NSA virus that will not let me use safe mode

roeb21 · Nov 6, 2013

I a NSA virus or fbi moneygram virus and I am having trouble getting rid of it I have tried FRST.exe and I got nothing on the notepad I tried Hitman pro and I got nothing, I need help ASAP because I need to finish some work

TwinHeadedEagle · Nov 6, 2013

What is the version of your system? Windows XP/Vista/7/8?

roeb21 · Nov 6, 2013

I have windows 7

TwinHeadedEagle · Nov 6, 2013

Please print these instruction out so that you know what you are doing

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Download List Parts and save it to the flash drive also.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note If you do not know how to set your computer to boot from CD follow the steps here
Wait for the CD to detect your hardware and load the operating system
Your system should now display a Reatogo desktop
Note as you are running from CD it is not exactly speedy
Insert the USB with FRST
Locate the flash drive with FRST and double click
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Next click List Parts and then click Scan
It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

roeb21 · Nov 6, 2013

I'm doing this now

roeb21 · Nov 6, 2013

I got no results in both list parts and farbar

TwinHeadedEagle · Nov 6, 2013

roeb21 said:
I got no results in both list parts and farbar

How? Did you do like in instructions?

roeb21 · Nov 7, 2013

I did but I got no results

roeb21 · Nov 7, 2013

I TRIED IT AGAIN AND I GOT MY RESULTS AND HERE THEY ARE

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on REATOGO on 07-11-2013 09:38:42
Running from D:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM\...\Run: [HotKeysCmds] - DOWS\SYSTEM32\HKCMD.EXE
HKLM\...\Run: [Persistence] - DOWS\SYSTEM32\IGFXPERS.EXE
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - T.EXE
HKLM\...\Run: [AdobeAAMUpdater-1.0] - FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE"
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [WD Quick View] - DIGITAL\WD SMARTWARE\WDDMSTATUS.EXE
HKLM\...\Run: [qdatrp] - DEX
HKLM\...\Run: [MRT] - DOWS\SYSTEM32\MRT.EXE" /R
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Ballard\...\Run: [Spotify Web Helper] - C:\Users\Ballard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-10-10] (Spotify Ltd)
HKU\Ballard\...\Run: [Spotify] - C:\Users\Ballard\AppData\Roaming\Spotify\spotify.exe [ 2013-10-10] (Spotify Ltd)
HKU\Ballard\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe [ 2013-06-19] () <===== ATTENTION
HKU\Ballard\...\Run: [Regedit32] - C:\windows\system32\regedit.exe
HKU\Ballard\...\Run: [KineticJump] - rundll32 "C:\Users\Ballard\AppData\Local\Deployment\KineticJump\hmakdlea.dll",DllRegisterServer <===== ATTENTION
HKU\Ballard\...\Run: [PXQsoft Update] - regsvr32.exe C:\Users\Ballard\AppData\Local\PXQsoft\ir32_32.dll
HKU\Ballard\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [ 2013-10-28] ()
HKU\Ballard\...\Run: [Google Update] - [x]
HKU\Ballard\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [ 2013-09-25] (Updater)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [ 2013-11-04] ()
Startup: C:\Users\Ballard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Ballard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lafrejwmq.lnk
ShortcutTarget: lafrejwmq.lnk -> C:\PROGRA~3\qmwjerfal.dss (Kungyokudo, Inc)

