Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Cybercrime Division Ransomware Removal Guide


  • This topic is locked This topic is locked
8 replies to this topic

#1 sparky494

sparky494

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:04:06 AM

Posted 14 August 2013 - 10:16 AM

computer goes to FBI Cybercrime Division home screen and I can not access anything on my pc.

I do have a notebook laptop that I am using for this website.

I have an 8G USB drive that has hitmanpro on it but since my laptop(32bit) and pc(64bit) are not the same bit I can not run it on my laptop to update it.

also i do not know how to boot my pc from usb drive.  so what i have tried is to use command prompt under System Recovery tool to run hitmanpro install kickstart. it completes, i agree to the terms and hit next.

i select "no, i only want to preform a one-time scan to check this pc"

hit next

and now it says "no internet connection ...

waiting for internet connection.

 

 

That's where i am,

i am stuck and need help

\

Thankyou, sparky494

 

 



BC AdBot (Login to Remove)

 


#2 sparky494

sparky494
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:04:06 AM

Posted 14 August 2013 - 12:51 PM

I started the pc in safe mode with command prompting opened notebook selected right clicked c drive scan with malwarebytes. 

 

malware bites found two threats and quarantined  them and prompted to restart. 

i restarted normally and ran a quick scan in malwarebytes it again found two threats i deleted them and restarted normally i again ran malwarebytes and it found 1 threat Trojan.ransom and i deleted.



#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:06 AM

Posted 14 August 2013 - 04:07 PM

Hello sparky494, and welcome!
 
Do you still need assistance with this issue? If so, I'll be glad to help you! :)
 
If you're able to boot normally, please re-open MBAM (Malwarebytes) and post me the logs from the scans you ran. Please copy and paste all logs...do not attach them unless otherwise instructed.
 
Next, we'll get another log:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach that one only to your reply.
bloopie

#4 sparky494

sparky494
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:04:06 AM

Posted 15 August 2013 - 09:58 AM

 The scan that I ran in safe mode is not in the log file

 

Malwarebytes Anti-Malware 1.75.0.1300
 

Database version: v2013.08.09.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16635
Shane :: SHANE-PC [administrator]

8/14/2013 6:53:20 PM
mbam-log-2013-08-14 (18-53-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232049
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\Shane\AppData\Roaming\dbu32.ocx,explorer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Shane\AppData\Roaming\dbu32.ocx (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

 

 

Database version: v2013.08.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Shane :: SHANE-PC [administrator]

8/14/2013 7:15:04 PM
mbam-log-2013-08-14 (19-15-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233674
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Shane\Desktop\fama.tmp (Trojan.Ransom.PA) -> Quarantined and deleted successfully.



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:06 AM

Posted 15 August 2013 - 12:04 PM

Hello again,

Thanks for the logs, but do you still need assistance with your computer? If so, please follow the instructions in my previous post.

