Jump to content

Recommended Posts

One of the pc's on my home network was infected with some ransomeware.  I got panicked and started looking at the other computer on my network and found this csrss.exe running in task manager.  It didn't respond to right click on properties and there is no description.  I found this forum and am following the instructions.  I downloaded FRST64.exe and ran it.  The outputs are attached and one of them is pasted below.  Please Help me. 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Dad (administrator) on JESS-PC on 31-01-2015 15:26:21
Running from C:\Users\Dad\Downloads
Loaded Profiles: Jess & Dad & Nancy & Ashley (Available profiles: Jess & Dad & Nancy & Ashley)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxebcoms.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Luis Cobian) C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3202928 2010-04-02] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-28] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Cobian Backup 9] => C:\Program Files (x86)\Cobian Backup 9\Cobian.exe [579584 2009-01-22] (Luis Cobian)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Run: [Fitbit Connect] => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Jess\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid faed8d6be88247d1aa9ea9628d0722b2-9caf1330abd452d7a910a523fb70219a4c0f082c --CMPID 0913a
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Run: [installIQUpdater] => C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\MountPoints2: {99bf2b40-6cb9-11e2-be4a-782bcbe3cb41} - E:\WIN\setup.exe
HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\MountPoints2: {e84dccd4-5d88-11e2-b59c-782bcbe3cb41} - E:\PhotoViewer.exe
HKU\S-1-5-21-319469280-2781632729-3119722079-1003\...\Run: [best Buy pc app] => C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-319469280-2781632729-3119722079-1004\...\Run: [best Buy pc app] => C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-319469280-2781632729-3119722079-1005\...\Run: [best Buy pc app] => C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
BootExecute: autocheck autochk *  /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-319469280-2781632729-3119722079-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110808&tt=3412_5&babsrc=HP_ss&mntrId=7c4e86d400000000000090a4de29b601
HKU\S-1-5-21-319469280-2781632729-3119722079-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-319469280-2781632729-3119722079-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-319469280-2781632729-3119722079-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 - NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EtBzy0ByCtDtCzzyC0DyEtN0D0Tzu0StBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2132796704
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EtBzy0ByCtDtCzzyC0DyEtN0D0Tzu0StBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2132796704
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EtBzy0ByCtDtCzzyC0DyEtN0D0Tzu0StBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2132796704
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EtBzy0ByCtDtCzzyC0DyEtN0D0Tzu0StBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2132796704
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={72EFE5DC-E4AF-44E9-9D24-B58F7B4C2B99}&mid=faed8d6be88247d1aa9ea9628d0722b2-9caf1330abd452d7a910a523fb70219a4c0f082c〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 19:07:59&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> {0CBDBE01-171C-496E-A670-227129526F44} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000030&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuzytD0AyE0D0EtBzy0ByCtDtCzzyC0DyEtN0D0Tzu0StBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2132796704
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> {5F220CF7-2C3C-10D1-91A9-0C923EFE2694} URL = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3412_5&babsrc=SP_ss&mntrId=7c4e86d400000000000090a4de29b601
