Jump to content

Malicious Website Blocked


hockey5
 Share

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Laura (administrator) on LAURA-PC on 11-11-2014 23:53:35
Running from C:\Users\Laura\Desktop
Loaded Profile: Laura (Available profiles: Laura)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [sunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] ()
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [deski64x] => rundll32 "C:\Users\Laura\AppData\Local\Temp\cmncdmrc.dll",CreateProcessNotify <===== ATTENTION
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [avicbrkr] => rundll32 "C:\Users\Laura\AppData\Local\Temp\cmncdmrc64.dll",CreateProcessNotify <===== ATTENTION
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [benuYcona] => regsvr32.exe "C:\ProgramData\BenuYcona\BenuYcona.dat"
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [uejpUsxex] => regsvr32.exe "C:\ProgramData\UejpUsxex\UejpUsxex.dat"
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [GoogleUpdate] => C:\Users\Laura\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [18988250 2014-11-11] ()
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [fcriruf] => rundll32 "C:\Users\Laura\AppData\Local\fcriruf.dll",fcriruf <===== ATTENTION
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\MountPoints2: {cbf64c20-4b6c-11e2-8b7a-c80aa937949a} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {8D2E50EE-E1BC-4DF6-9790-5DCDA28BFD34} URL =
SearchScopes: HKCU - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1601888643-1408281928-2996122355-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://cccamera.lifepics.com/net/Uploader/LPUploader57.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\jhg2rura.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1601888643-1408281928-2996122355-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\npHDPlg.dll (Hulu LLC)
FF user.js: detected! => C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\jhg2rura.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012-08-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-27]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-27] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U4 eabfiltr; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 23:52 - 2014-11-11 23:52 - 02116096 _____ (Farbar) C:\Users\Laura\Desktop\FRST64.exe
2014-11-11 23:45 - 2014-11-11 23:45 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1601888643-1408281928-2996122355-1001
2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\FipfOkjav
2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\EagesEfaru
2014-11-11 23:34 - 2014-11-11 23:34 - 00023552 _____ () C:\Users\Laura\AppData\Local\fcriruf.dll
2014-11-11 23:34 - 2014-11-11 23:34 - 00000000 ____D () C:\ProgramData\UejpUsxex
2014-11-11 23:34 - 2014-11-11 23:34 - 00000000 ____D () C:\ProgramData\BenuYcona
2014-11-11 23:25 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-11 23:25 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-11 23:25 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-11 23:25 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-11 23:25 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-11 23:25 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-11 23:25 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-11 23:23 - 2014-11-11 23:34 - 00000000 ___SD () C:\dl
2014-11-11 23:22 - 2014-11-11 23:23 - 00000000 ____D () C:\Qoobox
2014-11-11 23:21 - 2014-11-11 23:25 - 00000000 ____D () C:\Windows\erdnt
2014-11-11 23:21 - 2014-11-11 23:23 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-11 22:40 - 2014-11-11 22:40 - 05598118 ____R (Swearware) C:\Users\Laura\Desktop\dl.exe
2014-11-11 17:44 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 17:44 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 17:44 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 17:44 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 17:44 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 17:44 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 17:44 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 17:44 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 17:43 - 2014-10-25 19:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 17:43 - 2014-10-25 19:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 17:43 - 2014-10-25 19:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 17:43 - 2014-10-25 19:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 17:43 - 2014-10-25 19:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 17:43 - 2014-10-25 19:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 17:43 - 2014-10-25 19:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 17:43 - 2014-10-25 19:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 17:43 - 2014-10-25 19:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 17:43 - 2014-10-25 19:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 17:43 - 2014-10-25 18:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 17:43 - 2014-10-25 18:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 17:43 - 2014-10-25 18:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 17:43 - 2014-10-25 18:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 17:43 - 2014-10-25 18:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 17:43 - 2014-10-25 18:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 17:43 - 2014-10-25 18:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 17:43 - 2014-10-25 18:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 17:43 - 2014-10-25 18:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 17:43 - 2014-10-25 18:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 17:43 - 2014-10-25 18:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 17:43 - 2014-10-25 17:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-11 17:43 - 2014-10-25 17:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-11 17:43 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 17:43 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 17:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 17:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 17:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 17:41 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 17:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 17:41 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 17:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 17:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 17:41 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 17:41 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 17:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 17:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 17:40 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 17:40 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 17:40 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 17:40 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 17:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 17:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 17:35 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 17:35 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 17:35 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 17:35 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 17:35 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 17:35 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 17:35 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 17:35 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 17:33 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 17:32 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 17:32 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 17:32 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 17:32 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-10 21:34 - 2014-11-11 23:53 - 00028092 _____ () C:\Users\Laura\Desktop\FRST.txt
2014-11-10 21:33 - 2014-11-11 23:53 - 00000000 ____D () C:\FRST
2014-11-10 20:31 - 2014-11-10 20:31 - 02140160 _____ () C:\Users\Laura\Downloads\AdwCleaner.exe
2014-11-10 20:24 - 2014-11-10 20:33 - 00000000 ____D () C:\AdwCleaner
