Users\Yumi\Downloads\Quote Sheet.xls

2012-07-02 07:58 - 2012-07-02 07:58 - 00014464 ____A C:\Users\Yumi\Downloads\AR Aging Summary (28).xlsx

2012-07-02 05:51 - 2012-07-02 05:51 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (2).xls

2012-06-29 07:47 - 2012-06-29 07:47 - 00043455 ____A C:\Users\Yumi\Downloads\Italian Wenge Inventory.xlsx

2012-06-29 07:19 - 2012-06-29 07:19 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (2).xls

2012-06-29 07:03 - 2012-06-29 07:03 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice (1).xls

2012-06-29 05:31 - 2012-06-29 05:31 - 00193536 ____A C:\Users\Yumi\Downloads\06-29-2012 Canadian Invoice.xls

2012-06-29 04:44 - 2012-06-29 04:44 - 00016424 ____A C:\Users\Yumi\Downloads\FAX_20120629_1340973699_44.tif

2012-06-27 12:46 - 2012-06-27 12:46 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice (1).xls

2012-06-27 12:45 - 2012-06-27 12:45 - 00189952 ____A C:\Users\Yumi\Downloads\06-28-2012 Canadian Invoice.xls

2012-06-27 11:53 - 2012-06-27 11:53 - 00011926 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340826708_93.tif

2012-06-27 10:14 - 2012-06-27 10:14 - 00026042 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340818459_33.tif

2012-06-27 07:07 - 2012-06-27 07:07 - 00018314 ____A C:\Users\Yumi\Downloads\FAX_20120627_1340809412_72.tif

2012-06-26 08:38 - 2012-06-26 08:38 - 00048640 ____A C:\Users\Yumi\Downloads\6_26 Orlando, FL.xls

2012-06-26 07:45 - 2012-06-26 07:45 - 00012592 ____A C:\Users\Yumi\Downloads\FAX_20120626_1340725381_24.tif

2012-06-26 04:30 - 2012-06-26 04:30 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32 (1).tif

2012-06-26 04:29 - 2012-06-26 04:28 - 00009790 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340661086_32.tif

2012-06-25 10:40 - 2012-06-25 10:40 - 00007474 ____A C:\Users\Yumi\Downloads\FAX_20120625_1340649565_39.tif

2012-06-25 04:42 - 2012-06-25 04:42 - 00014434 ____A C:\Users\Yumi\Downloads\AR Aging Summary (27).xlsx

2012-06-21 05:33 - 2012-06-21 05:33 - 00001071 ____A C:\Users\Yumi\Downloads\Documents - Shortcut.lnk

2012-06-20 12:51 - 2012-06-20 12:51 - 00014066 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340225230_67.tif

2012-06-20 12:30 - 2012-06-20 12:30 - 00015420 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340224088_72.tif

2012-06-20 12:02 - 2012-06-20 12:02 - 00017608 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340222448_73.tif

2012-06-20 10:54 - 2012-06-20 10:54 - 00017550 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340218409_76.tif

2012-06-20 08:56 - 2012-04-12 13:21 - 00002701 ____A C:\Users\Yumi\Desktop\dackor stock inventory - Shortcut.lnk

2012-06-20 07:33 - 2012-06-20 07:33 - 00016778 ____A C:\Users\Yumi\Downloads\FAX_20120620_1340206319_35.tif

2012-06-20 07:23 - 2012-06-20 07:23 - 00026624 ____A C:\Users\Yumi\Downloads\June 2012.xls

2012-06-20 07:02 - 2012-06-20 07:02 - 00016896 ____A C:\Users\Yumi\Downloads\Copy of Pat Benefits Report (1).xls

2012-06-20 06:15 - 2012-06-20 06:15 - 00840704 ____A C:\Users\Yumi\Downloads\DAKOR FOIL DAMAGE.xls

2012-06-20 05:56 - 2010-08-18 22:05 - 00113801 ____A C:\Windows\DirectX.log

2012-06-19 11:31 - 2012-06-19 11:31 - 00015952 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340134153_56.tif