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={72EFE5DC-E4AF-44E9-9D24-B58F7B4C2B99}&mid=faed8d6be88247d1aa9ea9628d0722b2-9caf1330abd452d7a910a523fb70219a4c0f082c〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 19:07:59&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> {D2859E17-B71A-4451-9F43-334D97AC6109} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS454
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> {E96F39AA-C6AE-4408-927A-7E6C69778E79} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111147,6901,0,8,0
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1004 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1005 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1005 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-319469280-2781632729-3119722079-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: NetAssistant -> {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} -> C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-319469280-2781632729-3119722079-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Jess\AppData\Local\funmoods.crx [2012-08-20]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Jess\AppData\Local\funmoods-speeddial.crx [2012-08-20]
CHR HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Jess\AppData\Local\funmoods.crx [2012-08-20]
CHR HKU\S-1-5-21-319469280-2781632729-3119722079-1000\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Jess\AppData\Local\funmoods-speeddial.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Jess\AppData\Local\funmoods.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Jess\AppData\Local\funmoods-speeddial.crx [2012-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Jess\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx [2014-02-05]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Jess\AppData\Local\Temp\YontooLayers.crx [2011-11-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8882136 2012-09-04] (DisplayLink Corp.)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [34304 2009-09-10] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [202248 2009-09-10] (Sierra Wireless Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:26 - 2015-01-31 15:27 - 00029958 _____ () C:\Users\Dad\Downloads\FRST.txt
2015-01-31 15:26 - 2015-01-31 15:26 - 00000000 ____D () C:\FRST
2015-01-31 15:22 - 2015-01-31 15:22 - 02130944 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2015-01-31 02:02 - 2015-01-31 02:04 - 00000000 ____D () C:\Users\Dad\AppData\Local\WinZip
2015-01-31 02:02 - 2015-01-31 02:03 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-31 02:02 - 2015-01-31 02:02 - 00002285 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-01-31 02:02 - 2015-01-31 02:02 - 00002279 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-01-31 02:02 - 2015-01-31 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-31 02:02 - 2015-01-31 02:02 - 00000000 ____D () C:\Program Files\WinZip
2015-01-31 02:01 - 2015-01-31 02:01 - 00000000 ____D () C:\Program Files\File Association Helper
2015-01-31 01:59 - 2015-01-31 01:59 - 00906024 _____ ( ) C:\Users\Dad\Downloads\winzip19-lan_en.exe
2015-01-30 23:15 - 2015-01-30 23:15 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\dlg
2015-01-30 23:14 - 2015-01-30 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 9
2015-01-30 23:14 - 2015-01-30 23:14 - 00000000 ____D () C:\ProgramData\Cobian
2015-01-30 23:13 - 2015-01-31 02:09 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 9
2015-01-30 23:11 - 2015-01-30 23:11 - 00620920 _____ () C:\Users\Dad\Downloads\download-cobian-backup.exe
2015-01-30 22:40 - 2015-01-30 22:53 - 00005348 _____ () C:\Users\Dad\Documents\BackUp1-30-2015_2240.RBC
2015-01-30 22:31 - 2015-01-30 22:31 - 00000000 ____D () C:\Windows\System32\Tasks\Jess-PC
2015-01-30 22:29 - 2015-01-30 22:29 - 00000000 ____D () C:\Users\Dad\AppData\Local\Sonic_Solutions