2014-11-10 19:06 - 2014-11-10 19:06 - 00000000 ____D () C:\Windows\pss
2014-11-10 18:47 - 2014-11-11 23:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 18:43 - 2014-11-10 18:43 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-10 18:43 - 2014-11-10 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 18:43 - 2014-11-10 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 18:43 - 2014-11-10 18:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 18:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 18:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-10 18:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-10 18:20 - 2014-11-11 23:45 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1601888643-1408281928-2996122355-1001
2014-11-09 12:02 - 2014-11-09 12:02 - 00004214 _____ () C:\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT
2014-11-09 12:02 - 2014-11-09 12:02 - 00004214 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-09 12:02 - 2014-11-09 12:02 - 00000272 _____ () C:\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL
2014-11-09 12:02 - 2014-11-09 12:02 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-09 10:47 - 2014-11-10 19:39 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Ciyksema
2014-11-09 10:47 - 2014-11-09 10:47 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 1033307731
2014-11-09 10:36 - 2014-11-09 15:36 - 00000000 ___HD () C:\8440b83
2014-11-08 20:51 - 2014-11-08 20:51 - 00006656 __RSH () C:\Users\Laura\AppData\Roaming\{000069DC-6A40-1B9D-D66D-5061F2264274}.exe
2014-11-08 19:14 - 2014-11-11 23:35 - 00000520 _____ () C:\ProgramData\@system.temp
2014-11-08 19:14 - 2014-11-11 23:35 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-08 19:14 - 2014-11-08 19:14 - 00000448 ____H () C:\Users\Laura\AppData\Roaming\麽鎒駓覜
2014-11-08 19:13 - 2014-11-11 23:34 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\FrameworkUpdate7
2014-11-08 19:13 - 2014-11-08 19:13 - 00000000 ____D () C:\ProgramData\JudaNopu
2014-11-08 19:12 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-08 19:12 - 2014-11-08 19:12 - 00000000 ____D () C:\ProgramData\IowcUfvu
2014-10-30 13:09 - 2014-10-30 13:23 - 00000000 ____D () C:\Users\Laura\Desktop\Halloween
2014-10-30 13:09 - 2014-10-30 13:09 - 00000000 ____D () C:\Users\Laura\Desktop\New folder
2014-10-15 18:40 - 2014-10-15 18:59 - 00000000 ____D () C:\Users\Laura\Desktop\picJTH
2014-10-15 18:29 - 2014-08-28 20:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:29 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 18:29 - 2014-08-28 20:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 18:29 - 2014-08-28 20:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 18:29 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 18:29 - 2014-08-28 19:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 18:29 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 18:29 - 2014-08-28 19:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 18:29 - 2014-08-28 19:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 18:29 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 18:29 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 18:29 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 18:29 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 18:29 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 18:29 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 18:29 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 18:29 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 18:29 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 18:29 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:29 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 18:29 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 18:29 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:29 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 18:29 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:28 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:28 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 18:28 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:28 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:28 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:28 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 18:28 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:28 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 23:53 - 2010-03-17 02:17 - 01567507 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 23:50 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 23:50 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 23:45 - 2011-03-09 21:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 23:42 - 2011-03-09 21:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 23:41 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 23:41 - 2009-07-13 22:51 - 00850387 _____ () C:\Windows\setupact.log
2014-11-11 23:13 - 2014-09-12 15:02 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1601888643-1408281928-2996122355-1001
2014-11-11 23:13 - 2014-09-12 15:02 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1601888643-1408281928-2996122355-1001
2014-11-11 22:17 - 2014-06-15 09:35 - 00245760 ___SH () C:\Users\Laura\Desktop\Thumbs.db
2014-11-11 21:34 - 2010-08-01 18:57 - 00128912 _____ () C:\Users\Laura\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-11 21:32 - 2009-07-13 22:45 - 00455224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 21:30 - 2014-04-23 14:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 21:30 - 2010-03-17 02:19 - 00451746 _____ () C:\Windows\PFRO.log
2014-11-11 21:28 - 2009-10-30 22:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 21:18 - 2013-08-14 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 21:14 - 2010-08-05 06:22 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 20:59 - 2012-06-21 18:07 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\uTorrent
2014-11-10 20:58 - 2011-09-14 21:17 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-11-10 19:40 - 2009-09-06 19:57 - 00000000 ____D () C:\Windows\Panther
2014-11-10 17:42 - 2010-08-01 19:19 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\HpUpdate
2014-11-09 15:37 - 2009-07-13 23:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 12:03 - 2014-03-25 21:00 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apps\2.0
2014-11-09 12:03 - 2011-05-30 04:26 - 00000000 ____D () C:\Users\Laura\AppData\Local\Atheros
2014-11-09 12:03 - 2010-12-07 21:40 - 00000000 ____D () C:\Users\Laura\AppData\Local\Apple Computer
2014-11-09 12:03 - 2010-08-16 19:41 - 00000000 ____D () C:\Users\Laura\AppData\Local\Corel
2014-11-09 12:02 - 2010-08-16 17:44 - 00000000 ____D () C:\Users\Laura\AppData\Local\Adobe
2014-11-09 12:02 - 2009-10-30 22:08 - 00000000 ____D () C:\ProgramData\WildTangent
2014-11-09 12:01 - 2014-09-27 23:59 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-11-09 12:01 - 2014-06-22 09:56 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-11-09 12:01 - 2011-10-07 18:41 - 00000000 ____D () C:\ProgramData\Real
2014-11-09 12:01 - 2011-06-24 14:23 - 00000000 ____D () C:\ProgramData\Motive
2014-11-09 12:01 - 2009-10-30 22:49 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-09 09:49 - 2014-03-21 15:06 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLaura.job
2014-11-09 08:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-08 17:28 - 2011-10-07 18:41 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Real
2014-11-07 21:52 - 2011-12-14 21:07 - 00000000 ____D () C:\Bovada
2014-11-07 21:41 - 2014-03-21 15:06 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLaura
2014-11-07 17:39 - 2010-08-04 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-30 05:25 - 2010-08-01 19:19 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-20 18:40 - 2011-03-09 21:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 18:40 - 2011-03-09 21:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 18:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 11:52 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-13 06:48 - 2010-08-01 18:47 - 00000000 ____D () C:\Users\Laura

