TechSpot

Win64/Sirefef.Y help me too please

By MazanSM
Jun 15, 2012
  1. I have seen several other users you have helped with this. Please help me too if possible friends. This is for the company owner I work at.

    Thanks so much!!
     
  2. MazanSM

    MazanSM TS Rookie Topic Starter

    Shoot! I greatly apologize, as I am new to these forums. It looks like you prefer pasted logs instead of attached. I assumed you would prefer it the other way around. I will paste them now. Again I am sorry for any inconvenience. Thank you.

    Scan result of Farbar Recovery Scan Tool Version: 14-06-2012
    Ran by SYSTEM at 15-06-2012 10:16:59
    Running from K:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-08] (NVIDIA Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM\...\Run: [qutbdg] rundll32.exe "C:\Users\rbiv\AppData\Roaming\qutbdg.dll",UpdateRebarBandColors [123392 2012-06-14] (Duplex Secure Ltd.)
    HKLM\...\Run: [wrvcap] "C:\Windows\System32\rundll32.exe" "C:\Users\rbiv\AppData\Roaming\wrvcap.dll",SendPacket [348672 2012-06-14] (Voyetra Turtle Beach, Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
    HKLM-x32\...\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
    HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
    HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart [1086760 2009-10-07] (Nero AG)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER [26112 2010-09-30] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BackupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k [577792 2010-09-17] (NewTech Infosystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Administrator\...\Run: [RealJukeboxSystray] C:\Program Files (x86)\Real\RealJukebox\tsystray.exe [91648 2010-09-30] (RealNetworks, Inc.)
    HKU\besadmin.president\...\Run: [RealJukeboxSystray] C:\Program Files (x86)\Real\RealJukebox\tsystray.exe [91648 2010-09-30] (RealNetworks, Inc.)
    HKU\rbiv\...\Run: [RealJukeboxSystray] C:\Program Files (x86)\Real\RealJukebox\tsystray.exe [91648 2010-09-30] (RealNetworks, Inc.)
    HKU\rbiv\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\rbiv\...\Run: [Arfusymoci] C:\Users\rbiv\AppData\Roaming\Wuivir\orsoe.exe [x]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.5 10.1.1.15
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\BES Support Application.lnk
    ShortcutTarget: BES Support Application.lnk -> C:\Windows\Installer\{C8C580D7-EA83-45E5-9F4B-89E3466812B8}\_CC0A4E5930FC4E7D8FFDEDEA7606DDDE.exe (Flexera Software, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\BESlogon.lnk
    ShortcutTarget: BESlogon.lnk -> C:\besadmin\beslogon.vbs ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Net Phone.lnk
    ShortcutTarget: Net Phone.lnk -> C:\Program Files (x86)\Toshiba\NetPhone\netphone.exe (Toshiba America Information Systems, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\RealDownload.lnk
    ShortcutTarget: RealDownload.lnk -> C:\Program Files (x86)\Real\RealDownload\Realdownload.exe (RealNetworks, Inc.)
    Startup: C:\Users\rbiv\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    ==================== Services (Whitelisted) ======
    2 BPowMon; C:\Program Files\Broadcom\BACS\BPowMon.exe [117568 2009-06-12] (Broadcom Corp.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 NTI BackupNowEZSvr; C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [45312 2010-09-17] (NewTech Infosystems, Inc.)
    2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-10-07] (Prolific Technology Inc.)
    2 uvnc_service; "C:\Program Files\UltraVNC\WinVNC.exe" -service [1793976 2009-12-06] (UltraVNC)
    ========================== Drivers (Whitelisted) =============
    3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
    2 BASFND; \??\C:\Program Files\Broadcom\BACS\BASFND.sys [15200 2009-06-12] (Broadcom Corporation)
    3 Dot4Print; C:\Windows\system32\drivers\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
    3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
    3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
    2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-15 10:16 - 2012-06-15 10:16 - 00000000 ____D C:\FRST
    2012-06-15 01:43 - 2012-06-15 01:43 - 00000106 ____A C:\Windows\System32\.directory
    2012-06-14 13:13 - 2012-06-14 13:36 - 00074049 ____A C:\Users\besadmin.president\Desktop\yorkyt.exe.log
    2012-06-14 13:11 - 2012-06-14 13:03 - 01415784 ____A C:\Users\besadmin.president\Desktop\yorkyt.exe
    2012-06-14 13:08 - 2012-06-14 13:09 - 00127936 ____A C:\TDSSKiller.2.7.39.0_14.06.2012_17.08.34_log.txt
    2012-06-14 12:30 - 2012-06-14 12:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-14 12:30 - 2012-06-14 12:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-14 12:24 - 2012-06-14 12:24 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-06-14 12:24 - 2012-06-14 12:24 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-06-14 12:24 - 2012-06-14 12:24 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-14 12:24 - 2012-06-14 12:24 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-14 12:24 - 2012-06-14 12:24 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-14 12:24 - 2012-06-14 12:24 - 00000000 ____D C:\Users\All Users\Sun