2012-06-19 11:28 - 2012-06-19 11:28 - 00008974 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340133992_85.tif

2012-06-19 10:37 - 2012-06-19 10:37 - 00016668 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340127325_85.tif

2012-06-19 06:37 - 2012-06-19 06:37 - 00194048 ____A C:\Users\Yumi\Downloads\06-18-2012 Canadian Invoice (1).xls

2012-06-19 05:46 - 2012-06-19 05:46 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice (3).xls

2012-06-19 05:07 - 2012-06-19 05:07 - 00014704 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340110946_94 (1).tif

2012-06-19 05:04 - 2012-06-19 05:04 - 00014704 ____A C:\Users\Yumi\Downloads\FAX_20120619_1340110946_94.tif

2012-06-18 10:30 - 2012-06-18 10:30 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice (2).xls

2012-06-18 10:04 - 2012-06-18 10:04 - 00027372 ____A C:\Users\Yumi\Downloads\FAX_20120618_1340040011_55.tif

2012-06-18 04:47 - 2012-06-18 04:47 - 00014569 ____A C:\Users\Yumi\Downloads\AR Aging Summary (26).xlsx

2012-06-15 13:08 - 2012-06-15 13:08 - 00194048 ____A C:\Users\Yumi\Downloads\06-18-2012 Canadian Invoice.xls

2012-06-14 12:45 - 2012-06-14 12:45 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice (1).xls

2012-06-14 12:38 - 2012-06-14 12:38 - 00189952 ____A C:\Users\Yumi\Downloads\06-15-2012 Canadian Invoice.xls

2012-06-14 11:37 - 2012-06-14 11:37 - 00041088 ____A C:\Users\Yumi\Downloads\FAX_20120614_1339702527_76.tif

2012-06-14 10:08 - 2012-06-14 10:08 - 00008217 ____A C:\Users\Yumi\Downloads\VOICE_20120614_1339696756_39.gsm

2012-06-14 08:50 - 2012-06-14 08:50 - 00009446 ____A C:\Users\Yumi\Downloads\FAX_20120614_1339690200_26.tif

2012-06-14 08:40 - 2012-06-14 08:40 - 00021800 ____A C:\Users\Yumi\Downloads\FAX_20120614_1339685209_56.tif

2012-06-13 13:04 - 2012-06-13 13:04 - 00018974 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339621222_38.tif

2012-06-13 11:58 - 2012-06-13 11:58 - 00036834 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339615519_80 (1).tif

2012-06-13 11:30 - 2012-06-13 11:30 - 00036834 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339615519_80.tif

2012-06-13 05:49 - 2012-06-13 05:49 - 00047800 ____A C:\Users\Yumi\Downloads\FAX_20120613_1339587885_82.tif

2012-06-12 11:38 - 2012-06-12 11:38 - 00189952 ____A C:\Users\Yumi\Downloads\06-11-2012 Canadian Invoice (1).xls

2012-06-12 04:29 - 2012-06-12 04:29 - 00027086 ____A C:\Users\Yumi\Downloads\FAX_20120611_1339455112_42 (1).tif

2012-06-12 04:28 - 2012-06-12 04:28 - 00027086 ____A C:\Users\Yumi\Downloads\FAX_20120611_1339455112_42.tif

2012-06-11 19:08 - 2012-07-11 13:35 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-11 10:13 - 2012-06-11 10:13 - 00014521 ____A C:\Users\Yumi\Downloads\AR Aging Summary (25).xlsx

2012-06-11 04:44 - 2012-06-11 04:44 - 00022716 ____A C:\Users\Yumi\Downloads\FAX_20120609_1339217964_76.tif

2012-06-11 04:34 - 2012-06-11 04:34 - 00016074 ____A C:\Users\Yumi\Downloads\FAX_20120608_1339196306_91.tif

2012-06-08 21:43 - 2012-07-11 04:38 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 04:38 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 13:21 - 2012-06-08 13:21 - 00189952 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice (3).xls