Some content of TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\5k5yWS5.exe
C:\Users\Laura\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Laura\AppData\Local\Temp\7z.dll
C:\Users\Laura\AppData\Local\Temp\7z.exe
C:\Users\Laura\AppData\Local\Temp\Bodog.comPokerClientUpdate.exe
C:\Users\Laura\AppData\Local\Temp\Bodog.euPokerClientUpdate.exe
C:\Users\Laura\AppData\Local\Temp\BodogClientUpdate.exe
C:\Users\Laura\AppData\Local\Temp\BodogUpdate.exe
C:\Users\Laura\AppData\Local\Temp\cmncdmrc.dll
C:\Users\Laura\AppData\Local\Temp\cmncdmrc64.dll
C:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos0a6h.dll
C:\Users\Laura\AppData\Local\Temp\dtkill.exe
C:\Users\Laura\AppData\Local\Temp\Executor.exe
C:\Users\Laura\AppData\Local\Temp\Extract.exe
C:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Laura\AppData\Local\Temp\HPQSi.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Laura\AppData\Local\Temp\lowproc.exe
C:\Users\Laura\AppData\Local\Temp\POKERSETUP.exe
C:\Users\Laura\AppData\Local\Temp\RDVAlert.exe
C:\Users\Laura\AppData\Local\Temp\Resource.exe
C:\Users\Laura\AppData\Local\Temp\setupa2.exe
C:\Users\Laura\AppData\Local\Temp\SetupAC.exe
C:\Users\Laura\AppData\Local\Temp\siteChange.exe
C:\Users\Laura\AppData\Local\Temp\SP47025.exe
C:\Users\Laura\AppData\Local\Temp\SP47470.exe
C:\Users\Laura\AppData\Local\Temp\SP48071.exe
C:\Users\Laura\AppData\Local\Temp\SP48094.exe
C:\Users\Laura\AppData\Local\Temp\SP48159.exe
C:\Users\Laura\AppData\Local\Temp\SP48296.exe
C:\Users\Laura\AppData\Local\Temp\SP48392.exe
C:\Users\Laura\AppData\Local\Temp\SP48488.exe
C:\Users\Laura\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Laura\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Laura\AppData\Local\Temp\sp54373.exe
C:\Users\Laura\AppData\Local\Temp\stubhelper.dll
C:\Users\Laura\AppData\Local\Temp\temp2371694056.exe
C:\Users\Laura\AppData\Local\Temp\temp54282108.exe
C:\Users\Laura\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Laura\AppData\Local\Temp\vcredist_x86-2010.exe
C:\Users\Laura\AppData\Local\Temp\vcredist_x86-2012.exe
C:\Users\Laura\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\Laura\AppData\Local\Temp\xvidupdate.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 14:11

==================== End Of Log ============================

Link to post
Share on other sites

Hello hockey5, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
Are you aware you've been infected with a file-encrypting ransomware called CryptoWall 2.0?
Information on the infection can be found here.
 
You may find you are unable to open personal documents, images, and other files. Unfortunately, unless the ransom is paid, any encrypted files are unrecoverable. 
 
We can remove the infections present on your computer, but you must decide how you wish to proceed in regards to any encrypted files. Please let me know. 
 
