Jump to content

hockey5

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by hockey5

  1. I am happy and you can mark this as solved. Thanks again for your help.
  2. Adam, The second link for delfix.exe worked and I think everything is working great. The only problem I am having now is getting the Pay Pal to accept my donation. The button link you have above takes me to a paypal site that assumes I am in Great Britain. I am in the United States. Even when I change the location to United States it still won't let me proceed unless I pick a county. The drop down menu for counties are all in GB. Any ideas?
  3. Adam, First, Thank you so much. Your help/work is much appreciated. I will absolutely donate, once I lookup the conversion of GBP to USD. haha. Seriously, many beers coming your way. Second, the link in the post above, for delfix.exe did not work for me. Is there another website I should use to find this file. Thank you again. Todd
  4. The contents of the checkup.txt log are below. I don't notice any other issues with the computer. However this is a laptop computer and I have it at work right now. I usually have this computer at home. It is not connected to my home printer. I guess I should try out the printer when I get home. It appeared that one of the folders infected was a "Hewlett Packard" folder, which I assume is for my printer. I also noted that there was a Fitbit folder infected. Which is my wife's fitness bracelet. She hasn't tried to "connect" the braclet to the computer since the computer was infected. I guess we'll try tonight. If it doesn't work should I uninstall that software and reinstall? The same with other issues I run into in the future? Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader XI Mozilla Firefox (33.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  5. Adam, I find the below list of folders with the "Win32/Filecoder.CR trojan" flag. To be honest, none of those folders contain personal photos or documents so I am not sure what file I should be trying to restore. I would guess these folders are "important" as there names seem to indicate that they are used for our printer (Hewlett Packard) or my wife's fitness bracelet (fitbit) or Adobe among other things. I just don't know what file is encrypted or how the virus is effecting the operation of these. I guess it is good that photos and such aren't encrypted? Sorry if I'm not doing something correct. If you want me to try something else please let me know C:\FRST\Quarantine\C\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan C:\ProgramData\FitbitConnect\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\acceller\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\aol\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\symantec\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\vongo\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\LangRes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\LangRes\xx_xx\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HP Advisor\LangRes\xx_xx\Resources\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Real\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Real\RealPlayer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Real\RealPlayer\Database\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Real\RealShare\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\Real\RealShare\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\RealNetworks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\RealNetworks\RealDownloader\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\RealNetworks\RealDownloader\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\WildTangent\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\WildTangent\Zuma\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\WildTangent\Zuma\cached\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\ProgramData\WildTangent\Zuma\cached\sounds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\FitbitConnect\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\acceller\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\aol\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\symantec\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\vongo\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\LangRes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\LangRes\xx_xx\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HP Advisor\LangRes\xx_xx\Resources\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Hewlett-Packard\HPSAUpgrade3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Real\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Real\RealPlayer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Real\RealPlayer\Database\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Real\RealShare\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\Real\RealShare\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\RealNetworks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\RealNetworks\RealDownloader\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\RealNetworks\RealDownloader\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\WildTangent\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\WildTangent\Zuma\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\WildTangent\Zuma\cached\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\All Users\WildTangent\Zuma\cached\sounds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Adobe\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apple