2012-06-08 13:09 - 2012-06-08 13:09 - 00194048 ____A C:\Users\Yumi\Downloads\06-06-2012 Canadian Invoice (1).xls

2012-06-08 12:35 - 2012-06-08 12:35 - 00190464 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice (2).xls

2012-06-08 12:17 - 2012-06-08 12:17 - 00189952 ____A C:\Users\Yumi\Downloads\06-11-2012 Canadian Invoice.xls

2012-06-07 13:18 - 2012-06-07 13:18 - 00035470 ____A C:\Users\Yumi\Downloads\FAX_20120607_1339103445_87.tif

2012-06-07 08:12 - 2012-06-07 08:12 - 00195072 ____A C:\Users\Yumi\Downloads\06-05-2012 Canadian Invoice (2).xls

2012-06-07 06:09 - 2012-06-07 06:09 - 00189952 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice (1).xls

2012-06-07 05:54 - 2012-06-07 05:54 - 00189952 ____A C:\Users\Yumi\Downloads\06-07-2012 Canadian Invoice.xls

2012-06-06 12:32 - 2012-06-06 12:32 - 00012290 ____A C:\Users\Yumi\Downloads\FAX_20120606_1339014615_77.tif

2012-06-06 08:48 - 2012-06-06 08:48 - 00018018 ____A C:\Users\Yumi\Downloads\FAX_20120606_1339001256_24.tif

2012-06-06 05:11 - 2012-06-06 05:11 - 00194048 ____A C:\Users\Yumi\Downloads\06-06-2012 Canadian Invoice.xls

2012-06-05 22:06 - 2012-07-11 04:38 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 04:38 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 04:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 04:38 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 04:38 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 04:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 12:42 - 2012-06-05 12:42 - 00189952 ____A C:\Users\Yumi\Downloads\05-31-2012 Canadian Invoice (2).xls

2012-06-05 08:38 - 2011-02-03 12:42 - 00001011 ____A C:\Users\Yumi\Desktop\Dropbox.lnk

2012-06-05 06:38 - 2012-06-05 06:38 - 00194048 ____A C:\Users\Yumi\Downloads\06-05-2012 Canadian Invoice (1).xls

2012-06-05 06:37 - 2012-06-05 06:37 - 00194048 ____A C:\Users\Yumi\Downloads\06-05-2012 Canadian Invoice.xls

2012-06-04 07:16 - 2012-06-04 07:16 - 00015912 ____A C:\Users\Yumi\Downloads\FAX_20120604_1338822858_62.tif

2012-06-04 07:06 - 2012-06-04 07:06 - 00009222 ____A C:\Users\Yumi\Downloads\FAX_20120604_1338822362_30.tif

2012-06-04 06:49 - 2012-06-04 06:49 - 00026546 ____A C:\Users\Yumi\Downloads\FAX_20120604_1338821335_25.tif

2012-06-04 04:41 - 2012-06-04 04:41 - 00014363 ____A C:\Users\Yumi\Downloads\AR Aging Summary (24).xlsx

2012-06-02 14:19 - 2012-06-21 04:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 04:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 04:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 04:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 04:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 04:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 04:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-21 04:34 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-06-21 04:34 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 21:50 - 2012-07-11 04:38 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 04:38 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 04:38 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 04:38 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 04:38 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-11 04:38 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 04:38 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 04:38 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 04:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 13:16 - 2012-06-01 13:16 - 00082514 ____A C:\Users\Yumi\Downloads\FAX_20120601_1338585337_28.tif

2012-06-01 12:09 - 2012-06-01 12:09 - 00037880 ____A C:\Users\Yumi\Downloads\FAX_20120601_1338581324_31.tif

2012-06-01 05:19 - 2012-06-01 05:19 - 00016428 ____A C:\Users\Yumi\Downloads\FAX_20120601_1338556292_84.tif

2012-05-31 10:02 - 2012-05-31 10:02 - 00015878 ____A C:\Users\Yumi\Downloads\FAX_20120531_1338486434_65.tif