I also suggest you change passwords for accounts recently used. Your computer is badly infected. I can see at least 4 serious infections which open a backdoor on the compromised machine. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exeC:\Program Files\OutfoxTVHKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [{37f2efb6-1926-7b0d-d8d9-37c5d9014dc1}] => "C:\ProgramData\Microsoft\{37f2efb6-1926-7b0d-d8d9-37c5d9014dc1}\{37f2efb6-1926-7b0d-d8d9-37c5d9014dc1}.exe"HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\Run: [GoogleUpdate] => C:\Users\Laura\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exeC:\ProgramData\Microsoft\{37f2efb6-1926-7b0d-d8d9-37c5d9014dc1}HKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...\MountPoints2: {cbf64c20-4b6c-11e2-8b7a-c80aa937949a} - G:\MotorolaDeviceManagerSetup.exe -aHKU\S-1-5-21-1601888643-1408281928-2996122355-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKCU - DefaultScope {8D2E50EE-E1BC-4DF6-9790-5DCDA28BFD34} URL = SearchScopes: HKCU - {D04BBF95-8B8C-4B01-8104-55DF9F1BE6D1} URL = Toolbar: HKU\S-1-5-21-1601888643-1408281928-2996122355-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No FileFF NetworkProxy: "no_proxies_on", "*.local"FF NetworkProxy: "type", 0FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)U4 eabfiltr; No ImagePathS3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]2014-11-09 12:02 - 2014-11-09 12:02 - 00004214 _____ () C:\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT2014-11-09 12:02 - 2014-11-09 12:02 - 00004214 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT2014-11-09 12:02 - 2014-11-09 12:02 - 00000272 _____ () C:\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL2014-11-09 12:02 - 2014-11-09 12:02 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL2014-11-09 10:47 - 2014-11-10 19:39 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\Ciyksema2014-11-09 10:47 - 2014-11-09 10:47 - 00003816 _____ () C:\Windows\System32\Tasks\Security Center Update - 10333077312014-11-09 10:36 - 2014-11-09 15:36 - 00000000 ___HD () C:\8440b832014-11-08 20:51 - 2014-11-08 20:51 - 00006656 __RSH () C:\Users\Laura\AppData\Roaming\{000069DC-6A40-1B9D-D66D-5061F2264274}.exe2014-11-08 19:14 - 2014-11-09 15:25 - 00000424 _____ () C:\ProgramData\@system.temp2014-11-08 19:14 - 2014-11-09 15:25 - 00000160 ____H () C:\ProgramData\@system3.att2014-11-08 19:14 - 2014-11-08 19:14 - 00000448 ____H () C:\Users\Laura\AppData\Roaming\麽鎒駓覜2014-11-08 19:13 - 2014-11-10 19:39 - 00000000 ____D () C:\Users\Laura\AppData\Roaming\FrameworkUpdate72014-11-08 19:13 - 2014-11-08 19:13 - 00000000 ____D () C:\ProgramData\JudaNopu2014-11-08 19:12 - 2014-11-09 10:29 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-11-08 19:12 - 2014-11-08 19:12 - 00000000 ____D () C:\ProgramData\IowcUfvu2014-11-10 20:58 - 2011-09-14 21:17 - 00000000 ____D () C:\Program Files (x86)\CouponsC:\Users\Laura\AppData\Local\Temp\6_Offer_15.exeC:\Users\Laura\AppData\Local\Temp\7z.dllC:\Users\Laura\AppData\Local\Temp\7z.exeC:\Users\Laura\AppData\Local\Temp\Bodog.comPokerClientUpdate.exeC:\Users\Laura\AppData\Local\Temp\Bodog.euPokerClientUpdate.exeC:\Users\Laura\AppData\Local\Temp\BodogClientUpdate.exeC:\Users\Laura\AppData\Local\Temp\BodogUpdate.exeC:\Users\Laura\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos0a6h.dllC:\Users\Laura\AppData\Local\Temp\dtkill.exeC:\Users\Laura\AppData\Local\Temp\Executor.exeC:\Users\Laura\AppData\Local\Temp\Extract.exeC:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate.exeC:\Users\Laura\AppData\Local\Temp\FlashPlayerUpdate01.exeC:\Users\Laura\AppData\Local\Temp\HPQSi.exeC:\Users\Laura\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Laura\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Laura\AppData\Local\Temp\lowproc.exeC:\Users\Laura\AppData\Local\Temp\POKERSETUP.exeC:\Users\Laura\AppData\Local\Temp\RDVAlert.exeC:\Users\Laura\AppData\Local\Temp\Resource.exeC:\Users\Laura\AppData\Local\Temp\setupa2.exeC:\Users\Laura\AppData\Local\Temp\SetupAC.exeC:\Users\Laura\AppData\Local\Temp\siteChange.exeC:\Users\Laura\AppData\Local\Temp\SP47025.exeC:\Users\Laura\AppData\Local\Temp\SP47470.exeC:\Users\Laura\AppData\Local\Temp\SP48071.exeC:\Users\Laura\AppData\Local\Temp\SP48094.exeC:\Users\Laura\AppData\Local\Temp\SP48159.exeC:\Users\Laura\AppData\Local\Temp\SP48296.exeC:\Users\Laura\AppData\Local\Temp\SP48392.exeC:\Users\Laura\AppData\Local\Temp\SP48488.exeC:\Users\Laura\AppData\Local\Temp\sp50843.exe.exeC:\Users\Laura\AppData\Local\Temp\sp52110.exe.exeC:\Users\Laura\AppData\Local\Temp\sp54373.exeC:\Users\Laura\AppData\Local\Temp\stubhelper.dllC:\Users\Laura\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Laura\AppData\Local\Temp\vcredist_x86-2010.exeC:\Users\Laura\AppData\Local\Temp\vcredist_x86-2012.exeC:\Users\Laura\AppData\Local\Temp\vpnclient_setup.exeC:\Users\Laura\AppData\Local\Temp\xvidupdate.exeCustomCLSID: HKU\S-1-5-21-1601888643-1408281928-2996122355-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?Task: {488C665F-934B-4FAF-9B68-6AF5CB773BA9} - System32\Tasks\Security Center Update - 1033307731 => C:\Users\Laura\AppData\Roaming\Ciyksema\iruwmiv.exe <==== ATTENTIONFolder: C:\Users\Laura\AppDataCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Important: In the Encoding: drop-down box, select Unicode.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. This log will be very large. Ensure you attach the file.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 4
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached!)
  • MBAM log
  • ComboFix.txt
  • TDSSKiller log (attached!)
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Thank you for the help Adam.