========================== Services (Whitelisted) =================

S2 70e6ca8c; c:\progra~2\optimi~1\OptProCrash.exe [143488 2013-11-04] ()
S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928 2012-04-03] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-10-08] (Adobe Systems Incorporated)
S2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208 2009-11-17] (Andrea Electronics Corporation)
S2 AffinegyService; C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe [564072 2010-07-28] (Affinegy, Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-18] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 CodeMeter.exe; C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
S2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822504 2013-04-22] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-11-04] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-11-04] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2013-11-04] (Google)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2010-06-08] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 NAUpdate; C:\Program Files (x86)\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944 2013-06-26] (Microsoft Corporation)
S2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
S3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528 2013-06-26] (Microsoft Corporation)
S2 Update LinkSwift; C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [65312 2013-11-02] (LinkSwift)
S2 Winmgmt; C:\PROGRA~3\lafrejwmq.pss [61024 2013-11-04] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ \...\???\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2374656 2010-09-26] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7370304 2009-11-06] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2395880 2010-06-14] (Realtek Semiconductor Corp.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [29720 2010-07-29] (Initio Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [76912 2010-06-25] (Atheros Communications, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 NUMARK_NS7_MIDI; C:\Windows\System32\drivers\ns7_midi.sys [31296 2010-04-22] (Numark)
S3 NUMARK_NS7_USB; C:\Windows\System32\Drivers\ns7_usb.sys [402496 2010-04-22] (Ploytec GmbH)
S3 NUMARK_NS7_WDM; C:\Windows\System32\drivers\ns7_wdm.sys [50240 2010-04-22] (Numark)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55856 2010-03-19] (Sonic Solutions)
S3 USB_RNDIS_51; C:\Windows\System32\DRIVERS\usb8023.sys [19968 2013-02-11] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-06 08:51 - 2013-11-06 08:51 - 00000000 ____D C:\FRST
2013-11-05 10:56 - 2013-11-05 10:56 - 00006704 ____N C:\bootsqm.dat
2013-11-04 19:50 - 2013-11-04 19:50 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Google
2013-11-04 19:43 - 2013-11-05 09:58 - 00000000 ____D C:\Program Files\Google
2013-11-04 19:43 - 2013-11-04 19:43 - 00000000 ____D C:\Users\Ballard\AppData\Local\Real
2013-11-04 19:40 - 2013-11-04 19:40 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-04 19:40 - 2013-11-04 19:40 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-04 19:40 - 2013-11-04 19:40 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-04 19:39 - 2013-11-04 19:39 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-11-04 19:39 - 2013-11-04 19:39 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Optimizer Pro
2013-11-04 19:38 - 2013-11-04 19:42 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Real
2013-11-04 19:37 - 2013-11-04 19:51 - 00000000 ____D C:\Users\Ballard\AppData\Local\Google
2013-11-04 19:37 - 2013-11-04 19:37 - 00000000 ____D C:\Users\Ballard\AppData\Local\TNT2
2013-11-04 19:33 - 2013-11-04 19:48 - 00675988 _____ C:\Users\Ballard\Downloads\Minecraft172.exe
2013-11-04 19:33 - 2013-11-04 19:33 - 00001068 _____ C:\Users\Ballard\Desktop\Optimizer Pro.lnk
2013-11-04 19:32 - 2013-11-05 09:56 - 00000000 ____D C:\Users\Ballard\AppData\Local\WordLayers
2013-11-04 19:32 - 2013-11-05 09:56 - 00000000 ____D C:\Users\Ballard\AppData\Local\TidyNetwork
2013-11-04 17:12 - 2013-11-05 09:56 - 00000000 ____D C:\Users\Ballard\AppData\Local\PXQsoft
2013-11-01 11:40 - 2013-11-01 11:42 - 193305953 _____ C:\Users\Ballard\Desktop\Eminem-The_Marshall_Mathers_LP_2-(Deluxe_Edition)-2CD-2013-CR.rar
2013-10-31 22:12 - 2013-10-31 22:12 - 68592483 _____ C:\Users\Ballard\Desktop\FNO_Failures_N