2012-05-31 08:25 - 2010-10-30 04:19 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-31 07:49 - 2012-05-31 07:49 - 00194048 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (6).xls

2012-05-31 07:48 - 2012-05-31 07:48 - 00194048 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (5).xls

2012-05-31 06:30 - 2012-05-31 06:30 - 00189952 ____A C:\Users\Yumi\Downloads\05-31-2012 Canadian Invoice (1).xls

2012-05-31 05:20 - 2012-05-31 05:20 - 00191488 ____A C:\Users\Yumi\Downloads\05-31-2012 Canadian Invoice.xls

2012-05-30 12:33 - 2012-05-30 12:33 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (5).xls

2012-05-30 11:57 - 2012-05-30 11:57 - 00193536 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (4).xls

2012-05-30 11:09 - 2012-05-30 11:09 - 00190976 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice (3).xls

2012-05-30 11:08 - 2012-05-30 11:08 - 00190976 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice (2).xls

2012-05-30 08:54 - 2012-05-30 08:54 - 00013378 ____A C:\Users\Yumi\Downloads\FAX_20120530_1338396846_79.tif

2012-05-30 08:54 - 2012-05-30 08:54 - 00013378 ____A C:\Users\Yumi\Downloads\FAX_20120530_1338396846_79 (1).tif

2012-05-30 07:13 - 2012-05-30 07:13 - 00195072 ____A C:\Users\Yumi\Downloads\05-30-2012 Canadian Invoice (2).xls

2012-05-30 06:38 - 2012-05-30 06:38 - 00195072 ____A C:\Users\Yumi\Downloads\05-30-2012 Canadian Invoice (1).xls

2012-05-30 06:07 - 2012-05-30 06:07 - 00190976 ____A C:\Users\Yumi\Downloads\05-30-2012 Canadian Invoice.xls

2012-05-29 10:31 - 2012-05-29 10:31 - 00190464 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (3).xls

2012-05-29 08:48 - 2012-05-29 08:48 - 00014892 ____A C:\Users\Yumi\Downloads\FAX_20120529_1338310102_75.tif

2012-05-29 08:12 - 2012-05-29 08:12 - 00038360 ____A C:\Users\Yumi\Downloads\FAX_20120529_1338307933_65.tif

2012-05-29 07:48 - 2012-05-29 07:48 - 00194048 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (2).xls

2012-05-29 06:59 - 2012-05-29 06:59 - 00190464 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice (1).xls

2012-05-29 06:34 - 2012-05-29 06:34 - 00193536 ____A C:\Users\Yumi\Downloads\05-29-2012 Canadian Invoice.xls

2012-05-29 05:39 - 2012-05-29 05:39 - 00010500 ____A C:\Users\Yumi\Downloads\FAX_20120529_1338298375_87.tif

2012-05-29 05:36 - 2012-05-29 05:36 - 00036828 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337887996_78 (1).tif

2012-05-29 05:36 - 2012-05-29 05:36 - 00035920 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337879243_31 (1).tif

2012-05-29 04:47 - 2012-05-29 04:47 - 00013697 ____A C:\Users\Yumi\Downloads\AR Aging Summary (23).xlsx

2012-05-25 13:37 - 2012-05-25 13:37 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (4).xls

2012-05-25 07:37 - 2012-05-25 07:37 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (3).xls

2012-05-25 07:35 - 2012-05-25 07:35 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (2).xls

2012-05-25 07:30 - 2012-05-25 07:30 - 00193536 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice (1).xls

2012-05-25 06:46 - 2012-05-25 06:46 - 00189952 ____A C:\Users\Yumi\Downloads\05-25-2012 Canadian Invoice.xls

2012-05-24 11:55 - 2012-05-24 11:55 - 00012638 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337889261_37.tif

2012-05-24 11:33 - 2012-05-24 11:33 - 00036828 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337887996_78.tif

2012-05-24 09:08 - 2012-05-24 09:08 - 00035920 ____A C:\Users\Yumi\Downloads\FAX_20120524_1337879243_31.tif