My first name is Todd.

 

I was not aware that I had been infected with CryptoWall 2.0.  I read the information you provided and I am obviously worried about what it has done to my computer and my files.  I hadn't noticed that I couldn't open any documents or files, just that my computer was running very slow. However, I haven't checked the files so I guess I'll what happens.  As I understand it, I would have to pay a ransom to open encrypted files?  Is this something that can be decided later? Hopefully after you help me remove the infections and I have a chance to see what files were encrypted?

 

I have started with STEP 1 of your instructions.  I have copied the Script to a fixlist.txt file and placed it on the desktop (where the FRST64.exe files is) and ran the programme and clicked "fix".  It has been "fixing" for over an hour.  Is this normal and should I just let it keep running?  One item to note, the infected computer is not connected to the internet.  Is that a problem?

 

 

Thank you for your help. 

Link to post
Share on other sites

Hello Todd, 

 

We can remove the malware first, and access the damage caused by CryptoWall afterwards. 

I believe you have been infected with the first variant of CryptoWall; not the second as my original post suggests. This is good news, and may allow recovery of your files. 

 

As FRST has been running for so long, please close the programme. Check for Fixlog.txt on your Desktop. If this file is present, please attach in your next post. If not, please repeat the step. 

 

Having the machine disconnected from the Internet is OK whilst running FRST. 

 

Please wait for my review of the log before proceeding with STEP 2. 

Link to post
Share on other sites

Adam,

The FRST is still running.  Since my last post, the program appears to have moved from "fixing" status to "scanning" status.  It appears to be scanning all of the files on the computer.  

I do not find a Fixlog.txt on the desktop.

I have NOT stopped the program, since it appears to still be scanning.  Please let me know if you still want me to stop the program and restart the repair.

 

Thank you

Link to post
Share on other sites

Adam,

I closed FRST, recreated Fixlist.txt and re-ran FRST.  It again appears to be "fixing" for a long time.  It is still running.  However, I noticed a fixlog.txt on the desktop.  I have attached the file.  I tried to cut and paste the text into the body of this post, but I was having trouble.  Sorry about that.

 

Please let me know if I should do something else.

 

 

Thank you.

 

 

 

 

Fixlog.txt

Link to post
Share on other sites

Adam,

I have attached a txt file of the scan log.  I know you stated you preferred that logs are posted directly as plain text, however I can't seem to get this to work.  I have tried breaking the file up but I still can get it to paste.  I apologize if I am making your work harder.  I must be missing something.

 

I can start Step 3 if you would like.

 

Thank you.

Todd

 

malwarebytes scan log.txt

Link to post
Share on other sites

Hi Todd, 
 
Please do the following. 
 
MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offdir C:\Users\Laura\AppData /s > "%userprofile%\desktop\dirlook.txt"del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Once the black Command Prompt disappears, attach dirlook.txt (found on your Desktop) in your next post.
Link to post
Share on other sites

Hi Todd, 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1601888643-1408281928-2996122355-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - DefaultScope {8D2E50EE-E1BC-4DF6-9790-5DCDA28BFD34} URL = FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dllC:\Users\Laura\AppData\Roaming\Catalina Marketing Corp2014-11-12 14:31 - 2014-11-12 14:31 - 00000000 ____D () C:\Users\Laura\467D5E81834948929E81C3674ED8E451.TMP2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\FipfOkjav2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\EagesEfaru2014-11-11 23:34 - 2014-11-12 14:26 - 00000000 ____D () C:\ProgramData\UejpUsxex2014-11-11 23:34 - 2014-11-12 14:26 - 00000000 ____D () C:\ProgramData\BenuYconaC:\Users\Laura\AppData\Local\Temp\{2EF8AC01-7D6E-433A-A126-FE0BB3427A2F}.exeHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81266742.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81266742.sys => ""="Driver"EmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Attach the log in your next reply.
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
  • ESET log (attached!)
Link to post
Share on other sites

Hello Todd, 
 
Those detections are either for files we've already removed, or the ransom notes left behind by the ransomware. 