ption-(DatPiff.com).zip
2013-10-31 11:20 - 2013-10-31 11:20 - 00000000 __SHD C:\found.000
2013-10-30 13:35 - 2013-10-30 13:35 - 00000000 ____D C:\Users\Ballard\Desktop\Eminem - Marshall Mathers LP 2 (Album) [mp3]
2013-10-29 22:24 - 2013-10-29 22:25 - 577931594 _____ C:\Users\Ballard\Desktop\The Wolverine.mkv
2013-10-29 21:59 - 2013-10-29 21:59 - 00000000 ____D C:\Users\Ballard\Documents\Halloween mashup mix_data
2013-10-29 21:51 - 2013-10-29 21:51 - 00000000 ____D C:\Users\Ballard\Documents\libmp3lame-win-3.98.2
2013-10-29 19:31 - 2013-11-05 09:56 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Audacity
2013-10-29 19:31 - 2013-10-29 19:31 - 00000000 ____D C:\Users\Ballard\Documents\audacity-win-2.0.5
2013-10-29 19:31 - 2013-10-18 17:08 - 07457792 _____ (The Audacity Team) C:\Users\Ballard\Desktop\audacity.exe
2013-10-28 14:52 - 2013-10-28 10:22 - 500272757 _____ C:\Users\Ballard\Desktop\RED 2.mkv
2013-10-28 14:04 - 2013-10-28 08:16 - 495205534 _____ C:\Users\Ballard\Desktop\Riddick.mkv
2013-10-25 18:34 - 2013-10-25 02:28 - 391007856 _____ C:\Users\Ballard\Desktop\Turbo.mkv
2013-10-21 20:49 - 2013-10-21 20:49 - 00477860 _____ C:\Users\Ballard\Documents\ECO 372 All Work-Includes All DQs, Individual and Team Assignments.zip
2013-10-21 17:38 - 2013-10-21 17:38 - 00000000 ____D C:\PetsFunHouse
2013-10-21 17:37 - 2013-10-21 17:37 - 00000000 ____D C:\Games
2013-10-10 22:28 - 2013-10-09 08:58 - 731732628 _____ C:\Users\Ballard\Desktop\Monster University.mkv
2013-10-10 19:01 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 19:01 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 19:01 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 19:01 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 19:01 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 19:01 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-10 19:01 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 19:01 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-10 19:01 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 19:01 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 19:01 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-10 19:01 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-08 20:24 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-08 20:24 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 20:24 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-08 20:24 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-08 20:24 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-08 20:24 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-08 20:24 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 20:24 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 20:24 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 20:24 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-08 20:24 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 20:24 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 20:21 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-08 20:21 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-08 20:21 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-08 20:21 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-08 20:21 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-08 20:21 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-08 20:20 - 2013-09-13 20:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-08 20:20 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-08 20:20 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-08 20:20 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 20:20 - 2013-09-03 20:37 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-08 20:20 - 2013-09-03 20:37 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-08 20:20 - 2013-09-03 20:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-08 20:20 - 2013-09-03 20:37 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-08 20:20 - 2013-09-03 20:37 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-08 20:20 - 2013-09-03 20:37 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-08 20:20 - 2013-09-03 20:37 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-08 20:20 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-08 20:20 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-08 20:20 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-08 20:20 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-08 20:20 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-08 20:20 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 20:20 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 20:20 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 20:20 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 20:20 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 20:20 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 20:20 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 20:20 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 20:20 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 20:20 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 20:20 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-08 20:20 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-08 20:20 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-08 20:20 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:20 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:20 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-08 20:20 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-08 20:20 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 20:20 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 20:20 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-08 18:48 - 2013-10-08 18:48 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2013-11-06 12:08 - 2009-07-13 23:51 - 00120777 _____ C:\Windows\setupact.log
2013-11-06 09:26 - 2013-02-11 11:33 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Spotify
2013-11-06 09:26 - 2012-02-01 22:55 - 01204970 _____ C:\Windows\WindowsUpdate.log
2013-11-06 08:51 - 2013-11-06 08:51 - 00000000 ____D C:\FRST
2013-11-06 08:51 - 2012-02-13 14:55 - 00000000 ____D C:\users\Ballard
2013-11-06 08:51 - 2009-07-13 22:20 - 00000000 ___RD C:\users\Public
2013-11-06 06:58 - 2010-11-20 22:47 - 00257866 _____ C:\Windows\PFRO.log
2013-11-06 06:18 - 2012-02-13 16:23 - 00000000 ____D C:\Users\Ballard\AppData\Local\Nero
2013-11-06 06:10 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 06:10 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 12:42 - 2012-02-01 23:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-05 12:42 - 2012-02-01 23:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-05 11:12 - 2013-01-13 16:44 - 01435648 ___SH C:\Users\Ballard\Desktop\Thumbs.db
2013-11-05 10:56 - 2013-11-05 10:56 - 00006704 ____N C:\bootsqm.dat
2013-11-05 10:01 - 2012-07-25 13:03 - 00000000 ____D C:\Windows\usb-audio.deNumarkNS7
2013-11-05 10:01 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-11-05 10:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-05 10:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\wfp
2013-11-05 10:01 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-05 10:01 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-11-05 10:00 - 2013-03-17 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-05 10:00 - 2012-03-27 18:05 - 00000000 ___SD C:\Users\Ballard\Documents\My Data Sources
2013-11-05 10:00 - 2012-03-26 01:42 - 00000000 ____D C:\Program Files\WinRAR
2013-11-05 10:00 - 2012-02-20 13:29 - 00000000 ____D C:\Program Files\American Audio ASIO Driver 1.20
2013-11-05 10:00 - 2012-02-17 10:53 - 00000000 ____D C:\Program Files\American Audio ASIO Driver 1.07
2013-11-05 10:00 - 2012-02-13 16:22 - 00000000 ___RD C:\Users\Ballard\Desktop\MySyncUPFiles
2013-11-05 10:00 - 2012-02-02 00:43 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-05 10:00 - 2012-02-01 23:08 - 00000000 ____D C:\Program Files\Dell Games Folder
2013-11-05 10:00 - 2012-02-01 22:58 - 00000000 ____D C:\Program Files\DellTPad
2013-11-05 10:00 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-05 10:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-05 10:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-05 10:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-05 09:59 - 2013-09-01 18:30 - 00000000 ___SD C:\ComboFix
2013-11-05 09:58 - 2013-11-04 19:43 - 00000000 ____D C:\Program Files\Google
2013-11-05 09:58 - 2013-02-11 11:33 - 00000000 ____D C:\Users\Ballard\AppData\Local\Deployment
2013-11-05 09:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-11-05 09:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-05 09:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-05 09:58 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2013-11-05 09:56 - 2013-11-04 19:32 - 00000000 ____D C:\Users\Ballard\AppData\Local\WordLayers
2013-11-05 09:56 - 2013-11-04 19:32 - 00000000 ____D C:\Users\Ballard\AppData\Local\TidyNetwork
2013-11-05 09:56 - 2013-11-04 17:12 - 00000000 ____D C:\Users\Ballard\AppData\Local\PXQsoft
2013-11-05 09:56 - 2013-10-29 19:31 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Audacity
2013-11-05 09:56 - 2013-07-22 14:19 - 00000000 ____D C:\Users\Ballard\Documents\jj things
2013-11-05 09:56 - 2013-05-29 19:56 - 00000000 ___RD C:\Users\Ballard\Dropbox
2013-11-05 09:56 - 2013-05-15 01:03 - 00000000 ____D C:\Users\Ballard\Documents\Stuff
2013-11-05 09:55 - 2012-02-02 00:43 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-05 09:55 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-11-05 09:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2013-11-05 09:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-11-05 09:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-11-05 09:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\LogFiles
2013-11-05 09:21 - 2013-05-29 19:53 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Dropbox
2013-11-04 19:51 - 2013-11-04 19:37 - 00000000 ____D C:\Users\Ballard\AppData\Local\Google
2013-11-04 19:50 - 2013-11-04 19:50 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Google
2013-11-04 19:48 - 2013-11-04 19:33 - 00675988 _____ C:\Users\Ballard\Downloads\Minecraft172.exe
2013-11-04 19:43 - 2013-11-04 19:43 - 00000000 ____D C:\Users\Ballard\AppData\Local\Real
2013-11-04 19:42 - 2013-11-04 19:38 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Real
2013-11-04 19:40 - 2013-11-04 19:40 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-11-04 19:40 - 2013-11-04 19:40 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-11-04 19:40 - 2013-11-04 19:40 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-11-04 19:40 - 2012-06-08 02:31 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-11-04 19:39 - 2013-11-04 19:39 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-11-04 19:39 - 2013-11-04 19:39 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Optimizer Pro
2013-11-04 19:37 - 2013-11-04 19:37 - 00000000 ____D C:\Users\Ballard\AppData\Local\TNT2
2013-11-04 19:34 - 2013-09-07 22:32 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\.minecraft
2013-11-04 19:33 - 2013-11-04 19:33 - 00001068 _____ C:\Users\Ballard\Desktop\Optimizer Pro.lnk
2013-11-04 19:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-11-04 19:28 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-04 11:34 - 2013-02-11 11:34 - 00000000 ____D C:\Users\Ballard\AppData\Local\Spotify
2013-11-04 11:29 - 2012-02-13 16:52 - 00001830 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-11-03 12:31 - 2012-02-13 17:09 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\SoftGrid Client
2013-11-02 15:09 - 2013-09-02 22:04 - 00001041 _____ C:\Users\Ballard\AppData\Roaming\vso_ts_preview.xml
2013-11-02 15:09 - 2012-06-08 02:32 - 00000000 ____D C:\Users\Ballard\AppData\Roaming\Vso
2013-11-02 14:03 - 2012-06-08 02:39 - 00000000 ____D C:\Users\Ballard\Documents\ConvertXToDVD
2013-11-01 17:56 - 2012-04-01 13:28 - 00011264 _____ C:\Users\Ballard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-01 11:42 - 2013-11-01 11:40 - 193305953 _____ C:\Users\Ballard\Desktop\Eminem-The_Marshall_Mathers_LP_2-(Deluxe_Edition)-2CD-2013-CR.rar
2013-10-31 22:12 - 2013-10-31 22:12 - 68592483 _____ C:\Users\Ballard\Desktop\FNO_Failures_N