2012-05-23 12:13 - 2012-05-23 12:13 - 00190976 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice (1).xls

2012-05-23 11:35 - 2012-05-23 11:35 - 00022742 ____A C:\Users\Yumi\Downloads\1669437242.tif

2012-05-23 11:35 - 2012-05-23 11:35 - 00021520 ____A C:\Users\Yumi\Downloads\205641437.tif

2012-05-23 10:56 - 2012-05-23 10:56 - 00189952 ____A C:\Users\Yumi\Downloads\05-23-2012 Canadian Invoice.xls

2012-05-23 10:03 - 2012-05-23 10:03 - 00024816 ____A C:\Users\Yumi\Downloads\FAX_20120523_1337794800_49.tif

2012-05-22 11:32 - 2012-05-22 11:32 - 00189952 ____A C:\Users\Yumi\Downloads\05-22-2012 Canadian Invoice.xls

2012-05-22 05:12 - 2012-05-22 05:12 - 00018004 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337692319_63.tif

2012-05-22 04:59 - 2012-05-22 04:59 - 00009682 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337691358_70.tif

2012-05-22 04:31 - 2012-05-22 04:31 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84 (3).tif

2012-05-22 04:31 - 2012-05-22 04:31 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84 (2).tif

2012-05-22 04:31 - 2012-05-22 04:31 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84 (1).tif

2012-05-22 04:30 - 2012-05-22 04:30 - 00009340 ____A C:\Users\Yumi\Downloads\FAX_20120522_1337689121_84.tif

2012-05-21 10:16 - 2012-05-21 10:16 - 00013967 ____A C:\Users\Yumi\Downloads\AR Aging Summary (22).xlsx

2012-05-21 05:37 - 2012-05-21 05:37 - 00009298 ____A C:\Users\Yumi\Downloads\FAX_20120521_1337607224_91 (1).tif

2012-05-21 05:34 - 2012-05-21 05:34 - 00009298 ____A C:\Users\Yumi\Downloads\FAX_20120521_1337607224_91.tif

2012-05-18 07:40 - 2012-05-18 07:40 - 00189952 ____A C:\Users\Yumi\Downloads\05-18-2012 Canadian Invoice (1).xls

2012-05-18 05:36 - 2012-05-18 05:36 - 00189952 ____A C:\Users\Yumi\Downloads\05-18-2012 Canadian Invoice.xls

2012-05-17 11:26 - 2012-05-17 11:26 - 00015370 ____A C:\Users\Yumi\Downloads\FAX_20120517_1337282449_44.tif

2012-05-17 06:36 - 2012-05-17 06:36 - 00190976 ____A C:\Users\Yumi\Downloads\05-17-2012 Canadian Invoice.xls

2012-05-16 11:02 - 2012-05-16 11:02 - 00015689 ____A C:\Users\Yumi\Downloads\Inventory.xlsx

2012-05-14 20:01 - 2012-06-13 11:29 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-14 19:59 - 2012-06-13 11:29 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-14 19:03 - 2012-06-13 11:29 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-14 19:00 - 2012-06-13 11:29 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-14 12:21 - 2012-05-14 12:21 - 00015560 ____A C:\Users\Yumi\Downloads\FAX_20120514_1337026400_27.tif

2012-05-14 11:46 - 2012-05-14 11:46 - 00013962 ____A C:\Users\Yumi\Downloads\AR Aging Summary (21).xlsx

2012-05-14 10:57 - 2012-05-14 10:57 - 00009966 ____A C:\Users\Yumi\Downloads\FAX_20120514_1337021800_24.tif

2012-05-14 04:54 - 2012-05-14 04:54 - 00042630 ____A C:\Users\Yumi\Downloads\FAX_20120514_1337000053_59.tif

2012-05-11 07:33 - 2012-05-11 07:33 - 00190464 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice.xls

2012-05-09 13:23 - 2012-05-09 13:23 - 00193536 ____A C:\Users\Yumi\Downloads\05-08-2012 Canadian Invoice (2).xls