Computer\iTunes\iAd\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\YEVYKDRB.VOH\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\YEVYKDRB.VOH\onli..tion_751ffe0e5ce5d2e7_0001.0001_c972d513e1621f14\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\YEVYKDRB.VOH\onli..tion_751ffe0e5ce5d2e7_0001.0001_c972d513e1621f14\Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\RGLHOHN1.LLA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\RGLHOHN1.LLA\TVNJGV9H.NK8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Apps\2.0\RGLHOHN1.LLA\TVNJGV9H.NK8\onli...exe_751ffe0e5ce5d2e7_0001.0001_none_74bdab4cdb5192d3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Atheros\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\00f472BE936eCDedF2ea37d5ed9a05D1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0139bfB97Ca081deA62b0fa2bd2e8B16\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\019847807983118fBB31c0f4fe0398C3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\01e20c02966d5E0b9F5af6c9a0e48418\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\03227bAAA3ddBC7055460cab8ce02EF0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\034a0209AF9aE1d74226a82821bc43AD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\035aed6EBC9eDE66F4047ef87ef3B514\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0504c5BA33a21285FF95be348c701D81\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\05fa4936B4091Bcf2D39a0f32515B983\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\06ca4777CF48DCe8FAf97e8ab192D8A0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\06f307167613542600225b88cc7aF0EE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\06fef4197Ff81A52179fd4cc2dc1D122\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0708e040B01bE26fE2a0c9c4967588B8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\08d2838020f481a60Ce36a5c23aeB568\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0Aaee1C80F8823f36F010b7a560852CE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0Ca71dD971c6D2e41A133b7dfca494FC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0De93446734d9Ad404f71e3f711c469E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\0Fbda54B69ba2F8aFE3c7c529ca471D1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\13843bA6201aDEcf86818ab0f09aEFCD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1384dd88EF6a82cfB51425a7ece968D5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1478a3FC2202B01561e4b5912ea74691\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\14a393A0A63c725eF21c0f8fed6123B0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\157796863888480eECcb55d2b850F49E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\166487BB15c597c76Ca10480467d9CD2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\168d1b7D91e38B44B8916204399f5C39\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\16f75a1D6A2f285b3074b823e0b0E12B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\18d9d6F8E4ab421d736064ae533d9D91\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1917acCD93f6A5441661bb9633ffDFA3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ac17d5843d3C860DE6b6e31f725D8C1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ba997844D532C62F12b7d284e857257\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ec901288Ac4BD56A829c53ffe964D1D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ede0eFE7AdeA3fc777f886da6f4B7B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\1F08d23E32fdB3104Ec578dd39d062C5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\219b134865bfE0cdFF698e6187ce9F83\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\21f6a24BDE41AF8d2Ce7810d9972807B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\2317f30D0Dc609fdF897a1812d688CC2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\239ae2B1A349D234830a3fbab8d192D2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\24a9e6DD4A98F1843A9c6135cdba69FB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\26777dB4B98d325a657b38ef29756118\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\26a20b7856e945e2AD9764aca08822F7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\296c6e37FF67C158885ae6886b7e7B92\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\29d092AF3Eac5C473Bbdb805b4731A02\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\2Cbba291D56fCCd607498d2482c29C5D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\2E403fCFDA39AD4600b817b0569cEC47\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\306065B56661B7a353ecee546a279A17\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\30b6491F8600021f37068ded8e8f470D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\30e9041B933c593068a68568e7471696\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\319d2cECF3d646d25Dc4e8076a58E4C0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\3200f213DBec8EbaE2d3033399ff1D3C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\3542c6A1E3d7B972A6b792fe84c47DA8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\369f6f288B2f28a491c620a97baeC810\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\377c69D7DD74E015C5091b3919d421A0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\38869e70177635a8B091e351f6c43178\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\393bd831079eE98f82ae4070f3f18DF3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\39685d1664fbCF06AEb1117571c0853B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\3D52d970A4be1Bcb9A43828380699D8B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\3Ead4dFD5Ce7D7515377086c919727C2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\3F1066FC7953097aD5c22956c6c2C5BF\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\3F71f711B1329B74875360c0b7843B87\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\40e30b6357de5E5eFD475fa1b41a3D70\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\415cc33CD255972f606027c1ff5aB3F6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\434041340Ad1ACe5C77e94e0878e1745\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\45e13b26AE15AC7e6E1545fb90a2E91A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\461d9dC96Fed7Ace6715150257c1E583\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\46a1f5075430EDb59212d9d7979c9FB9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4798700CEB6c96764201b9600d9f6F51\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4923dfBBAAd7643b88513394709cBE02\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\498dbc621884AE29E4a32f3baac03ACB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4A7ff4AC26f565e031e368a5bd264473\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4B57ee66568bD0e8187fba8d3cd15BDD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4Bac5543C2580De1172e224e46424B87\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