    2012-06-14 12:19 - 2012-06-14 12:19 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Macromedia
    2012-06-14 12:17 - 2012-06-14 12:17 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Adobe
    2012-06-14 12:17 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 12:17 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 12:17 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 12:17 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 12:17 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 12:17 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 12:17 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 12:17 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 12:17 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 12:17 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 12:17 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 12:17 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 12:17 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 12:17 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 12:17 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 12:17 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 12:17 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 12:17 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 12:17 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 12:17 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 12:17 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 12:17 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 12:17 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 12:17 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 12:17 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 12:17 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 12:17 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 12:17 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 12:16 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-14 12:16 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000008 _RASH C:\Users\besadmin.president\ntuser.pol
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Toshiba
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Nero
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Logitech
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Apple Computer
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Local\Apple Computer
    2012-06-14 11:28 - 2012-06-14 11:28 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Malwarebytes
    2012-06-14 11:28 - 2012-06-14 11:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-14 11:28 - 2012-06-14 11:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-14 11:28 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-14 11:27 - 2012-06-14 13:11 - 00000431 ____A C:\rkill.log
    2012-06-14 11:25 - 2012-06-15 05:46 - 00892748 ____A C:\Windows\ntbtlog.txt
    2012-06-14 11:06 - 2012-06-14 11:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-14 11:04 - 2012-06-14 12:10 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Wuivir
    2012-06-14 11:04 - 2012-06-14 11:05 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Otiwbo
    2012-06-14 11:04 - 2012-06-14 11:04 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Xeadke
    2012-06-14 11:03 - 2012-06-14 11:03 - 00348672 ____A (Voyetra Turtle Beach, Inc.) C:\Users\rbiv\AppData\Roaming\wrvcap.dll
    2012-06-14 11:03 - 2012-06-14 11:03 - 00123392 __ASH (Duplex Secure Ltd.) C:\Users\rbiv\AppData\Roaming\qutbdg.dll
    2012-06-14 11:03 - 2012-06-14 11:03 - 00000000 ____D C:\Users\All Users\99058D65000077910023DC24B4EB2331
    2012-06-14 04:43 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-14 04:43 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-14 04:43 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-14 04:43 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-14 04:43 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-14 04:43 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-14 04:43 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-14 04:43 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 04:43 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-14 04:43 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 04:43 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-14 04:43 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-14 04:43 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-14 04:43 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-14 04:43 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-14 04:43 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-14 04:43 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-14 04:43 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-06 07:49 - 2012-06-06 07:49 - 00766976 ____A C:\Users\rbiv\Desktop\Copy of ezlogbook.xls
    2012-05-30 11:19 - 2012-05-30 11:19 - 01598715 ____A C:\Users\rbiv\Desktop\Cessna172NPOH.pdf
    2012-05-30 11:19 - 2012-05-30 11:19 - 00018253 ____A C:\Users\rbiv\Desktop\checklist_cessan172n.pdf