2015-01-30 22:25 - 2015-01-30 22:25 - 00000000 ____D () C:\Users\Dad\AppData\Local\Google
2015-01-30 22:20 - 2015-01-30 22:20 - 00000000 __SHD () C:\Users\Nancy\AppData\Local\EmieUserList
2015-01-30 22:20 - 2015-01-30 22:20 - 00000000 __SHD () C:\Users\Nancy\AppData\Local\EmieSiteList
2015-01-30 22:20 - 2015-01-30 22:20 - 00000000 __SHD () C:\Users\Nancy\AppData\Local\EmieBrowserModeList
2015-01-30 22:01 - 2015-01-30 22:01 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Foxit Software
2015-01-30 12:45 - 2015-01-30 12:45 - 00023079 _____ () C:\Users\Ashley\Documents\malwarescan20150130.txt
2015-01-30 12:08 - 2015-01-30 12:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Roxio Burn
2015-01-30 00:21 - 2015-01-29 19:13 - 00000129 _____ () C:\Users\Dad\Documents\Product Keys.txt
2015-01-29 19:40 - 2015-01-29 19:40 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Macrovision
2015-01-29 19:39 - 2015-01-29 20:34 - 00000000 ____D () C:\Users\Dad\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-01-29 19:39 - 2015-01-29 19:39 - 00002511 _____ () C:\Users\Dad\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-01-29 19:39 - 2015-01-29 19:39 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-01-29 19:36 - 2015-01-29 19:36 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Roxio Burn
2015-01-29 19:31 - 2015-01-29 19:31 - 02721168 _____ (Microsoft Corporation) C:\Users\Dad\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-01-28 18:29 - 2015-01-28 18:29 - 01416088 _____ (Kaspersky Lab ZAO) C:\Users\Dad\Downloads\rakhnidecryptor.exe
2015-01-28 18:28 - 2015-01-28 18:28 - 00621256 _____ (Kaspersky Lab ZAO) C:\Users\Dad\Downloads\xoristdecryptor.exe
2015-01-28 18:09 - 2015-01-28 18:09 - 00785592 _____ (Kaspersky Lab ZAO) C:\Users\Dad\Downloads\rectordecryptor.exe
2015-01-27 19:35 - 2015-01-27 19:35 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Dad\Downloads\SpyHunter-Installer.exe
2015-01-27 18:39 - 2015-01-27 18:41 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\OfficeRecovery.5bc2825d
2015-01-27 18:39 - 2015-01-27 18:39 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\OfficeRecovery
2015-01-27 18:37 - 2015-01-27 18:38 - 01889792 _____ () C:\Users\Dad\Downloads\wr-5.0.19634-demo.msi
2015-01-27 17:45 - 2015-01-27 17:45 - 08219872 _____ ( ) C:\Users\Dad\Downloads\wordfilerepairtool.exe
2015-01-25 18:52 - 2015-01-25 18:52 - 00275800 _____ () C:\Windows\Minidump\012515-50154-01.dmp
2015-01-24 22:55 - 2015-01-24 22:55 - 36544512 _____ () C:\Users\Dad\Desktop\QDATA_2015-01-24.QDF-backup
2015-01-24 19:05 - 2015-01-24 19:05 - 00000000 __SHD () C:\Users\Ashley\AppData\Local\EmieUserList
2015-01-24 19:05 - 2015-01-24 19:05 - 00000000 __SHD () C:\Users\Ashley\AppData\Local\EmieSiteList
2015-01-24 19:05 - 2015-01-24 19:05 - 00000000 __SHD () C:\Users\Ashley\AppData\Local\EmieBrowserModeList
2015-01-24 19:05 - 2015-01-24 19:05 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Best Buy pc app
2015-01-24 14:47 - 2015-01-24 14:47 - 00000000 ____D () C:\Users\Dad\Documents\Dell WebCam Central
2015-01-24 14:47 - 2015-01-24 14:47 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Creative
2015-01-24 13:52 - 2015-01-24 13:52 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-24 13:52 - 2015-01-24 13:52 - 00000000 ____D () C:\Users\Dad\AppData\Local\Skype
2015-01-24 13:52 - 2015-01-24 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-24 13:03 - 2015-01-24 14:48 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Skype
2015-01-24 11:54 - 2015-01-24 11:54 - 00000000 ____D () C:\Users\Ashley\Documents\Few. William. 1748-1828. Signer of the Constitution_files
2015-01-24 11:54 - 2014-06-28 20:56 - 00497108 _____ () C:\Users\Ashley\Documents\cert.asp
2015-01-24 11:54 - 2012-10-16 22:26 - 00021163 _____ () C:\Users\Ashley\Documents\Few. William. 1748-1828. Signer of the Constitution.htm
2015-01-24 11:54 - 2012-09-24 18:29 - 00026978 ____N () C:\Users\Ashley\Documents\Bethany to Christ.xlsx