4Bc2dd60BA088E95A826c51c15b766CD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4D2b59BB6A8fFCf1E2f5746d344aFDA5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4Dbed925B6e7664eBE3f8d8f2ed7446D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\4F0f8b72864eC55f94b670fd64201580\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5217bc3756dfE123ABe97e4e3fe26A41\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\526d6cDB5Cd55Cdd5A4178c0b769EF98\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5585f34CF6308D39D7b53519091c53FB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\57b3b3541Efd2781A67f10d453068471\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\584ee7D1CE6b0Ac0CEe40f837b647EFE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5950ae36097f7Fc9073d3d780221BB4D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5975cfC6E9d06Bbc34e25b41bc8b9350\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5A6ee034C08fC9e4EB0911940e093901\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5Ad689DF1E44F34c490c19d39555278E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5B4f329E603bDB4dDE9509fd7e291FC2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5Beae8DF330e199cC01c32555d1bA728\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\5E69a4B924e3040e2Bde2ef7e2e8F714\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6181f00326adB36f6604317b33e4128C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\62caf0EB9Baa4C52C745a75d63b25F10\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\630a0e97CD9a2E12BB9ce2e46c9214B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\64aa4e821614CAb5311ad5973857B538\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\64fed340AE1fED56FEec31e1bf705E89\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\65100019509614b090b64584649d7D57\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\661042E352685818CEa97a87890b3646\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6720d2F46274CF24FB0949f5b12c4BA8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\672b2766F5e54Dbe5B7299b51c7b4811\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\684344CDD325965859d096133db8C5D7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6926c317DAb368cb58c119b417ba3C2E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6B962f7C4Dcc36e4DE02f245f9ceA182\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6CddacD73A7f1D378E9b336fe42193B4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6D45783E5EbdCB52F46b57b55db95DF8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6E263c0C6C76D852C6e7155bc915D001\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\6F3abf40F078D3f5C75aab7bf805B784\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\70a8b89491a28F229A53d3519c15DAFA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\70bf186D6EfbEFbb073edcc77f746A12\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7241f986B11622555E291194a9fc1E98\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7329783224cc6A4d4Dbbf156de18B02A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7385c395AFa4EE9150b501ed94aaCAED\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\77cdb31C463d29fcF9d8677cc7a1830A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7801ea9A19acBF097D13c002fd01B1AD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\791200B2911e018722e7993b2b381F3E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\79cad186F6c8934dD22651c2a06436BE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7A3e1e971F4251a9AAc836b26bfc0163\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7Ad9718B5774747e21d73d21a7a53FD0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7C84b3805Cc20997EB1605d6fa98447B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7D06f00E72abDD96397f7284de830D56\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7E749a0F2Fdb2CdbBA14971c69ed3932\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7Fb26d09D0c05F35EE8ed3c153a2F1B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\7Fca5364FAafC0cf43b2278f6d1b3B83\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\80c3bbE12Dd0BEecBD3f4358be2746E2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\81a807A611c1EDb027eee964946806AC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\81afadD31F2a1Cbe6Fdf10a056248DF6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\827f38C6456b0982838baf5b42fa53B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\83d98bC75D3d18a0C0d99c2fb6fe0387\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\873062A66B7dC2c9EAd2a3bee153F406\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\8891f67BC45b0A0462a66bb00989AC3E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\8B588444F31b60249Fac052b15865E2F\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\8C10954E53e24Dc0076df930d356962C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\8C7f1b8B3D62C45d4495d43760030EA9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\8F6815912D41855985ef7694d4a987AC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\901c3f9D743b83e1D9dbda0ca90023C4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\906fb11C3B4f8C1b195ebd1099c87AC8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\914121F0B47b3E21A9492d1598d3966D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\91e97e6BDEf5E38b9D972648c4039D5E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\924ddf22F856AA3241d5cb790d72AACE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\92cda0716070205d4D5e946238f76B6A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\93840f277C7fD28bBF042d26a4dc57C9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\943206603Df8778771ae384d05b23BB6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9461362C275aE115AEcb8fba343b1296\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9539f373DB47254cB192b59d04c389E7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9597d073927cF3daC38418a3e20765DC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9684566B060609486271719a04e45CF3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\96f43eA54683E6b2ADa55acaa446B1DE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