    2012-05-29 05:45 - 2012-05-29 05:46 - 05478836 ____A C:\Users\rbiv\Desktop\WaveRunner OwnersManual.pdf
    2012-05-21 11:59 - 2012-06-14 12:56 - 00000000 ___RD C:\Users\rbiv\Dropbox
    2012-05-21 11:59 - 2012-05-30 04:49 - 00000978 ____A C:\Users\rbiv\Desktop\Dropbox.lnk
    2012-05-21 11:57 - 2012-06-14 12:56 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Dropbox
    ============ 3 Months Modified Files and Folders =============
    2012-06-15 10:17 - 2012-06-15 10:16 - 00000000 ____D C:\FRST
    2012-06-15 06:08 - 2009-12-28 08:15 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl
    2012-06-15 06:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-15 06:08 - 2009-07-13 20:51 - 00073154 ____A C:\Windows\setupact.log
    2012-06-15 05:57 - 2012-04-12 06:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-15 05:46 - 2012-06-14 11:25 - 00892748 ____A C:\Windows\ntbtlog.txt
    2012-06-15 01:43 - 2012-06-15 01:43 - 00000106 ____A C:\Windows\System32\.directory
    2012-06-14 14:27 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-14 14:08 - 2009-07-13 21:13 - 00733884 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-14 13:36 - 2012-06-14 13:13 - 00074049 ____A C:\Users\besadmin.president\Desktop\yorkyt.exe.log
    2012-06-14 13:11 - 2012-06-14 11:27 - 00000431 ____A C:\rkill.log
    2012-06-14 13:09 - 2012-06-14 13:08 - 00127936 ____A C:\TDSSKiller.2.7.39.0_14.06.2012_17.08.34_log.txt
    2012-06-14 13:03 - 2012-06-14 13:11 - 01415784 ____A C:\Users\besadmin.president\Desktop\yorkyt.exe
    2012-06-14 12:56 - 2012-05-21 11:59 - 00000000 ___RD C:\Users\rbiv\Dropbox
    2012-06-14 12:56 - 2012-05-21 11:57 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Dropbox
    2012-06-14 12:34 - 2009-07-13 21:10 - 01234102 ____A C:\Windows\WindowsUpdate.log
    2012-06-14 12:34 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-14 12:34 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-14 12:30 - 2012-06-14 12:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-14 12:30 - 2012-06-14 12:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-14 12:30 - 2011-03-11 07:01 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-14 12:30 - 2009-12-28 11:28 - 00747542 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-14 12:27 - 2009-07-13 20:45 - 00446400 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 12:24 - 2012-06-14 12:24 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-06-14 12:24 - 2012-06-14 12:24 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-06-14 12:24 - 2012-06-14 12:24 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-14 12:24 - 2012-06-14 12:24 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-14 12:24 - 2012-06-14 12:24 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-14 12:24 - 2012-06-14 12:24 - 00000000 ____D C:\Users\All Users\Sun
    2012-06-14 12:23 - 2009-12-28 09:55 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-14 12:21 - 2009-12-28 10:01 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-14 12:21 - 2009-12-28 09:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-06-14 12:19 - 2012-06-14 12:19 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Macromedia
    2012-06-14 12:17 - 2012-06-14 12:17 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Adobe
    2012-06-14 12:17 - 2009-12-28 08:22 - 00000000 ____D C:\Users\besadmin.president\AppData\LocalLow
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000008 _RASH C:\Users\besadmin.president\ntuser.pol
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Toshiba
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Nero
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Logitech
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Apple Computer
    2012-06-14 12:11 - 2012-06-14 12:11 - 00000000 ____D C:\Users\besadmin.president\AppData\Local\Apple Computer
    2012-06-14 12:11 - 2009-12-28 08:35 - 00135024 ____A C:\Users\besadmin.president\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-14 12:11 - 2009-12-28 08:22 - 00000000 ____D C:\users\besadmin.president
    2012-06-14 12:11 - 2009-12-18 02:52 - 00069988 ____A C:\Windows\PFRO.log
    2012-06-14 12:10 - 2012-06-14 11:04 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Wuivir
    2012-06-14 11:28 - 2012-06-14 11:28 - 00000000 ____D C:\Users\besadmin.president\AppData\Roaming\Malwarebytes
    2012-06-14 11:28 - 2012-06-14 11:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-14 11:28 - 2012-06-14 11:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-14 11:06 - 2012-06-14 11:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-14 11:05 - 2012-06-14 11:04 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Otiwbo
    2012-06-14 11:04 - 2012-06-14 11:04 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Xeadke
    2012-06-14 11:03 - 2012-06-14 11:03 - 00348672 ____A (Voyetra Turtle Beach, Inc.) C:\Users\rbiv\AppData\Roaming\wrvcap.dll
    2012-06-14 11:03 - 2012-06-14 11:03 - 00123392 __ASH (Duplex Secure Ltd.) C:\Users\rbiv\AppData\Roaming\qutbdg.dll
    2012-06-14 11:03 - 2012-06-14 11:03 - 00000000 ____D C:\Users\All Users\99058D65000077910023DC24B4EB2331