2015-01-24 11:54 - 2012-05-16 19:03 - 00158899 _____ () C:\Users\Ashley\Documents\The Inca powerpoint (definatley THE FINAL thing!).pptx
2015-01-24 11:54 - 2012-05-14 15:27 - 00145238 _____ () C:\Users\Ashley\Documents\The Inca powerpoint (1).pptx
2015-01-24 11:54 - 2012-05-14 15:17 - 00145238 _____ () C:\Users\Ashley\Documents\The Inca powerpoint.pptx
2015-01-24 11:09 - 2015-01-24 11:09 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Dell
2015-01-24 11:09 - 2015-01-24 11:09 - 00000000 ____D () C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
2015-01-24 11:08 - 2015-01-30 12:48 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Avg2015
2015-01-24 11:08 - 2015-01-30 12:10 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Deployment
2015-01-24 11:08 - 2015-01-24 11:08 - 00125752 _____ () C:\Users\Ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 11:08 - 2015-01-24 11:08 - 00000398 _____ () C:\Users\Ashley\Desktop\pc app.appref-ms
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Roxio
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Leadertech
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Dell Touch Zone
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Dell
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\AVG2015
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\ATI
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Apple Computer
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Local\ATI
2015-01-24 11:08 - 2015-01-24 11:08 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Apps\2.0
2015-01-24 11:07 - 2015-01-24 11:07 - 00001415 _____ () C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 11:07 - 2015-01-24 11:07 - 00000020 ___SH () C:\Users\Ashley\ntuser.ini
2015-01-24 11:07 - 2015-01-24 11:07 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Adobe
2015-01-24 11:07 - 2015-01-24 11:07 - 00000000 ____D () C:\Users\Ashley\AppData\Local\VirtualStore
2015-01-24 11:07 - 2015-01-24 11:07 - 00000000 ____D () C:\Users\Ashley\AppData\Local\SoftThinks
2015-01-24 11:07 - 2015-01-24 11:07 - 00000000 ____D () C:\Users\Ashley
2015-01-24 11:07 - 2013-09-13 14:17 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\TuneUp Software
2015-01-24 11:07 - 2011-10-22 21:52 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\Macromedia
2015-01-24 11:07 - 2011-07-21 02:06 - 00000000 ____D () C:\Users\Ashley\AppData\Local\Microsoft Help
2015-01-24 11:07 - 2011-04-14 19:30 - 00000000 ___RD () C:\Users\Ashley\Desktop\Play Games
2015-01-24 11:07 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 11:07 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-24 11:01 - 2015-01-24 11:01 - 00000000 ____D () C:\Users\Nancy\Documents\Kansas Raffles Requirements_files
2015-01-24 11:00 - 2015-01-24 11:00 - 00000000 ____D () C:\Users\Nancy\Documents\EA Games
2015-01-24 10:59 - 2015-01-24 10:59 - 00000000 ____D () C:\Users\Nancy\Documents\PDU Claim for Nancy Jewell_files
2015-01-24 10:59 - 2015-01-24 10:59 - 00000000 ____D () C:\Users\Nancy\Documents\PDD Presentations
2015-01-24 10:59 - 2015-01-24 10:59 - 00000000 ____D () C:\Users\Nancy\Documents\dloads
2015-01-24 10:59 - 2014-12-29 15:32 - 00036646 _____ () C:\Users\Nancy\Documents\PDU Claim for Nancy Jewell.htm
2015-01-24 10:59 - 2014-07-11 15:55 - 00029539 _____ () C:\Users\Nancy\Documents\Responsive Centers for Psychology & Learning.htm
2015-01-24 10:59 - 2014-04-29 16:04 - 00025600 ____N () C:\Users\Nancy\Documents\2014 PDD Agenda Nancy.xls
2015-01-24 10:59 - 2013-02-26 16:26 - 05712907 _____ () C:\Users\Nancy\Documents\bloom_babysitting-Flyer_jpg.mht
2015-01-24 10:59 - 2012-02-07 18:50 - 00024064 ____N () C:\Users\Nancy\Documents\keynotes 0207.xls
2015-01-24 10:59 - 2011-12-29 16:35 - 00536552 _____ () C:\Users\Nancy\Documents\Ours.pptx
2015-01-24 10:59 - 2011-11-29 23:54 - 00544963 _____ () C:\Users\Nancy\Documents\Topeka, Kansas.pptx