Please provide an update on your computer after doing the following. Are there any outstanding issues (excluding your encrypted files)?
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Download fixlist.txt
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the file in your next reply.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached!)
  • FRST.txt
  • Addition.txt
  • Update on computer
Link to post
Share on other sites

Adam,

Attached are the logs you requested.

In general the computer is running much better.  There are a couple of items that I noticed. 

First, when I use Internet Explorer, I consistently get two pop up windows. 

 

I get a "Security Alert" pop up window that states, "You are about to leave a secure Internet connection.  It will be possible for others to view information  you send. Do you want to continue? "

 

Then when I click on yes a new window pops up that says, "You are about to view pages over a secure connection. Any information you exchange with this site cannot be viewed by anyone else on the web."  Both times I have the option to check the "In the future, do not show this warning" box.

 

I have never seen these before.

 

Second, I went out to youtube and tried to play a couple of videos.  I don't get any sound.  I have turned up the volume on the computer and in the youtube window.  But still no sound.  I can hear the typical windows sounds such as a "bing" sound when I click on something incorrectly.  So I don't think it is the speakers. 

 

Thanks so much for your help.

 

Addition.txt

Fixlog.txt

FRST.txt

Link to post
Share on other sites

Hello Todd, 
 

First, when I use Internet Explorer, I consistently get two pop up windows. 

This is normal. ComboFix resets certain IE settings, causing these pop-ups. 
You can safely check the "In the future, do not show this warning" box. 
 

Second, I went out to youtube and tried to play a couple of videos.  I don't get any sound.  I have turned up the volume on the computer and in the youtube window.  But still no sound.  I can hear the typical windows sounds such as a "bing" sound when I click on something incorrectly.  So I don't think it is the speakers. 

Can you try using an alternative browser, and let me know if you experience the same issue.
Please avoid browsing too much, as you still have vulnerable software installed, which makes your computer susceptible to malware infection.
 
-----------------------
 
Please locate an encrypted file, and let me know if the following works. 
To restore individual files you can right-click on the file, go into Properties, and select the Previous Versions tab. This tab will list all copies of the file that have been stored in a Shadow Volume Copy and the date they were backed up as shown in the image below.
 

previous-versions.jpg

 
To restore a particular version of the file, simply click on the Copy button and then select the directory you wish to restore the file to. If you wish to restore the selected file and replace the existing one, click on the Restore button. If you wish to view the contents of the actual file, you can click on theOpen button to see the contents of the file before you restore it.
This same method can be used to restore an entire folder. Simply right-click on the folder and select Properties and then the Previous Versions tabs. You will then be presented with a similar screen as above where you can either Copy the selected backup of the folder to a new location or Restore it over the existing folder.

Link to post
Share on other sites

Adam,

Thank you for the info on the warning boxes for internet explorer. I've check the "in the future..." boxes and all is good.

I also figured out the sound issue on youtube.  When I clicked on the volume icon in the system tray there was an option to click on "mixer", which I did.  And a number of volume slides opened and for some reason the slide for Internet Explorer was muted.  I unmuted and it worked.

 

Regarding the infected files.  Can you guide me in how to find an infected file? I've looked at a number of photos and videos and they all seem to work. I will keep looking but if there is a better way to locate please let me know.

 

Todd

Link to post
Share on other sites

Adam,

I find the below list of folders with the "Win32/Filecoder.CR trojan" flag.  To be honest, none of those folders contain personal photos or documents so I am not sure what file I should be trying to restore.  I would guess these folders are "important" as there names seem to indicate that they are used for our printer (Hewlett Packard) or my wife's fitness bracelet (fitbit) or Adobe among other things.  I just don't know what file is encrypted or how the virus is effecting the operation of these.   I guess it is good that photos and such aren't encrypted? 

Sorry if I'm not doing something correct. If you want me to try something else please let me know

 

C:\FRST\Quarantine\C\Users\Laura\AppData\Local\Apps\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan

 