    2012-06-07 11:49 - 2012-01-18 08:46 - 00752128 ____A C:\Users\rbiv\Documents\2012 Territory Map with ALL dealers excluding Nat & Gov 1 16 12.ptm
    2012-06-06 07:49 - 2012-06-06 07:49 - 00766976 ____A C:\Users\rbiv\Desktop\Copy of ezlogbook.xls
    2012-05-30 11:19 - 2012-05-30 11:19 - 01598715 ____A C:\Users\rbiv\Desktop\Cessna172NPOH.pdf
    2012-05-30 11:19 - 2012-05-30 11:19 - 00018253 ____A C:\Users\rbiv\Desktop\checklist_cessan172n.pdf
    2012-05-30 04:49 - 2012-05-21 11:59 - 00000978 ____A C:\Users\rbiv\Desktop\Dropbox.lnk
    2012-05-29 05:46 - 2012-05-29 05:45 - 05478836 ____A C:\Users\rbiv\Desktop\WaveRunner OwnersManual.pdf
    2012-05-22 07:11 - 2010-02-12 09:55 - 00000069 ____A C:\Windows\NeroDigital.ini
    2012-05-22 06:17 - 2010-01-21 12:00 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
    2012-05-21 11:59 - 2009-12-28 09:23 - 00000000 ____D C:\users\rbiv
    2012-05-17 18:47 - 2012-06-14 12:17 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 12:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 12:17 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 12:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-14 12:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-14 12:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-14 12:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-14 12:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 12:17 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 12:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 12:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 12:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 12:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 12:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 12:17 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 12:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 12:17 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 12:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 12:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 12:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 12:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 12:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 12:17 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 12:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 12:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 12:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 12:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 12:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-14 04:43 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 07:59 - 2009-12-18 01:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-11 07:58 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-07 05:57 - 2012-04-12 06:57 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-07 05:57 - 2012-04-12 06:29 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-07 05:57 - 2011-07-08 04:54 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-04 03:06 - 2012-06-14 04:43 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-14 12:16 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-14 04:43 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-14 04:43 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-14 12:16 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-05-02 06:41 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2012-04-30 21:40 - 2012-06-14 04:43 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 21:32 - 2012-06-14 04:43 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 19:55 - 2012-06-14 04:43 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-14 04:43 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-14 04:43 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-14 04:43 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-14 04:43 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-14 04:43 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-14 04:43 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-14 04:43 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-14 04:43 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-14 04:43 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-19 08:13 - 2012-04-10 11:47 - 00073297 ____A C:\Users\rbiv\Documents\NORMAL PROCEDURES.docx
    2012-04-12 06:29 - 2012-04-12 06:29 - 00000000 ____D C:\Windows\System32\Macromed
    2012-04-12 06:27 - 2012-04-12 06:27 - 00209960 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-04-12 06:27 - 2010-01-12 12:16 - 00000000 ____D C:\Users\rbiv\AppData\Roaming\Apple Computer
    2012-04-12 06:27 - 2010-01-12 12:16 - 00000000 ____D C:\Users\rbiv\AppData\Local\Apple Computer
    2012-04-07 04:31 - 2012-06-14 04:43 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-14 04:43 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-04 11:56 - 2012-06-14 11:28 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-02 13:34 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-04-02 05:31 - 2010-04-09 10:42 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-04-02 05:31 - 2010-04-09 10:42 - 00000000 ____D C:\Program Files (x86)\Safari