2015-01-24 10:59 - 2011-07-30 13:57 - 00219095 _____ () C:\Users\Nancy\Documents\s. s. s.g. h..pptx
2015-01-24 10:59 - 2011-06-29 09:46 - 00010846 ____N () C:\Users\Nancy\Documents\Schedule(1).xlsx
2015-01-24 10:59 - 2010-10-03 15:46 - 00000937 _____ () C:\Users\Nancy\Documents\Bill Ceccoli.nri
2015-01-24 10:59 - 2010-10-03 14:28 - 00022016 ____N () C:\Users\Nancy\Documents\Speaker Payment.xls
2015-01-24 10:59 - 2010-09-27 19:20 - 00027648 ____N () C:\Users\Nancy\Documents\Speaker Detail.xls
2015-01-24 10:59 - 2010-09-05 14:57 - 00264704 _____ () C:\Users\Nancy\Documents\Speaker Certificate Template.ppt
2015-01-24 10:59 - 2010-08-30 05:04 - 00077790 _____ () C:\Users\Nancy\Documents\Kansas Raffles Requirements.htm
2015-01-24 10:59 - 2010-03-15 06:14 - 00032256 ____N () C:\Users\Nancy\Documents\PMI RegistrationInvoice.XLS
2015-01-24 10:59 - 2010-01-26 20:33 - 00523264 ____N () C:\Users\Nancy\Documents\PDD_Speakers-Search_2010.xls
2015-01-24 10:59 - 2010-01-08 15:40 - 00518656 ____N () C:\Users\Nancy\Documents\PDD_Speakers-Search2010.xls
2015-01-24 10:59 - 2009-12-29 15:57 - 00020992 ____N () C:\Users\Nancy\Documents\Contact List.xls
2015-01-24 10:59 - 2009-12-19 21:09 - 00011054 _____ () C:\Users\Nancy\Documents\index.htm
2015-01-24 10:59 - 2009-07-31 21:01 - 00004373 _____ () C:\Users\Nancy\Documents\Miley Cyrus Best of Both Worlds.txt
2015-01-24 10:59 - 2008-10-30 18:32 - 00366032 _____ (Digital River, Inc.) C:\Users\Nancy\Documents\X12-30247-DLM.exe
2015-01-24 10:59 - 2008-03-03 19:52 - 00031744 ____N () C:\Users\Nancy\Documents\PMI Survey Emails.xls
2015-01-24 10:59 - 2007-11-03 19:22 - 00002839 _____ () C:\Users\Nancy\Documents\nancyemails.txt
2015-01-24 10:59 - 2007-11-03 19:20 - 00002839 _____ () C:\Users\Nancy\Documents\emails.txt
2015-01-24 10:59 - 2007-11-03 19:14 - 00002849 _____ () C:\Users\Nancy\Documents\emails2.txt
2015-01-24 10:59 - 2007-11-03 16:14 - 00031232 ____N () C:\Users\Nancy\Documents\pmi_website_active_volunteers_110307.xls
2015-01-24 10:59 - 2007-11-03 15:48 - 00003464 _____ () C:\Users\Nancy\Documents\f4
2015-01-24 10:59 - 2007-11-03 15:48 - 00002138 _____ () C:\Users\Nancy\Documents\f3
2015-01-24 10:59 - 2007-11-03 15:47 - 00000776 _____ () C:\Users\Nancy\Documents\f2
2015-01-24 10:59 - 2007-11-03 15:47 - 00000732 _____ () C:\Users\Nancy\Documents\f1
2015-01-24 10:59 - 2007-11-03 15:45 - 00003544 _____ () C:\Users\Nancy\Documents\addresslist.txt
2015-01-24 10:59 - 2007-11-03 15:33 - 00047898 _____ () C:\Users\Nancy\Documents\C060MemberEMail.txt
2015-01-24 10:59 - 2007-11-03 15:25 - 00000786 _____ () C:\Users\Nancy\Documents\lastnames.txt
2015-01-24 10:54 - 2015-01-24 10:59 - 00000000 ____D () C:\Users\Nancy\Documents\outlook
2015-01-24 10:54 - 2015-01-24 10:54 - 00000000 ____D () C:\Users\Nancy\Documents\OneNote Notebooks
2015-01-24 10:52 - 2015-01-24 10:52 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-24 10:48 - 2015-01-24 10:48 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Best Buy pc app
2015-01-24 10:48 - 2015-01-24 10:48 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Apple Computer
2015-01-24 01:40 - 2013-04-18 22:50 - 00056320 ____N () C:\Users\Dad\Documents\P4P-Bonus Solar Sizing Worksheet.xls
2015-01-24 01:40 - 2010-12-20 14:12 - 00133632 _____ () C:\Users\Dad\Documents\SpiesFound.pub
2015-01-24 01:40 - 2008-09-29 21:21 - 14781862 _____ () C:\Users\Dad\Documents\nancy.zip
2015-01-24 01:40 - 2008-02-16 16:29 - 00000143 _____ () C:\Users\Dad\Documents\Wireless Settings.txt
2015-01-24 01:38 - 2013-12-22 23:36 - 00010034 _____ () C:\Users\Dad\Documents\Book1.csv
2015-01-24 01:38 - 2013-12-22 23:35 - 00010034 _____ () C:\Users\Dad\Documents\Book1.txt
2015-01-24 01:37 - 2015-01-30 21:59 - 00000000 ____D () C:\Users\Dad\Documents\Stuff
2015-01-24 01:37 - 2015-01-24 01:37 - 00000000 ____D () C:\Users\Dad\Documents\Songs
2015-01-24 01:35 - 2015-01-24 01:35 - 00000000 ____D () C:\Users\Dad\Documents\IRA Services