9Baa8bD6C6ccB48c80f0fdac2590CE18\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9C09973165c7D6f42C0d04272cca7F54\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9Ce2a693B84eBD6e2D887068b1122936\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9D4a57897590E6011Ed8ee38a44dE5B7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9E307e8F9768663eC306cbbdf5a63CBD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\9E67b34690831FaaCF26430f1dcd8BFF\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A07d33604De40F5077c5eb045c557779\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A2345c16FE54C65bFF62698236402229\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A26d18183775B7dfDAa202ffe8f7B4F4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A3c39033CEe9105b170fc5b1f04a5376\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A4e04bB28315286b8Ada323fb8546CD5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A88c520B3869ABf651cf629a09d98376\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A8945123CCa25570D46250193007AD6D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A90d66312EfaE7930A3980425a10D7BD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A98bc4E661580B6e931ba253480d2366\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\A9f2f362BBa4431f1Ab7711b51181CEA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\AB70fdBAD0990F362Bf9b6ef6c4eF192\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\ABaaa75C2145D5cb557d84a719777738\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\ADf898EC77de3F011Bc0a31b937b087B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\AF6b8f852Db3E7e6CB3ea40578b5BA96\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\B0f0e92C440182f5F393298eb1ff5044\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\B4b926297Dc308b5EE6851bc69e7F077\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\B55fd9F6E4cc743095707b1a56c4801C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\B5f6fcFC3CfcEE05E31189c1fbe56EFC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\B9bef9C47140CDfaE9cdb0607d14F785\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BA420d5AFE0d1D332Caa369655472BD4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BA7d67A56990B752E2a20b9c574dDA8C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BBe3723439f36672764604f7484bB0C3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BC450491BA211D50EA8074937acdDBC8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BCbaf5C7E50026aa558a9f45852fE21E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BDbf2bDE76265C3450e61390d4677C49\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BE1ad722447086a8A6b0d3a889f5B181\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BE823a3C6010E546F7b9baa810f231CB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\BF8ec85736fd012d672e4efca5814B50\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C09e7827B30148c1057c3a247c482FA3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C1c1eeF0E94b9771F509c8972bd63C0D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C34772181B0fE720B06a4c88ff96CBC1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C418a535FDf46FbaFC5a40f48ccbEA2B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C57c402E317eC379F5a6c4c4f752C50D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C608f65691d74D13179eb7c7ad044DB6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C64452B44E2fC9d932e4f32d24620CB0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C76f6654B3338Cfa7261c67a0e49E71F\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C87f5c795C633Dd49Bcb7968e1ee1F9A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C88fd9DA5A9826e83170e925472c8EB4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\C9ed27C73Fe382fdF21177e63d3a20DB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CAb1d880A070A2d0A808e769e957C6A1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CC7c13B06Ff60Aad4C714caa2b1e8369\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CCe3a82F9E0b75fbCEfa2cc36a615DCA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CCfdba59D436A7ef3Fe3dbff261c5C5F\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CD168377D7919A8d173572c25318F887\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CD2c6aC89Abc8Fb0CDa9055cadb60B35\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CD9a7e5910440Be8512b156e36a1C9EB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CE7abdD2D65c1Ac4B0229fc50842F72D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\CF21d6A6CD34525995ab70b1d545467C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D00643625022223d4248cf4b1d7a6FE0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D0b1aa37715bB3f089d1cb9c5bb7E5C8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D12693972B2c0Ed7C2f141422eecFE70\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D14ff2E283feE47899e72359b89e926C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D25ffaAB0739E76e08f0bc2f53f029B3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D27f66EBAC6b636a568f913c29dd19CD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D2826945DC34429f58a6da20932c67C8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D4b7413163043D5a8C25532fdb126450\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D4e063F73Fd06Cb4EB0d73e4f7eaC252\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D617021E5B2d1303D780baa1fcf4E122\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D676534E0C7884b8449526fd0a79C469\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D7a0941261e13B36376b6f9f258a3157\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\D910acDA1B786671CD28aa8fe37297BA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\DC23e1AE94195Fa3DCbec6e6e6a5DA04\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\DD2a91EDB4769Aef2106a8b4564702AD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\DE44a751B4efF78c52d9abd58818FF04\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\DF492b699EceCCd98Ba79e6e3928A210\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E067b686D79119f367c88491386e5F78\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E06f907DA19672c999798