C:\ProgramData\FitbitConnect\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\acceller\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\aol\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\symantec\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\vongo\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\LangRes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\LangRes\xx_xx\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HP Advisor\LangRes\xx_xx\Resources\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Real\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Real\RealPlayer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Real\RealPlayer\Database\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Real\RealShare\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\Real\RealShare\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\RealNetworks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\RealNetworks\RealDownloader\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\RealNetworks\RealDownloader\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\WildTangent\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\WildTangent\Zuma\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\WildTangent\Zuma\cached\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\ProgramData\WildTangent\Zuma\cached\sounds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\FitbitConnect\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\acceller\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\aol\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\attach\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\symantec\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\basefeeds\hq\101\ec-base\attach\media\vongo\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\LangRes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\LangRes\xx_xx\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HP Advisor\LangRes\xx_xx\Resources\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Hewlett-Packard\HPSAUpgrade3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Real\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Real\RealPlayer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Real\RealPlayer\Database\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Real\RealShare\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\Real\RealShare\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\RealNetworks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\RealNetworks\RealDownloader\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\RealNetworks\RealDownloader\Flash\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\WildTangent\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\WildTangent\Zuma\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\WildTangent\Zuma\cached\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\All Users\WildTangent\Zuma\cached\sounds\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Adobe\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apple Computer\iTunes\iAd\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\YEVYKDRB.VOH\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\YEVYKDRB.VOH\onli..tion_751ffe0e5ce5d2e7_0001.0001_c972d513e1621f14\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\Data\GBZ19DNH.31D\YEVYKDRB.VOH\onli..tion_751ffe0e5ce5d2e7_0001.0001_c972d513e1621f14\Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\RGLHOHN1.LLA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\RGLHOHN1.LLA\TVNJGV9H.NK8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Apps\2.0\RGLHOHN1.LLA\TVNJGV9H.NK8\onli...exe_751ffe0e5ce5d2e7_0001.0001_none_74bdab4cdb5192d3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Atheros\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\00f472BE936eCDedF2ea37d5ed9a05D1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0139bfB97Ca081deA62b0fa2bd2e8B16\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\019847807983118fBB31c0f4fe0398C3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\01e20c02966d5E0b9F5af6c9a0e48418\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\03227bAAA3ddBC7055460cab8ce02EF0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\034a0209AF9aE1d74226a82821bc43AD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\035aed6EBC9eDE66F4047ef87ef3B514\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0504c5BA33a21285FF95be348c701D81\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\05fa4936B4091Bcf2D39a0f32515B983\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\06ca4777CF48DCe8FAf97e8ab192D8A0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\06f307167613542600225b88cc7aF0EE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\06fef4197Ff81A52179fd4cc2dc1D122\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0708e040B01bE26fE2a0c9c4967588B8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\08d2838020f481a60Ce36a5c23aeB568\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0Aaee1C80F8823f36F010b7a560852CE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0Ca71dD971c6D2e41A133b7dfca494FC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0De93446734d9Ad404f71e3f711c469E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\0Fbda54B69ba2F8aFE3c7c529ca471D1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\13843bA6201aDEcf86818ab0f09aEFCD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1384dd88EF6a82cfB51425a7ece968D5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1478a3FC2202B01561e4b5912ea74691\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\14a393A0A63c725eF21c0f8fed6123B0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\157796863888480eECcb55d2b850F49E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\166487BB15c597c76Ca10480467d9CD2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\168d1b7D91e38B44B8916204399f5C39\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\16f75a1D6A2f285b3074b823e0b0E12B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\18d9d6F8E4ab421d736064ae533d9D91\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1917acCD93f6A5441661bb9633ffDFA3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ac17d5843d3C860DE6b6e31f725D8C1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ba997844D532C62F12b7d284e857257\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ec901288Ac4BD56A829c53ffe964D1D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1Ede0eFE7AdeA3fc777f886da6f4B7B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\1F08d23E32fdB3104Ec578dd39d062C5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\219b134865bfE0cdFF698e6187ce9F83\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\21f6a24BDE41AF8d2Ce7810d9972807B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\2317f30D0Dc609fdF897a1812d688CC2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\239ae2B1A349D234830a3fbab8d192D2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\24a9e6DD4A98F1843A9c6135cdba69FB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\26777dB4B98d325a657b38ef29756118\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\26a20b7856e945e2AD9764aca08822F7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\296c6e37FF67C158885ae6886b7e7B92\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\29d092AF3Eac5C473Bbdb805b4731A02\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\2Cbba291D56fCCd607498d2482c29C5D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\2E403fCFDA39AD4600b817b0569cEC47\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\306065B56661B7a353ecee546a279A17\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\30b6491F8600021f37068ded8e8f470D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\30e9041B933c593068a68568e7471696\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\319d2cECF3d646d25Dc4e8076a58E4C0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\3200f213DBec8EbaE2d3033399ff1D3C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\3542c6A1E3d7B972A6b792fe84c47DA8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\369f6f288B2f28a491c620a97baeC810\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\377c69D7DD74E015C5091b3919d421A0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\38869e70177635a8B091e351f6c43178\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\393bd831079eE98f82ae4070f3f18DF3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\39685d1664fbCF06AEb1117571c0853B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\3D52d970A4be1Bcb9A43828380699D8B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\3Ead4dFD5Ce7D7515377086c919727C2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\3F1066FC7953097aD5