2015-01-23 23:22 - 2015-01-23 23:22 - 00000000 ____D () C:\Users\Dad\AppData\Local\IsolatedStorage
2015-01-23 23:22 - 2015-01-23 23:22 - 00000000 ____D () C:\Users\Dad\AppData\Local\Intuit
2015-01-23 23:17 - 2015-01-23 23:17 - 36298752 _____ () C:\Users\Dad\Desktop\QDATA_2015-01-23.QDF-backup
2015-01-23 21:28 - 2015-01-23 21:28 - 00000000 ____D () C:\Users\Dad\AppData\Local\QuickenWindow
2015-01-23 20:31 - 2015-01-24 22:13 - 00000000 ____D () C:\Users\Dad\Documents\Quicken
2015-01-23 20:25 - 2015-01-23 20:25 - 00001808 _____ () C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
2015-01-23 20:25 - 2015-01-23 20:25 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2015-01-23 20:25 - 2015-01-23 20:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Intuit
2015-01-23 20:25 - 2015-01-23 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
2015-01-23 20:25 - 2015-01-23 20:25 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-01-23 20:25 - 2013-12-13 15:10 - 04200744 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2015-01-23 20:24 - 2015-01-23 20:25 - 00000126 _____ () C:\Windows\QUICKEN.INI
2015-01-23 20:18 - 2015-01-23 20:18 - 00000000 ____D () C:\ProgramData\Intuit
2015-01-23 17:49 - 2015-01-23 17:49 - 00000000 ____D () C:\Users\Nancy\AppData\Local\AVG SafeGuard toolbar
2015-01-23 17:48 - 2015-01-23 17:53 - 00125752 _____ () C:\Users\Nancy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-23 17:48 - 2015-01-23 17:49 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Dell
2015-01-23 17:48 - 2015-01-23 17:48 - 00000398 _____ () C:\Users\Nancy\Desktop\pc app.appref-ms
2015-01-23 17:48 - 2015-01-23 17:48 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2015-01-23 17:47 - 2015-01-30 22:21 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Deployment
2015-01-23 17:47 - 2015-01-25 13:35 - 00000000 ____D () C:\Users\Nancy\AppData\Local\SoftThinks
2015-01-23 17:47 - 2015-01-24 10:52 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Apple Computer
2015-01-23 17:47 - 2015-01-23 17:53 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Avg2015
2015-01-23 17:47 - 2015-01-23 17:47 - 00001415 _____ () C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-23 17:47 - 2015-01-23 17:47 - 00000020 ___SH () C:\Users\Nancy\ntuser.ini
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Roxio
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Leadertech
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Dell Touch Zone
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Dell
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\AVG2015
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\ATI
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Adobe
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Local\VirtualStore
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Local\ATI
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Apps\2.0
2015-01-23 17:47 - 2015-01-23 17:47 - 00000000 ____D () C:\Users\Nancy
2015-01-23 17:47 - 2013-09-13 14:17 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\TuneUp Software
2015-01-23 17:47 - 2011-10-22 21:52 - 00000000 ____D () C:\Users\Nancy\AppData\Roaming\Macromedia
2015-01-23 17:47 - 2011-07-21 02:06 - 00000000 ____D () C:\Users\Nancy\AppData\Local\Microsoft Help
2015-01-23 17:47 - 2011-04-14 19:30 - 00000000 ___RD () C:\Users\Nancy\Desktop\Play Games
2015-01-23 17:47 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 17:47 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-13 19:34 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 19:34 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 19:34 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 19:34 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 19:34 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:34 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:34 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 18:59 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 18:59 