2012-05-09 10:51 - 2012-05-09 10:51 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Cordoba Pine) (2).xls

2012-05-09 10:50 - 2012-05-09 10:50 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Exact Match Hardrock Maple).xls

2012-05-09 10:50 - 2012-05-09 10:50 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Cordoba Pine) (1).xls

2012-05-09 10:49 - 2012-05-09 10:49 - 00189952 ____A C:\Users\Yumi\Downloads\05-09-2012 Canadian Invoice (Cordoba Pine).xls

2012-05-08 06:48 - 2012-05-08 06:48 - 00012083 ____A C:\Users\Yumi\Downloads\Dackor 3DL Update April 2012.xlsx

2012-05-08 06:47 - 2012-05-08 06:47 - 00193536 ____A C:\Users\Yumi\Downloads\05-08-2012 Canadian Invoice (1).xls

2012-05-08 06:46 - 2012-05-08 06:46 - 00193536 ____A C:\Users\Yumi\Downloads\05-08-2012 Canadian Invoice.xls

2012-05-07 13:40 - 2012-05-07 13:40 - 00013879 ____A C:\Users\Yumi\Downloads\AR Aging Summary (20).xlsx

2012-05-07 11:14 - 2012-05-07 11:14 - 00147675 ____A C:\Users\Yumi\Downloads\VOICE_20120507_1336418008_67.gsm

2012-05-07 11:06 - 2012-05-07 11:06 - 00190464 ____A C:\Users\Yumi\Downloads\PO #28459 Canadian Invoice (1).xls

2012-05-07 08:36 - 2012-05-07 08:36 - 00189952 ____A C:\Users\Yumi\Downloads\05-03-2012 Canadian Invoice (2).xls

2012-05-04 06:21 - 2012-05-04 06:21 - 00190464 ____A C:\Users\Yumi\Downloads\PO #28459 Canadian Invoice.xls

2012-05-04 03:06 - 2012-06-13 11:29 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-13 11:29 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-13 11:29 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-03 07:07 - 2012-05-03 07:07 - 00189952 ____A C:\Users\Yumi\Downloads\05-03-2012 Canadian Invoice.xls

2012-05-03 07:07 - 2012-05-03 07:07 - 00189952 ____A C:\Users\Yumi\Downloads\05-03-2012 Canadian Invoice (1).xls

2012-05-02 08:32 - 2012-05-02 08:32 - 00190976 ____A C:\Users\Yumi\Downloads\05-02-2012 Canadian Invoice (1).xls

2012-05-02 08:24 - 2012-05-02 08:24 - 00190976 ____A C:\Users\Yumi\Downloads\05-02-2012 Canadian Invoice.xls

2012-04-30 21:40 - 2012-06-13 11:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-30 08:24 - 2012-04-30 08:24 - 00014012 ____A C:\Users\Yumi\Downloads\AR Aging Summary (19).xlsx

2012-04-30 06:14 - 2012-04-30 06:14 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (4).xls

2012-04-30 06:06 - 2012-04-30 06:06 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (3).xls

2012-04-27 19:55 - 2012-06-13 11:28 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-27 07:07 - 2012-04-27 07:07 - 00193536 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (2).xls

2012-04-26 10:06 - 2012-04-26 10:06 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice.xls

2012-04-26 10:06 - 2012-04-26 10:06 - 00194048 ____A C:\Users\Yumi\Downloads\04-26-2012 Canadian Invoice (1).xls

ZeroAccess:

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L\00000004.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L\1afb2d56

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\L\201d3dde

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\00000004.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\00000008.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\000000cb.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\80000000.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\80000032.@

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%

Total physical RAM: 2810.9 MB

Available physical RAM: 2226.05 MB

Total Pagefile: 2809.05 MB

Available Pagefile: 2228.32 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.59 GB) (Free:235.79 GB) NTFS

2 Drive e: (Recovery) (Fixed) (Total:9.4 GB) (Free:0.81 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: () (Removable) (Total:3.75 GB) (Free:3.42 GB) FAT32