bloopie

#6 sparky494

sparky494
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:04:06 AM

Posted 15 August 2013 - 02:55 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Shane (administrator) on 15-08-2013 14:52:56
Running from C:\Users\Shane\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Advanced Micro Devices) c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - TRY THXCFG64 [x]
HKLM\...\Run: [RunDLLEntry_EptMon] - 64 [x]
HKLM\...\Run: [ATT-SST_McciTrayApp] - C:\Program Files\ATT-SST\pcTrayApp.exe [2794496 2013-05-07] (Alcatel-Lucent)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-07] (Dell)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-14] (SUPERAntiSpyware)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {E399040A-E279-40F5-88CF-602AB1B94FA3} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {D92238C8-A7A6-4671-AAE0-81B822638BA8} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {D92238C8-A7A6-4671-AAE0-81B822638BA8} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623022505.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623022505.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: msdaipp - No CLSID Value -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-21] (SUPERAntiSpyware.com)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 dgderdrv; C:\Windows\SysWow64\drivers\dgderdrv.sys [20032 2011-08-23] (Devguru Co., Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
U3 mfeavfk01; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-14 18:32 - 2013-08-14 18:41 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-14 13:12 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 13:12 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 13:12 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 13:12 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 13:12 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 13:12 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 13:12 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 13:12 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 13:12 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 13:12 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 13:12 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 13:12 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 13:12 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 13:12 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 13:12 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 13:12 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 13:12 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 13:12 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 13:12 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 13:11 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 13:11 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 13:11 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:11 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 13:11 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 13:11 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 13:11 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 13:11 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 13:11 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 13:11 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 13:11 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 13:11 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 13:05 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:05 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:05 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 13:05 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 13:05 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 13:05 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 13:04 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 13:04 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 13:04 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:04 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 13:04 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:04 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:04 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:04 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:04 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 13:04 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 13:04 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 13:04 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 13:04 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 13:04 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 13:04 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 13:04 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 13:04 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 13:04 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 13:04 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 13:04 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 13:04 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 01:14 - 2013-08-14 01:14 - 00000000 ____D C:\FRST
2013-08-13 20:29 - 2013-08-13 20:29 - 00000000 ____D C:\ProgramData\wujk
2013-08-12 11:06 - 2013-08-12 11:06 - 00000150 _____ C:\Users\Shane\Desktop\Stone & Webster.url
2013-08-12 10:48 - 2013-08-12 10:48 - 00000000 ____D C:\Users\Shane\AppData\Local\{6A113CC9-D07A-4A8A-B852-ACE5E716E49F}
2013-08-09 10:33 - 2013-08-09 10:33 - 00002308 _____ C:\Users\Shane\Desktop\2013 fantasy sleepers - Yahoo! Sports.url
2013-08-08 09:22 - 2013-08-08 09:26 - 00000000 ____D C:\Users\Shane\Desktop\screen
2013-08-04 13:18 - 2013-08-12 11:44 - 00000000 ____D C:\Users\Shane\Desktop\Indiana Unemploymet
2013-08-02 15:26 - 2013-08-02 15:26 - 00002169 _____ C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
2013-08-02 15:24 - 2013-08-02 15:25 - 00000000 ____D C:\Program Files\ATT-SST
2013-08-02 15:24 - 2013-08-02 15:25 - 00000000 ____D C:\Program Files (x86)\ATT-SST
2013-08-02 15:13 - 2013-08-02 15:13 - 00385904 _____ C:\Users\Shane\Desktop\ATT_SST.exe
2013-07-30 21:23 - 2013-07-30 21:23 - 00173297 _____ C:\Users\Shane\Desktop\DJ_Rectangle-DJ_Rectangle's_Big_Adventure-DuRRTY.mp3.zip
2013-07-30 21:23 - 2013-07-30 21:23 - 00002120 _____ C:\Users\Shane\AppData\Local\rx_audio.Cache
2013-07-30 21:23 - 2013-07-30 21:23 - 00000000 _____ C:\Users\Shane\AppData\Local\rx_image32.Cache
2013-07-30 02:07 - 2013-07-30 02:07 - 00000353 _____ C:\Users\Shane\Desktop\Naughty By Nature - Hip Hop Hooray HQ - YouTube.url
2013-07-29 23:31 - 2013-07-29 23:31 - 00000266 _____ C:\Users\Shane\Desktop\DJ Rectangle - Rectangle's Big Adventure [Full Mixtape] - YouTube.url
2013-07-29 22:51 - 2013-07-29 22:51 - 00000353 _____ C:\Users\Shane\Desktop\DJ Rectangle.wmv - YouTube.url
2013-07-20 12:24 - 2013-08-14 13:06 - 00000000 ____D C:\Windows\system32\MRT
2013-07-16 08:56 - 2013-07-16 08:56 - 03114564 _____ C:\Users\Shane\Downloads\Attachments_2013716.zip
2013-07-16 08:47 - 2013-07-16 08:47 - 00000000 ____D C:\Users\Shane\Desktop\Alarm Lists