    2012-04-02 05:29 - 2012-04-02 05:29 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-04-02 05:29 - 2012-04-02 05:29 - 00000000 ____D C:\Program Files\iTunes
    2012-04-02 05:29 - 2012-04-02 05:29 - 00000000 ____D C:\Program Files\iPod
    2012-04-02 05:29 - 2012-04-02 05:29 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-03-30 03:35 - 2012-05-11 04:43 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-21 09:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-03-21 08:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-03-21 08:06 - 2011-07-13 06:17 - 00005094 ____A C:\Windows\IE9_main.log
    2012-03-21 08:05 - 2012-03-21 08:05 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-03-21 08:05 - 2012-03-21 08:05 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-03-21 08:05 - 2012-03-21 08:05 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-03-21 08:05 - 2012-03-21 08:05 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-03-21 08:05 - 2012-03-21 08:05 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-03-21 08:05 - 2012-03-21 08:05 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00072822 ____A C:\Windows\SysWOW64\ieuinit.inf
    2012-03-21 08:05 - 2012-03-21 08:05 - 00072822 ____A C:\Windows\System32\ieuinit.inf
    2012-03-21 08:05 - 2012-03-21 08:05 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-03-21 08:05 - 2012-03-21 08:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-03-21 08:05 - 2012-03-21 08:05 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-03-21 08:05 - 2012-03-21 08:05 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-03-20 16:44 - 2012-03-20 16:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-03-20 16:44 - 2012-03-20 16:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    ZeroAccess:
    C:\Windows\Installer\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}
    C:\Windows\Installer\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}\@
    C:\Windows\Installer\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}\L
    C:\Windows\Installer\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}\U
    ZeroAccess:
    C:\Users\rbiv\AppData\Local\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}
    C:\Users\rbiv\AppData\Local\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}\@
    C:\Users\rbiv\AppData\Local\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}\L
    C:\Users\rbiv\AppData\Local\{e0ee01b0-23a5-5587-6f6f-49237b4e2888}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 10%
    Total physical RAM: 8183.11 MB
    Available physical RAM: 7350.48 MB
    Total Pagefile: 8181.26 MB
    Available Pagefile: 7338.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:489.02 GB) NTFS
    2 Drive e: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
    8 Drive k: () (Removable) (Total:3.74 GB) (Free:3.33 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.38 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 3835 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 916 GB 14 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT Partition 39 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y RECOVERY NTFS Partition 14 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 916 GB Healthy
    ======================================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3827 MB 19 KB
    ======================================================================================================
    Disk: 5
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K FAT32 Removable 3827 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-08 04:46
    ======================= End Of Log ==========================
     
  3. MazanSM

    MazanSM TS Rookie Topic Starter

    Here is search for services.exe result.

    Farbar Recovery Scan Tool Version: 14-06-2012
    Ran by SYSTEM at 2012-06-15 10:27:59
    Running from K:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======

    Thanks!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  5. MazanSM

    MazanSM TS Rookie Topic Starter

    Thanks so much for your reply. I work in the ITTeam here, and as I said I kind of moved ahead as much as I could... I know you are very busy as well. Anyway I used a fixlist.txt file I customized my self and it successfully stopped the rebooting. Then I Ran ComboFix, Malwarebytes, Updated Java, And ESET Online Scanner. After ComboFix everything came up clean and seems to be working correctly.

    I am sorry I moved forward, I was just under an intense time constraint.

    I really appreciate your reply and hope I can come to you again if I ever find it necessary?

    Anything else you think I should do or need from me on this issue?

    Truly, thanks again for your help with this. This forum is the only thing that got me on the correct path to resolving this issue.

    Thanks!
    - S
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Well, if no more issues and you handled everything by yourself....good luck :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...