ption-(DatPiff.com).zip
2013-10-31 11:20 - 2013-10-31 11:20 - 00000000 __SHD C:\found.000
2013-10-30 13:35 - 2013-10-30 13:35 - 00000000 ____D C:\Users\Ballard\Desktop\Eminem - Marshall Mathers LP 2 (Album) [mp3]
2013-10-29 22:25 - 2013-10-29 22:24 - 577931594 _____ C:\Users\Ballard\Desktop\The Wolverine.mkv
2013-10-29 21:59 - 2013-10-29 21:59 - 00000000 ____D C:\Users\Ballard\Documents\Halloween mashup mix_data
2013-10-29 21:51 - 2013-10-29 21:51 - 00000000 ____D C:\Users\Ballard\Documents\libmp3lame-win-3.98.2
2013-10-29 19:31 - 2013-10-29 19:31 - 00000000 ____D C:\Users\Ballard\Documents\audacity-win-2.0.5
2013-10-28 10:22 - 2013-10-28 14:52 - 500272757 _____ C:\Users\Ballard\Desktop\RED 2.mkv
2013-10-28 08:16 - 2013-10-28 14:04 - 495205534 _____ C:\Users\Ballard\Desktop\Riddick.mkv
2013-10-25 02:28 - 2013-10-25 18:34 - 391007856 _____ C:\Users\Ballard\Desktop\Turbo.mkv
2013-10-21 20:49 - 2013-10-21 20:49 - 00477860 _____ C:\Users\Ballard\Documents\ECO 372 All Work-Includes All DQs, Individual and Team Assignments.zip
2013-10-21 17:38 - 2013-10-21 17:38 - 00000000 ____D C:\PetsFunHouse
2013-10-21 17:37 - 2013-10-21 17:37 - 00000000 ____D C:\Games
2013-10-18 17:08 - 2013-10-29 19:31 - 07457792 _____ (The Audacity Team) C:\Users\Ballard\Desktop\audacity.exe
2013-10-13 17:07 - 2013-05-29 19:56 - 00001029 _____ C:\Users\Ballard\Desktop\Dropbox.lnk
2013-10-11 01:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 00:37 - 2013-06-08 12:39 - 00000000 ____D C:\Users\Ballard\AppData\Local\KineticJump
2013-10-10 19:23 - 2009-07-13 23:45 - 00273872 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 18:57 - 2011-11-16 14:25 - 00773940 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 18:50 - 2013-07-16 03:01 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 18:45 - 2012-02-27 01:15 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 08:58 - 2013-10-10 22:28 - 731732628 _____ C:\Users\Ballard\Desktop\Monster University.mkv
2013-10-08 18:48 - 2013-10-08 18:48 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-08 18:48 - 2012-09-12 22:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 18:48 - 2012-02-01 22:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 14:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF

ZeroAccess:
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}

ZeroAccess:
C:\Users\Ballard\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe
ZeroAccess:
C:\Users\Ballard\AppData\Local\Google\Desktop\Install
C:\Users\Ballard\govlog.dat
C:\Windows\Tasks\{9E7099A3-7697-4F1F-B498-15A43DEE9854}.job

Some content of TEMP:
====================
C:\Users\Ballard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Ballard\AppData\Local\Temp\lowproc.exe
C:\Users\Ballard\AppData\Local\Temp\msvcr90.dll
C:\Users\Ballard\AppData\Local\Temp\oi_{4151D6A1-D5D9-4AD2-9A3C-6858B48C9A21}.exe
C:\Users\Ballard\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Ballard\AppData\Local\Temp\sqlite3.dll
C:\Users\Ballard\AppData\Local\Temp\stubhelper.dll
C:\Users\Ballard\AppData\Local\Temp\~tmf6855437972405059992.dll

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-11-16 14:04] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2010-11-20 22:24] - [2010-11-20 22:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 18:52] - [2009-07-13 20:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2010-11-20 22:24] - [2010-11-20 22:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\Drivers\volsnap.sys
[2010-11-20 22:23] - [2010-11-20 22:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

1
Restore point made on: 2013-10-26 02:45:01

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3546.29 MB
Available physical RAM: 3194.18 MB
Total Pagefile: 3368.19 MB
Available Pagefile: 3295.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1989.76 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:241.54 GB) NTFS
Drive d: (HITMANPRO) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 31 MB) (Disk ID: 83D6C1D2)
Partition 1: (Active) - (Size=24 MB) - (Type=04)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D7576101)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

LastRegBack: 2013-10-31 11:52

==================== End Of Log ============================

TwinHeadedEagle · Nov 7, 2013

On your clean PC, download the following file by right-clicking it and select save as

[attachment=6180]

and save it onto your flash drive.