a9bbb7b8AA6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E14d228963f80079AD94356d5c5d4FBB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E1e153AE19b45Fc6E9a554904cdb143E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E2a197BD468e4667064a558c41ef721E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E30d4f6E088892ff2D47d25dcaabAEF4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E3bd31038A1b22cd6A35d346cc9c9CF8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E4884aA64B9dBAfd71b00c14f605D87D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E4fc65BAE4f94Aaa82bd73f2000a7540\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E5ae6cD877c533a36015f05432620673\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E61d36D03Bb579132C82e385f692E1CA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E642fdE4AF5846fdC1dad56cc2067942\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E7042bFFC0740C0a126a7d002b965CE7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E8457607282d7F4e4469d71b42f928A2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\AppData\Local\Corel\Thumbs\E97f801F0Afa1459C11d16e843d83F81\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan C:\Users\Laura\Downloads\cnet_full_video_converter_free_exe.exe a variant of Win32/InstallCore.D potentially unwanted application D:\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan E:\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR Trojan
  6. Adam, Thank you for the info on the warning boxes for internet explorer. I've check the "in the future..." boxes and all is good. I also figured out the sound issue on youtube. When I clicked on the volume icon in the system tray there was an option to click on "mixer", which I did. And a number of volume slides opened and for some reason the slide for Internet Explorer was muted. I unmuted and it worked. Regarding the infected files. Can you guide me in how to find an infected file? I've looked at a number of photos and videos and they all seem to work. I will keep looking but if there is a better way to locate please let me know. Todd
  7. Adam, Attached are the logs you requested. In general the computer is running much better. There are a couple of items that I noticed. First, when I use Internet Explorer, I consistently get two pop up windows. I get a "Security Alert" pop up window that states, "You are about to leave a secure Internet connection. It will be possible for others to view information you send. Do you want to continue? " Then when I click on yes a new window pops up that says, "You are about to view pages over a secure connection. Any information you exchange with this site cannot be viewed by anyone else on the web." Both times I have the option to check the "In the future, do not show this warning" box. I have never seen these before. Second, I went out to youtube and tried to play a couple of videos. I don't get any sound. I have turned up the volume on the computer and in the youtube window. But still no sound. I can hear the typical windows sounds such as a "bing" sound when I click on something incorrectly. So I don't think it is the speakers. Thanks so much for your help. Addition.txt Fixlog.txt FRST.txt
  8. Adam, Attached are the 4 logs you requested. AdwCleanerS0.txt Fixlog.txt JRT.txt MyEsetScan.txt
  9. Adam, Is it important for me to select Unicode in the Encoding: drop-down box when I save the fixlist.txt file. You mention that in one of your first posts, but no this time. So I wasn't sure. My notepad defaults to ANSI Encoding. Thank you, Todd
  10. Adam, Attached is the dirlook.txt file. Thank you. dirlook.txt
  11. Adam, I have completed the remainder of your instructions and attached the requested logs. Thanks for your help. I look forward to hearing from you again. Todd Addition.txt ComboFix.txt FRST.txt malwarebytes scan log.txt TDSSKiller.3.0.0.41_13.11.2014_09.34.44_log.txt TDSSKiller.3.0.0.41_13.11.2014_09.40.02_log.txt
  12. Adam, I have attached a txt file of the scan log. I know you stated you preferred that logs are posted directly as plain text, however I can't seem to get this to work. I have tried breaking the file up but I still can get it to paste. I apologize if I am making your work harder. I must be missing something. I can start Step 3 if you would like. Thank you. Todd malwarebytes scan log.txt
  13. Adam, I closed FRST, recreated Fixlist.txt and re-ran FRST. It again appears to be "fixing" for a long time. It is still running. However, I noticed a fixlog.txt on the desktop. I have attached the file. I tried to cut and paste the text into the body of this post, but I was having trouble. Sorry about that. Please let me know if I should do something else. Thank you. Fixlog.txt
  14. Adam, The FRST is still running. Since my last post, the program appears to have moved from "fixing" status to "scanning" status. It appears to be scanning all of the files on the computer. I do not find a Fixlog.txt on the desktop. I have NOT stopped the program, since it appears to still be scanning. Please let me know if you still want me to stop the program and restart the repair. Thank you
  15. Thank you for the help Adam. My first name is Todd. I was not aware that I had been infected with CryptoWall 2.0. I read the information you provided and I am obviously worried about what it has done to my computer and my files. I hadn't noticed that I couldn't open any documents or files, just that my computer was running very slow. However, I haven't checked the files so I guess I'll what happens. As I understand it, I would have to pay a ransom to open encrypted files? Is this something that can be decided later? Hopefully after you help me remove the infections and I have a chance to see what files were encrypted? I have started with STEP 1 of your instructions. I have copied the Script to a fixlist.txt file and placed it on the desktop (where the FRST64.exe files is) and ran the programme and clicked "fix". It has been "fixing" for over an hour. Is this normal and should I just let it keep running? One item to note, the infected computer is not connected to the internet. Is that a problem? Thank you for your help.