==================== One Month Modified Files and Folders =======

2013-08-15 14:51 - 2013-08-15 14:51 - 01575570 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
2013-08-15 14:37 - 2012-12-26 23:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 14:37 - 2011-01-17 17:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 14:00 - 2013-06-02 20:07 - 00000330 ____H C:\Windows\Tasks\{1F3CAD3C-9080-434C-A4BA-594D0BF55CDB}.job
2013-08-15 10:56 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 10:56 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 10:47 - 2011-01-17 17:18 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 10:47 - 2010-12-23 14:09 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-15 10:47 - 2010-12-23 14:09 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-15 10:47 - 2010-12-23 13:42 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-15 10:46 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 10:46 - 2009-07-13 23:51 - 00111363 _____ C:\Windows\setupact.log
2013-08-15 10:45 - 2009-07-14 00:10 - 01405943 _____ C:\Windows\WindowsUpdate.log
2013-08-14 22:53 - 2011-10-12 20:46 - 00516096 ___SH C:\Users\Shane\Desktop\Thumbs.db
2013-08-14 22:11 - 2012-06-08 13:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 18:41 - 2013-08-14 18:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-14 17:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 14:24 - 2013-05-27 13:40 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-08-14 13:24 - 2009-07-13 21:34 - 00000499 _____ C:\Windows\win.ini
2013-08-14 13:09 - 2009-07-14 00:13 - 00744474 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 13:07 - 2013-07-20 12:24 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 13:06 - 2011-01-04 18:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:29 - 2010-12-23 15:29 - 00599822 _____ C:\Windows\PFRO.log
2013-08-14 01:14 - 2013-08-14 01:14 - 00000000 ____D C:\FRST
2013-08-13 20:29 - 2013-08-13 20:29 - 00000000 ____D C:\ProgramData\wujk
2013-08-13 16:39 - 2013-03-16 21:26 - 00000000 ____D C:\Users\Shane\AppData\Roaming\vlc
2013-08-12 17:00 - 2011-06-05 11:41 - 00000000 ____D C:\Users\Shane\Desktop\ImpalaSS
2013-08-12 12:09 - 2012-03-05 11:01 - 00000000 ____D C:\Users\Shane\Desktop\ShaneReferance
2013-08-12 11:44 - 2013-08-04 13:18 - 00000000 ____D C:\Users\Shane\Desktop\Indiana Unemploymet
2013-08-12 11:06 - 2013-08-12 11:06 - 00000150 _____ C:\Users\Shane\Desktop\Stone & Webster.url
2013-08-12 10:48 - 2013-08-12 10:48 - 00000000 ____D C:\Users\Shane\AppData\Local\{6A113CC9-D07A-4A8A-B852-ACE5E716E49F}
2013-08-11 19:26 - 2010-12-23 14:03 - 00000000 ____D C:\Program Files\McAfee
2013-08-09 10:33 - 2013-08-09 10:33 - 00002308 _____ C:\Users\Shane\Desktop\2013 fantasy sleepers - Yahoo! Sports.url
2013-08-08 09:54 - 2012-02-01 15:18 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-08 09:26 - 2013-08-08 09:22 - 00000000 ____D C:\Users\Shane\Desktop\screen
2013-08-05 11:05 - 2011-01-09 13:44 - 00000000 ___RD C:\Users\Shane\Desktop\Young Bucc's
2013-08-02 17:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-02 15:26 - 2013-08-02 15:26 - 00002169 _____ C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
2013-08-02 15:25 - 2013-08-02 15:24 - 00000000 ____D C:\Program Files\ATT-SST
2013-08-02 15:25 - 2013-08-02 15:24 - 00000000 ____D C:\Program Files (x86)\ATT-SST
2013-08-02 15:24 - 2013-02-08 09:35 - 00000000 ____D C:\Program Files\Common Files\Motive
2013-08-02 15:16 - 2013-02-08 10:31 - 00003196 _____ C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2013-08-02 15:13 - 2013-08-02 15:13 - 00385904 _____ C:\Users\Shane\Desktop\ATT_SST.exe
2013-07-30 21:23 - 2013-07-30 21:23 - 00173297 _____ C:\Users\Shane\Desktop\DJ_Rectangle-DJ_Rectangle's_Big_Adventure-DuRRTY.mp3.zip
2013-07-30 21:23 - 2013-07-30 21:23 - 00002120 _____ C:\Users\Shane\AppData\Local\rx_audio.Cache
2013-07-30 21:23 - 2013-07-30 21:23 - 00000000 _____ C:\Users\Shane\AppData\Local\rx_image32.Cache
2013-07-30 02:07 - 2013-07-30 02:07 - 00000353 _____ C:\Users\Shane\Desktop\Naughty By Nature - Hip Hop Hooray HQ - YouTube.url
2013-07-29 23:31 - 2013-07-29 23:31 - 00000266 _____ C:\Users\Shane\Desktop\DJ Rectangle - Rectangle's Big Adventure [Full Mixtape] - YouTube.url
2013-07-29 22:51 - 2013-07-29 22:51 - 00000353 _____ C:\Users\Shane\Desktop\DJ Rectangle.wmv - YouTube.url