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 18:59 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:59 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:59 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:59 - 2012-10-03 11:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 18:59 - 2012-10-03 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 18:58 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-12 08:45 - 2015-01-12 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-12 08:44 - 2015-01-12 08:44 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-12 08:44 - 2015-01-12 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-12 08:43 - 2015-01-12 08:44 - 00000000 ____D () C:\Program Files\iTunes
2015-01-12 08:43 - 2015-01-12 08:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-12 08:43 - 2015-01-12 08:43 - 00000000 ____D () C:\Program Files\iPod
2015-01-12 08:42 - 2015-01-12 08:42 - 00000000 ____D () C:\Users\Dad\AppData\Local\Apple Computer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:27 - 2014-09-03 23:05 - 00000000 ____D () C:\Users\Dad\AppData\Local\SoftThinks
2015-01-31 15:17 - 2011-04-14 18:44 - 01424263 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 14:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-31 14:44 - 2009-07-13 22:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 14:44 - 2009-07-13 22:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 14:41 - 2011-07-24 23:14 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-31 14:37 - 2011-04-14 19:14 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-31 14:36 - 2012-12-27 14:24 - 00054955 _____ () C:\ProgramData\lxebscan.log
2015-01-31 14:36 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 14:35 - 2011-10-22 21:52 - 00000000 ____D () C:\Program Files\Google
2015-01-31 14:35 - 2011-10-22 21:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-31 14:35 - 2011-07-15 11:02 - 00172756 _____ () C:\Windows\PFRO.log
2015-01-31 14:35 - 2009-07-13 22:51 - 00116214 _____ () C:\Windows\setupact.log
2015-01-31 02:34 - 2014-05-08 09:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 22:51 - 2009-07-13 23:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 22:50 - 2011-04-14 19:33 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-30 22:25 - 2011-10-22 21:51 - 00000000 ____D () C:\ProgramData\Google
2015-01-30 12:04 - 2014-08-31 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-27 20:32 - 2014-08-31 20:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 19:30 - 2014-08-31 20:02 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 19:30 - 2014-08-31 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 17:49 - 2011-04-14 19:11 - 00000000 ____D () C:\ProgramData\Temp
2015-01-25 18:52 - 2011-10-13 19:30 - 452849622 _____ () C:\Windows\MEMORY.DMP
2015-01-25 18:52 - 2011-10-13 19:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-24 22:34 - 2014-05-08 09:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 22:34 - 2012-08-30 20:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 22:34 - 2012-08-30 20:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 19:14 - 2014-10-30 22:44 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-24 19:04 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-24 14:37 - 2012-12-27 14:28 - 00040732 _____ () C:\ProgramData\lxebJSW.log
2015-01-24 14:37 - 2012-12-27 14:28 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-24 13:52 - 2013-09-07 19:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-24 13:52 - 2011-08-20 16:13 - 00000000 ____D () C:\ProgramData\Skype
2015-01-24 11:08 - 2012-12-27 14:29 - 00001008 _____ () C:\ProgramData\FastPics.log
2015-01-23 18:41 - 2014-10-30 22:35 - 00000000 ____D () C:\Users\Dad\AppData\Local\Avg2015
2015-01-23 16:57 - 2014-09-03 23:07 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Apple Computer
2015-01-17 12:48 - 2014-09-03 23:06 - 00000000 ____D () C:\Users\Dad\AppData\Local\VirtualStore