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 1024 KB

Disk 1 Online 3843 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 9 GB 1024 KB

Partition 2 Primary 100 MB 9 GB

Partition 3 Primary 288 GB 9 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Recovery NTFS Partition 9 GB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 288 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3839 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 3839 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 09:53

======================= End Of Log ==========================

Services.exe:

Farbar Recovery Scan Tool Version: 24-07-2012

Ran by SYSTEM at 2012-07-24 15:31:21

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-07-2012

Ran by SYSTEM at 2012-07-24 16:06:20 Run:3

Running from G:\

==============================================

C:\Windows\Installer\{18bd9e16-814c-9a1f-5505-93ea1dbc9ba8} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clean up any other malware........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Thank you very much for all your help Mr C!

My firewall is running again!! :D

ComboFix 12-07-25.04 - Yumi 07/24/2012 16:52:49.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1743 [GMT -4:00]

Running from: c:\users\Yumi\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\63f526c5

c:\users\Yumi\AppData\Roaming\4a7c1526

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 20:36 . 2012-07-24 20:36 -------- d-----w- c:\program files (x86)\7-zip

2012-07-24 18:21 . 2012-07-24 18:41 -------- d-----w- C:\FRST

2012-07-24 13:07 . 2012-07-24 13:07 -------- d-----w- c:\users\QBDataServiceUser20

2012-07-23 12:28 . 2012-07-23 12:28 -------- d-----w- C:\found.000

2012-07-20 13:10 . 2012-07-20 13:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-20 13:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-19 20:26 . 2012-07-19 20:26 328704 ----a-w- c:\windows\system32\services.exe.194C83E476DD5A74

2012-07-17 19:34 . 2012-07-17 19:34 -------- d-----w- c:\users\Yumi\AppData\Local\Macromedia

2012-07-17 19:33 . 2012-07-17 19:33 -------- d-----w- c:\users\Yumi\AppData\Local\Mozilla

2012-07-17 13:46 . 2012-07-17 13:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-17 13:35 . 2012-07-19 17:14 -------- d-----w- c:\programdata\0C1D173D000A5C5400091427F875F002

2012-07-11 21:35 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 16:13 . 2012-04-18 14:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 16:13 . 2012-01-20 13:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 21:32 . 2010-11-08 13:31 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-29 10:04 . 2012-07-17 12:34 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3ABCA250-FA64-4D4A-9FF5-B94586BF9B8C}\mpengine.dll

2012-06-20 13:58 . 2012-06-20 13:58 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-02 22:19 . 2012-06-21 12:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 12:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 12:36 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 12:36 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 12:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 12:36 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 12:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 12:34 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 12:34 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 16:25 . 2010-10-30 12:19 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-15 04:01 . 2012-06-13 19:29 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:59 . 2012-06-13 19:29 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:03 . 2012-06-13 19:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 11:06 . 2012-06-13 19:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 19:29 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 19:29 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 19:29 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 19:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 19:29 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 19:29 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 19:29 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Yumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Yumi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-03-25 574320]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1255736]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R4 QuickBooksDB20;QuickBooksDB20;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-07-01 73856]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-07-01 28800]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 202752]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-18 161168]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]

S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-07-07 6402560]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 188928]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-22 242720]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-04-07 346144]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-03-09 12032]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 16:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Yumi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://yahoo.genieo.com/?v=w3i8

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\users\Yumi\AppData\Roaming\Mozilla\Firefox\Profiles\mfucp2oe.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Yumi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

.

**************************************************************************

.

Completion time: 2012-07-24 17:10:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-24 21:10

.

Pre-Run: 252,812,042,240 bytes free

Post-Run: 253,520,015,360 bytes free

.

- - End Of File - - 284B7604F7ECF42713F3A83903200A18

Link to post
Share on other sites

Computer is running smooth!

Thanks again Mr. C! :D

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.25.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Yumi :: REINA [administrator]

Protection: Enabled

7/25/2012 8:29:32 AM

mbam-log-2012-07-25 (08-29-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238784

Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.