  16. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Laura (administrator) on LAURA-PC on 11-11-2014 23:53:35 Running from C:\Users\Laura\Desktop Loaded Profile: Laura (Available profiles: Laura) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [sunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe" HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company) HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.) HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [deski64x] => rundll32 "C:\Users\Laura\AppData\Local\Temp\cmncdmrc.dll",CreateProcessNotify <===== ATTENTION HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [avicbrkr] => rundll32 "C:\Users\Laura\AppData\Local\Temp\cmncdmrc64.dll",CreateProcessNotify <===== ATTENTION HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [benuYcona] => regsvr32.exe "C:\ProgramData\BenuYcona\BenuYcona.dat" HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [uejpUsxex] => regsvr32.exe "C:\ProgramData\UejpUsxex\UejpUsxex.dat" HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [GoogleUpdate] => C:\Users\Laura\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [18988250 2014-11-11] () HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [fcriruf] => rundll32 "C:\Users\Laura\AppData\Local\fcriruf.dll",fcriruf <===== ATTENTION HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\MountPoints2: {cbf64c20-4b6c-11e2-8b7a-c80aa937949a} - G:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - DefaultScope {8D2E50EE-E1BC-4DF6-9790-5DCDA28BFD34} URL = SearchScopes: HKCU - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKU\S-1-5-21-1601888643-1408281928-2996122355-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://cccamera.lifepics.com/net/Uploader/LPUploader57.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\jhg2rura.default FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1601888643-1408281928-2996122355-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll (Hulu LLC) FF user.js: detected! => C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\jhg2rura.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-31] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-26] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012-08-21] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-25] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-01] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed] R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-27] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) U4 eabfiltr; No ImagePath S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 23:52 - 2014-11-11 23:52 - 02116096 _____ (Farbar) C:\Users\Laura\Desktop\FRST64.exe 2014-11-11 23:45 - 2014-11-11 23:45 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1601888643-1408281928-2996122355-1001 2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\FipfOkjav 2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\EagesEfaru 2014-11-11 23:34 - 2014-11-11 23:34 - 00023552 _____ () C:\Users\Laura\AppData\Local\fcriruf.dll 2014-11-11 23:34 - 2014-11-11 23:34 - 00000000 ____D () C:\ProgramData\UejpUsxex 2014-11-11 23:34 - 2014-11-11 23:34 - 00000000 ____D () C:\ProgramData\BenuYcona 2014-11-11 23:25 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-11 23:25 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-11 23:25 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-11 23:25 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-11 23:25 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-11 23:25 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-11 23:25 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-11 23:23 - 2014-11-11 23:34 - 00000000 ___SD () C:\dl 2014-11-11 23:22 - 2014-11-11 23:23 - 00000000 ____D () C:\Qoobox 2014-11-11 23:21 - 2014-11-11 23:25 - 00000000 ____D () C:\Windows\erdnt 2014-11-11 23:21 - 2014-11-11 23:23 - 00000000 ___SD () C:\32788R22FWJFW 2014-11-11 22:40 - 2014-11-11 22:40 - 05598118 ____R (Swearware) C:\Users\Laura\Desktop\dl.exe 2014-11-11 17:44 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 17:44 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 17:44 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 17:44 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 17:44 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 17:44 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 17:44 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 17:44 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 17:43 - 2014-10-25 19:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 17:43 - 2014-10-25 19:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 17:43 - 2014-10-25 19:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 17:43 - 2014-10-25 19:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 17:43 - 2014-10-25 19:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 17:43 - 2014-10-25 19:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 17:43 - 2014-10-25 19:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 17:43 - 2014-10-25 19:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 17:43 - 2014-10-25 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 17:43 - 2014-10-25 19:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 17:43 - 2014-10-25 18:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 17:43 - 2014-10-25 18:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 17:43 - 2014-10-25 18:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 17:43 - 2014-10-25 18:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 17:43 - 2014-10-25 18:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 17:43 - 2014-10-25 18:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 17:43 - 2014-10-25 18:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 17:43 - 2014-10-25 18:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 17:43 - 2014-10-25 18:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 17:43 - 2014-10-25 18:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 17:43 - 2014-10-25 18:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-11 17:43 - 2014-10-25 17:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-11-11 17:43 - 2014-10-25 17:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-11-11 17:43 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 17:43 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 17:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-11 17:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-11 17:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-11 17:41 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 17:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-11 17:41 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 17:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 17:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 17:41 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-11 17:41 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-11 17:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 17:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 17:40 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 17:40 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-11 17:40 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 17:40 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-11 17:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-11 17:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 17:35 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-11 17:35 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 17:35 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-11 17:35 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-11 17:35 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-11 17:35 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-11 17:35 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-11 17:35 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-11 17:33 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 17:32 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 17:32 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 17:32 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 17:32 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-10 21:34 - 2014-11-11 23:53 - 00028092 _____ () C:\Users\Laura\Desktop\FRST.txt 2014-11-10 21:33 - 2014-11-11 23:53 - 00000000 ____D () C:\FRST 2014-11-10 20:31 - 2014-11-10 20:31 - 02140160 _____ () C:\Users\Laura\Downloads\AdwCleaner.exe 2014-11-10 20:24 - 2014-11-10 20:33 - 00000000 ____D () C:\AdwCleaner 2014-11-10 19:06 - 2014-11-10 19:06 - 00000000 ____D () C:\Windows\pss 2014-11-10 18:47 - 2014-11-11 23:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-10 18:43 - 2014-11-10 18:43 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-10 18:43 - 2014-11-10 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-10 18:43 - 2014-11-10 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-10 18:43 - 2014-11-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-10 18:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-10 18:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-10 18:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-10 18:20 - 2014-11-11 23:45 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1601888643-1408281928-2996122355-1001 2014-11-09 12:02 - 2014-11-09 12:02 - 00004214 _____ () C:\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT 2014-11-09 12:02 - 2014-11-09 12:02 - 00004214 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-11-09 12:02 - 2014-11-09 12:02 - 00000272 _____ () C:\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL 2014-11-09 12:02 - 2014-11-09 12:02 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL 2014-11-09 10:47 - 2014-11-10 19:39 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Ciyksema 2014-11-09 10:47 - 2014-11-09 10:47 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 1033307731 2014-11-09 10:36 - 2014-11-09 15:36 - 00000000 ___HD () C:\8440b83 2014-11-08 20:51 - 2014-11-08 20:51 - 00006656 __RSH () C:\Users\Laura\AppData\Roaming\{000069DC-6A40-1B9D-D66D-5061F2264274}.exe 2014-11-08 19:14 - 2014-11-11 23:35 - 00000520 _____ () C:\ProgramData\@system.temp 2014-11-08 19:14 - 2014-11-11 23:35 - 00000256 ____H () C:\ProgramData\@system3.att 2014-11-08 19:14 - 2014-11-08 19:14 - 00000448 ____H () C:\Users\Laura\AppData\Roaming\麽鎒駓覜 2014-11-08 19:13 - 2014-11-11 23:34 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\FrameworkUpdate7 2014-11-08 19:13 - 2014-11-08 19:13 - 00000000 ____D () C:\ProgramData\JudaNopu 2014-11-08 19:12 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-08 19:12 - 2014-11-08 19:12 - 00000000 ____D () C:\ProgramData\IowcUfvu 2014-10-30 13:09 - 2014-10-30 13:23 - 00000000 ____D () C:\Users\Laura\Desktop\Halloween 2014-10-30 13:09 - 2014-10-30 13:09 - 00000000 ____D () C:\Users\Laura\Desktop\New folder 2014-10-15 18:40 - 2014-10-15 18:59 - 00000000 ____D () C:\Users\Laura\Desktop\picJTH 2014-10-15 18:29 - 2014-08-28 20:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 18:29 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 18:29 - 2014-08-28 20:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 18:29 - 2014-08-28 20:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-15 18:29 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 18:29 - 2014-08-28 19:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 18:29 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 18:29 - 2014-08-28 19:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 18:29 - 2014-08-28 19:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-15 18:29 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-15 18:29 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-15 18:29 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-15 18:29 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-15 18:29 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-15 18:29 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-15 18:29 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-15 18:29 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-15 18:29 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 18:29 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 18:29 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 18:29 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 18:29 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 18:29 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 18:28 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 18:28 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 18:28 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 18:28 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 18:28 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 18:28 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 18:28 