2015-01-14 03:13 - 2013-08-18 11:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2011-07-19 23:49 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 08:45 - 2012-01-29 21:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-12 08:43 - 2013-01-02 20:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-12 08:37 - 2012-01-29 21:48 - 00000000 ____D () C:\ProgramData\Apple
2015-01-11 09:00 - 2014-10-30 22:46 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-11 09:00 - 2014-05-08 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-02 17:25 - 2011-07-15 11:11 - 00000000 ____D () C:\Users\Jess

==================== Files in the root of some directories =======

2013-09-13 20:37 - 2014-06-02 20:27 - 0003624 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-12-27 14:18 - 2012-12-27 14:18 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-12-27 14:29 - 2015-01-24 11:08 - 0001008 _____ () C:\ProgramData\FastPics.log
2012-12-27 16:15 - 2013-01-25 20:26 - 0000252 _____ () C:\ProgramData\lxeb.log
2012-12-27 14:28 - 2015-01-24 14:37 - 0040732 _____ () C:\ProgramData\lxebJSW.log
2012-12-27 14:24 - 2015-01-31 14:36 - 0054955 _____ () C:\ProgramData\lxebscan.log
2012-12-27 14:18 - 2012-12-27 14:18 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-01-17 19:44 - 2013-01-17 19:44 - 2986967 _____ () C:\ProgramData\SPL2212.tmp
2013-10-10 22:07 - 2013-10-10 22:07 - 1963059 _____ () C:\ProgramData\SPL544C.tmp
2013-01-19 11:54 - 2013-01-19 11:54 - 2986967 _____ () C:\ProgramData\SPL7000.tmp
2013-12-28 20:48 - 2013-12-28 20:48 - 0430972 _____ () C:\ProgramData\SPL8150.tmp
2014-01-04 23:07 - 2014-01-04 23:07 - 0594873 _____ () C:\ProgramData\SPLAD62.tmp
2012-12-27 14:17 - 2012-12-27 14:17 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Dad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jess\AppData\Local\Temp\7za.exe
C:\Users\Jess\AppData\Local\Temp\APNStub.exe
C:\Users\Jess\AppData\Local\Temp\AskSLib.dll
C:\Users\Jess\AppData\Local\Temp\avguidx.dll
C:\Users\Jess\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jess\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Jess\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Jess\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Jess\AppData\Local\Temp\jinstaller142.exe
C:\Users\Jess\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Jess\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Jess\AppData\Local\Temp\ose00000.exe
C:\Users\Jess\AppData\Local\Temp\rnsetup0.exe
C:\Users\Jess\AppData\Local\Temp\Setup.exe
C:\Users\Jess\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Jess\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jess\AppData\Local\Temp\YontooSetup-Silent.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\SysWOW64\dlumdfb10.dll
C:\Windows\SysWOW64\dlumdfb11.dll
C:\Windows\SysWOW64\dlumdfb9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
C:\Windows\System32\dlumdfb10.dll
C:\Windows\System32\dlumdfb11.dll
C:\Windows\System32\dlumdfb9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-25 19:33

==================== End Of Log ============================

 

Addition.txt is attached

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"
FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

It is working great.  Thanks so much for your help.  I have one other question about the CryptoWall Trojan.  One of my external hard drives was connected to the pc that got wacked out and encrypted some stuff.  Is that external hard drive infected?.  In other words, if I connect that drive to a pc to see if I can "save" any of the files from that drive can the Trojan somehow jump onto the computer it is connected to?.  I know there are boot sectors and things on those external drives, and something fires up when you connect it. Is there any way to clean it like booting up in safe mode and running some cleaners on it?

 

 

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.