2013-07-29 09:51 - 2011-02-02 19:36 - 00000000 ____D C:\Users\Shane\AppData\Local\Adobe
2013-07-29 09:29 - 2012-12-26 23:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-29 09:29 - 2012-12-26 23:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 09:29 - 2012-12-26 23:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-28 09:37 - 2013-05-27 13:39 - 00000000 ____D C:\Program Files\My Dell
2013-07-28 09:37 - 2011-01-05 17:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-27 10:41 - 2011-01-17 17:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 00:13 - 2013-08-14 13:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 00:13 - 2013-08-14 13:11 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 00:13 - 2013-08-14 13:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 00:12 - 2013-08-14 13:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 00:12 - 2013-08-14 13:11 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 00:12 - 2013-08-14 13:11 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 00:12 - 2013-08-14 13:11 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 00:12 - 2013-08-14 13:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:35 - 2013-08-14 13:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 22:13 - 2013-08-14 13:11 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 22:13 - 2013-08-14 13:11 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 22:12 - 2013-08-14 13:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 22:12 - 2013-08-14 13:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 22:12 - 2013-08-14 13:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 22:12 - 2013-08-14 13:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 22:12 - 2013-08-14 13:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 22:12 - 2013-08-14 13:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 22:12 - 2013-08-14 13:11 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 22:12 - 2013-08-14 13:11 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 22:12 - 2013-08-14 13:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 22:11 - 2013-08-14 13:12 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 22:11 - 2013-08-14 13:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 21:49 - 2013-08-14 13:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 21:39 - 2013-08-14 13:12 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 20:59 - 2013-08-14 13:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 04:25 - 2013-08-14 13:04 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 03:57 - 2013-08-14 13:04 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-18 20:58 - 2013-08-14 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-18 20:41 - 2013-08-14 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-16 08:56 - 2013-07-16 08:56 - 03114564 _____ C:\Users\Shane\Downloads\Attachments_2013716.zip
2013-07-16 08:47 - 2013-07-16 08:47 - 00000000 ____D C:\Users\Shane\Desktop\Alarm Lists

Files to move or delete:
====================
C:\ProgramData\lbav.bat
C:\ProgramData\lbav.pad
C:\ProgramData\lbav.reg
C:\Users\Shane\acrobat.exe
C:\Users\Shane\chrome.exe
C:\Users\Shane\teamviewer.exe
C:\Windows\Tasks\{1F3CAD3C-9080-434C-A4BA-594D0BF55CDB}.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-12 00:48

==================== End Of Log ============================

Attached Files


Edited by sparky494, 15 August 2013 - 02:59 PM.


#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:06 AM

Posted 15 August 2013 - 04:49 PM

Hello again,

Lets remove some leftovers:

Step :step1:

Download Attached File  fixlist.txt   387bytes   2 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.
 
==========
 
Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Please include both requested logs in your next reply, and please let me know how the machine is behaving now!!

bloopie



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:06 AM

Posted 19 August 2013 - 03:38 PM

Hello again,

Are you still with me? :)

This is a Topic Bump! It has been several days since my last post. If you still wish to receive help please follow those instructions from my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:06 AM

Posted 21 August 2013 - 04:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users