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 18:28 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 23:53 - 2010-03-17 02:17 - 01567507 _____ () C:\Windows\WindowsUpdate.log 2014-11-11 23:50 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-11 23:50 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-11 23:45 - 2011-03-09 21:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-11 23:42 - 2011-03-09 21:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-11 23:41 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-11 23:41 - 2009-07-13 22:51 - 00850387 _____ () C:\Windows\setupact.log 2014-11-11 23:13 - 2014-09-12 15:02 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1601888643-1408281928-2996122355-1001 2014-11-11 23:13 - 2014-09-12 15:02 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1601888643-1408281928-2996122355-1001 2014-11-11 22:17 - 2014-06-15 09:35 - 00245760 ___SH () C:\Users\Laura\Desktop\Thumbs.db 2014-11-11 21:34 - 2010-08-01 18:57 - 00128912 _____ () C:\Users\Laura\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-11 21:32 - 2009-07-13 22:45 - 00455224 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 21:30 - 2014-04-23 14:51 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-11 21:30 - 2010-03-17 02:19 - 00451746 _____ () C:\Windows\PFRO.log 2014-11-11 21:28 - 2009-10-30 22:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-11 21:18 - 2013-08-14 18:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 21:14 - 2010-08-05 06:22 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-10 20:59 - 2012-06-21 18:07 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\uTorrent 2014-11-10 20:58 - 2011-09-14 21:17 - 00000000 ____D () C:\Program Files (x86)\Coupons 2014-11-10 19:40 - 2009-09-06 19:57 - 00000000 ____D () C:\Windows\Panther 2014-11-10 17:42 - 2010-08-01 19:19 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\HpUpdate 2014-11-09 15:37 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-09 12:03 - 2014-03-25 21:00 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apps\2.0 2014-11-09 12:03 - 2011-05-30 04:26 - 00000000 ____D () C:\Users\Laura\AppData\Local\Atheros 2014-11-09 12:03 - 2010-12-07 21:40 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple Computer 2014-11-09 12:03 - 2010-08-16 19:41 - 00000000 ____D () C:\Users\Laura\AppData\Local\Corel 2014-11-09 12:02 - 2010-08-16 17:44 - 00000000 ____D () C:\Users\Laura\AppData\Local\Adobe 2014-11-09 12:02 - 2009-10-30 22:08 - 00000000 ____D () C:\ProgramData\WildTangent 2014-11-09 12:01 - 2014-09-27 23:59 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-11-09 12:01 - 2014-06-22 09:56 - 00000000 ____D () C:\ProgramData\FitbitConnect 2014-11-09 12:01 - 2011-10-07 18:41 - 00000000 ____D () C:\ProgramData\Real 2014-11-09 12:01 - 2011-06-24 14:23 - 00000000 ____D () C:\ProgramData\Motive 2014-11-09 12:01 - 2009-10-30 22:49 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-11-09 09:49 - 2014-03-21 15:06 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLaura.job 2014-11-09 08:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-08 17:28 - 2011-10-07 18:41 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Real 2014-11-07 21:52 - 2011-12-14 21:07 - 00000000 ____D () C:\Bovada 2014-11-07 21:41 - 2014-03-21 15:06 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLaura 2014-11-07 17:39 - 2010-08-04 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-30 05:25 - 2010-08-01 19:19 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-20 18:40 - 2011-03-09 21:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-20 18:40 - 2011-03-09 21:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-16 18:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-10-16 11:52 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-13 06:48 - 2010-08-01 18:47 - 00000000 ____D () C:\Users\Laura Some content of TEMP: ==================== C:\Users\Laura\AppData\Local\Temp\5k5yWS5.exe C:\Users\Laura\AppData\Local\Temp\6_Offer_15.exe C:\Users\Laura\AppData\Local\Temp\7z.dll C:\Users\Laura\AppData\Local\Temp\7z.exe C:\Users\Laura\AppData\Local\Temp\Bodog.comPokerClientUpdate.exe C:\Users\Laura\AppData\Local\Temp\Bodog.euPokerClientUpdate.exe C:\Users\Laura\AppData\Local\Temp\BodogClientUpdate.exe C:\Users\Laura\AppData\Local\Temp\BodogUpdate.exe C:\Users\Laura\AppData\Local\Temp\cmncdmrc.dll C:\Users\Laura\AppData\Local\Temp\cmncdmrc64.dll C:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos0a6h.dll C:\Users\Laura\AppData\Local\Temp\dtkill.exe C:\Users\Laura\AppData\Local\Temp\Executor.exe C:\Users\Laura\AppData\Local\Temp\Extract.exe C:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Laura\AppData\Local\Temp\HPQSi.exe C:\Users\Laura\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Laura\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\lowproc.exe C:\Users\Laura\AppData\Local\Temp\POKERSETUP.exe C:\Users\Laura\AppData\Local\Temp\RDVAlert.exe C:\Users\Laura\AppData\Local\Temp\Resource.exe C:\Users\Laura\AppData\Local\Temp\setupa2.exe C:\Users\Laura\AppData\Local\Temp\SetupAC.exe C:\Users\Laura\AppData\Local\Temp\siteChange.exe C:\Users\Laura\AppData\Local\Temp\SP47025.exe C:\Users\Laura\AppData\Local\Temp\SP47470.exe C:\Users\Laura\AppData\Local\Temp\SP48071.exe C:\Users\Laura\AppData\Local\Temp\SP48094.exe C:\Users\Laura\AppData\Local\Temp\SP48159.exe C:\Users\Laura\AppData\Local\Temp\SP48296.exe C:\Users\Laura\AppData\Local\Temp\SP48392.exe C:\Users\Laura\AppData\Local\Temp\SP48488.exe C:\Users\Laura\AppData\Local\Temp\sp50843.exe.exe C:\Users\Laura\AppData\Local\Temp\sp52110.exe.exe C:\Users\Laura\AppData\Local\Temp\sp54373.exe C:\Users\Laura\AppData\Local\Temp\stubhelper.dll C:\Users\Laura\AppData\Local\Temp\temp2371694056.exe C:\Users\Laura\AppData\Local\Temp\temp54282108.exe C:\Users\Laura\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Laura\AppData\Local\Temp\vcredist_x86-2010.exe C:\Users\Laura\AppData\Local\Temp\vcredist_x86-2012.exe C:\Users\Laura\AppData\Local\Temp\vpnclient_setup.exe C:\Users\Laura\AppData\Local\Temp\xvidupdate.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 14:11 ==================== End Of Log ============================
  17. My malwarebytes continuously tells me that it is blocking Malicious Websites. Outgoing traffic. fff5ee.com. I have run farbar and the log files are attached. Thank you in advance for your help. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.