lyricdancer

Thank you again.

Oh. It looks like the crypted and the decrypted files are both there. Should I remove all the crypted files?

Ugh. Just noticed that some files are still encrypted on my desktop.

Thank you again! I donated, but I can't afford what I think you are worth. Thank you thank you thank you.

Everything looks okay. Had to reconfigure Microsoft Office, but Sketchup opened right up. Thank you very much for your help. I'll be much more careful when opening attachments. I usually am, but this time.... CB

--------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.37, June 2016 (build 5.37.12704.0) Started On Wed Jun 15 16:03:51 2016 Engine: 1.1.12805.0 Signatures: 1.221.539.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 15 16:24:48 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.38, July 2016 (build 5.38.12803.0) Started On Wed Jul 13 09:49:59 2016 Engine: 1.1.12902.0 Signatures: 1.223.2956.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 13 10:15:53 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.39, August 2016 (build 5.39.12900.0) Started On Wed Aug 10 06:04:36 2016 Engine: 1.1.12902.0 Signatures: 1.225.2592.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 06:19:00 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.40, September 2016 (build 5.40.13000.0) Started On Thu Sep 15 09:26:50 2016 Engine: 1.1.13000.0 Signatures: 1.227.1155.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 15 09:40:32 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.41, October 2016 (build 5.41.13100.0) Started On Tue Oct 11 19:37:15 2016 Engine: 1.1.13000.0 Signatures: 1.227.2846.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 11 19:48:14 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.42, November 2016 (build 5.42.13202.0) Started On Fri Nov 11 12:06:16 2016 Engine: 1.1.13202.0 Signatures: 1.231.682.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 11 12:19:36 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.42, November 2016 (build 5.42.13202.0) Started On Thu Nov 17 14:40:28 2016 Engine: 1.1.13202.0 Signatures: 1.231.682.0 Run Mode: Interactive Graphical Mode Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 17 14:42:29 2016 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.42, November 2016 (build 5.42.13202.0) Started On Thu Nov 17 14:42:42 2016 Engine: 1.1.13202.0 Signatures: 1.231.682.0 Run Mode: Interactive Graphical Mode --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.42, November 2016 (build 5.42.13202.0) Started On Thu Nov 17 14:45:08 2016 Engine: 1.1.13202.0 Signatures: 1.231.682.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 17 14:46:42 2016 Return code: 0 (0x0)

# AdwCleaner v6.030 - Logfile created 17/11/2016 at 14:28:57 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-16.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Mom - MOM-PC # Running from : C:\Users\Mom\Desktop\Downloaded Programs\CRYPT\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Mom\AppData\Roaming\download Manager [-] Folder deleted: C:\ProgramData\TweakBit [#] Folder deleted on reboot: C:\ProgramData\Application Data\TweakBit [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec [-] Folder deleted: C:\Program Files (x86)\DownloadManager [-] Folder deleted: C:\Program Files (x86)\myfree codec ***** [ Files ] ***** [-] File deleted: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\ogbocrdu.default\invalidprefs.js ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} [-] Key deleted: HKU\S-1-5-21-3965623824-766636583-2312332947-1000\Software\Myfree Codec [-] Key deleted: HKU\S-1-5-21-3965623824-766636583-2312332947-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: HKU\S-1-5-21-3965623824-766636583-2312332947-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Myfree Codec [-] Key deleted: HKU\S-1-5-21-3965623824-766636583-2312332947-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: HKU\S-1-5-21-3965623824-766636583-2312332947-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Myfree Codec [-] Key deleted: HKU\S-1-5-21-3965623824-766636583-2312332947-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [#] Key deleted on reboot: HKCU\Software\Myfree Codec [-] Key deleted: HKLM\SOFTWARE\Myfree Codec [-] Key deleted: HKLM\SOFTWARE\TWEAKBIT [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} [#] Key deleted on reboot: [x64] HKCU\Software\Myfree Codec [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahaeginbdcckocjkhbciadcafnep [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahlfahldnilidgnlikdckbfehhca ***** [ Web browsers ] ***** [-] Chrome preferences cleaned: "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=714647" [-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ff" [-] Chrome preferences cleaned: "keyword.URL" - "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=" [-] Chrome preferences cleaned: "weboftrust.search.ask.display" - "Ask.com Web Search" [-] Chrome preferences cleaned: "weboftrust.search.avg.url" - "^hxxp(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?" [-] [C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: netflix.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [7375 Bytes] - [17/11/2016 14:28:57] C:\AdwCleaner\AdwCleaner[S0].txt - [7684 Bytes] - [17/11/2016 14:21:38] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7521 Bytes] ##########

Avira let this one through, although it warned me something was going on. What anti-virus ware do you suggest?

Looks like it is so. Running a scan with Malwarebytes.

FINISHED! FINISHED LOG.txt

It's still working on it. Will let you know. Woohoo!

Found two matching photos. running now. Crossed fingers.

Upon searching, it looks like there are crypted files on my desktop, but the others in the file system seem okay. Does that make sense?

I don't know that I have any unencrypted files to match the encrypted. Do you have any suggestions?

I've tried to open the decrypting software, but it asks for an encrypted file and its unencrypted counterpart to be dropped onto the program. Fixlog.txt