Then, boot OTLPE again, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.

roeb21 · Nov 7, 2013

HERE IS THE FIX LOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by SYSTEM at 2013-11-07 10:08:16 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Ballard\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe [ 2013-06-19] () <===== ATTENTION
HKU\Ballard\...\Run: [KineticJump] - rundll32 "C:\Users\Ballard\AppData\Local\Deployment\KineticJump\hmakdlea.dll",DllRegisterServer <===== ATTENTION
C:\Users\Ballard\AppData\Local\Deployment\KineticJump\hmakdlea.dll
C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe
HKU\Ballard\...\Run: [PXQsoft Update] - regsvr32.exe C:\Users\Ballard\AppData\Local\PXQsoft\ir32_32.dll
C:\Users\Ballard\AppData\Local\PXQsoft\ir32_32.dll
HKU\Ballard\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [ 2013-09-25] (Updater)
C:\ProgramData\Updater
Startup: C:\Users\Ballard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lafrejwmq.lnk
ShortcutTarget: lafrejwmq.lnk -> C:\PROGRA~3\qmwjerfal.dss (Kungyokudo, Inc)
C:\PROGRA~3\qmwjerfal.dss
HKLM\...\Run: [qdatrp] - DEX
HKU\Ballard\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [ 2013-10-28] ()
C:\Program Files (x86)\Optimizer Pro
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ \...\???\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Ballard\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe
C:\Users\Ballard\AppData\Local\Google\Desktop\Install
C:\Users\Ballard\govlog.dat
C:\Windows\Tasks\{9E7099A3-7697-4F1F-B498-15A43DEE9854}.job
C:\Users\Ballard\AppData\Local\Temp
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

*****************

HKU\Ballard\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Ballard\Software\Microsoft\Windows\CurrentVersion\Run\\KineticJump => Value deleted successfully.
C:\Users\Ballard\AppData\Local\Deployment\KineticJump\hmakdlea.dll => Moved successfully.
C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe => Moved successfully.
HKU\Ballard\Software\Microsoft\Windows\CurrentVersion\Run\\PXQsoft Update => Value deleted successfully.
C:\Users\Ballard\AppData\Local\PXQsoft\ir32_32.dll => Moved successfully.
HKU\Ballard\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => Value deleted successfully.
C:\ProgramData\Updater => Moved successfully.
C:\Users\Ballard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lafrejwmq.lnk => Moved successfully.
C:\PROGRA~3\qmwjerfal.dss => Moved successfully.
"C:\PROGRA~3\qmwjerfal.dss" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\qdatrp => Value deleted successfully.
HKU\Ballard\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} => Moved successfully.
C:\Users\Ballard\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
"C:\Users\Ballard\AppData\Local\aea76ccb-3f6f-4288-af78-d9b4c211ccf1ad\aeaccbffafdbcccfad.exe" => File/Directory not found.
C:\Users\Ballard\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\Ballard\govlog.dat => Moved successfully.
C:\Windows\Tasks\{9E7099A3-7697-4F1F-B498-15A43DEE9854}.job => Moved successfully.
C:\Users\Ballard\AppData\Local\Temp => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

==== End of Fixlog ====

TwinHeadedEagle · Nov 7, 2013

How are the things now? Are you able to boot system normally?

If it is possible, re-run FRST and post me the fresh report, so we can clean the malware remnants...

Search

NSA virus that will not let me use safe mode

roeb21

New Member

TwinHeadedEagle

Level 41

roeb21

New Member

TwinHeadedEagle

Level 41

roeb21

New Member

roeb21

New Member

TwinHeadedEagle

Level 41

roeb21

New Member

roeb21

New Member

TwinHeadedEagle

Level 41

Attachments

roeb21

New Member

TwinHeadedEagle

Level 41

Similar threads