c22956c6c2C5BF\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\3F71f711B1329B74875360c0b7843B87\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\40e30b6357de5E5eFD475fa1b41a3D70\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\415cc33CD255972f606027c1ff5aB3F6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\434041340Ad1ACe5C77e94e0878e1745\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\45e13b26AE15AC7e6E1545fb90a2E91A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\461d9dC96Fed7Ace6715150257c1E583\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\46a1f5075430EDb59212d9d7979c9FB9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4798700CEB6c96764201b9600d9f6F51\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4923dfBBAAd7643b88513394709cBE02\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\498dbc621884AE29E4a32f3baac03ACB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4A7ff4AC26f565e031e368a5bd264473\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4B57ee66568bD0e8187fba8d3cd15BDD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4Bac5543C2580De1172e224e46424B87\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4Bc2dd60BA088E95A826c51c15b766CD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4D2b59BB6A8fFCf1E2f5746d344aFDA5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4Dbed925B6e7664eBE3f8d8f2ed7446D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\4F0f8b72864eC55f94b670fd64201580\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5217bc3756dfE123ABe97e4e3fe26A41\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\526d6cDB5Cd55Cdd5A4178c0b769EF98\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5585f34CF6308D39D7b53519091c53FB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\57b3b3541Efd2781A67f10d453068471\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\584ee7D1CE6b0Ac0CEe40f837b647EFE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5950ae36097f7Fc9073d3d780221BB4D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5975cfC6E9d06Bbc34e25b41bc8b9350\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5A6ee034C08fC9e4EB0911940e093901\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5Ad689DF1E44F34c490c19d39555278E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5B4f329E603bDB4dDE9509fd7e291FC2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5Beae8DF330e199cC01c32555d1bA728\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\5E69a4B924e3040e2Bde2ef7e2e8F714\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6181f00326adB36f6604317b33e4128C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\62caf0EB9Baa4C52C745a75d63b25F10\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\630a0e97CD9a2E12BB9ce2e46c9214B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\64aa4e821614CAb5311ad5973857B538\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\64fed340AE1fED56FEec31e1bf705E89\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\65100019509614b090b64584649d7D57\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\661042E352685818CEa97a87890b3646\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6720d2F46274CF24FB0949f5b12c4BA8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\672b2766F5e54Dbe5B7299b51c7b4811\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\684344CDD325965859d096133db8C5D7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6926c317DAb368cb58c119b417ba3C2E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6B962f7C4Dcc36e4DE02f245f9ceA182\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6CddacD73A7f1D378E9b336fe42193B4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6D45783E5EbdCB52F46b57b55db95DF8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6E263c0C6C76D852C6e7155bc915D001\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\6F3abf40F078D3f5C75aab7bf805B784\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\70a8b89491a28F229A53d3519c15DAFA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\70bf186D6EfbEFbb073edcc77f746A12\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7241f986B11622555E291194a9fc1E98\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7329783224cc6A4d4Dbbf156de18B02A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7385c395AFa4EE9150b501ed94aaCAED\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\77cdb31C463d29fcF9d8677cc7a1830A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7801ea9A19acBF097D13c002fd01B1AD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\791200B2911e018722e7993b2b381F3E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\79cad186F6c8934dD22651c2a06436BE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7A3e1e971F4251a9AAc836b26bfc0163\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7Ad9718B5774747e21d73d21a7a53FD0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7C84b3805Cc20997EB1605d6fa98447B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7D06f00E72abDD96397f7284de830D56\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7E749a0F2Fdb2CdbBA14971c69ed3932\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7Fb26d09D0c05F35EE8ed3c153a2F1B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\7Fca5364FAafC0cf43b2278f6d1b3B83\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\80c3bbE12Dd0BEecBD3f4358be2746E2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\81a807A611c1EDb027eee964946806AC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\81afadD31F2a1Cbe6Fdf10a056248DF6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\827f38C6456b0982838baf5b42fa53B1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\83d98bC75D3d18a0C0d99c2fb6fe0387\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\873062A66B7dC2c9EAd2a3bee153F406\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\8891f67BC45b0A0462a66bb00989AC3E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\8B588444F31b60249Fac052b15865E2F\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\8C10954E53e24Dc0076df930d356962C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\8C7f1b8B3D62C45d4495d43760030EA9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\8F6815912D41855985ef7694d4a987AC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\901c3f9D743b83e1D9dbda0ca90023C4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\906fb11C3B4f8C1b195ebd1099c87AC8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\914121F0B47b3E21A9492d1598d3966D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\91e97e6BDEf5E38b9D972648c4039D5E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\924ddf22F856AA3241d5cb790d72AACE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\92cda0716070205d4D5e946238f76B6A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\93840f277C7fD28bBF042d26a4dc57C9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\943206603Df8778771ae384d05b23BB6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9461362C275aE115AEcb8fba343b1296\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9539f373DB47254cB192b59d04c389E7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9597d073927cF3daC38418a3e20765DC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9684566B060609486271719a04e45CF3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\96f43eA54683E6b2ADa55acaa446B1DE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9Baa8bD6C6ccB48c80f0fdac2590CE18\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9C09973165c7D6f42C0d04272cca7F54\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9Ce2a693B84eBD6e2D887068b1122936\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9D4a57897590E6011Ed8ee38a44dE5B7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9E307e8F9768663eC306cbbdf5a63CBD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\9E67b34690831FaaCF26430f1dcd8BFF\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A07d33604De40F5077c5eb045c557779\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A2345c16FE54C65bFF62698236402229\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A26d18183775B7dfDAa202ffe8f7B4F4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A3c39033CEe9105b170fc5b1f04a5376\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A4e04bB28315286b8Ada323fb8546CD5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A88c520B3869ABf651cf629a09d98376\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A8945123CCa25570D46250193007AD6D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A90d66312EfaE7930A3980425a10D7BD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A98bc4E661580B6e931ba253480d2366\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\A9f2f362BBa4431f1Ab7711b51181CEA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\AB70fdBAD0990F362Bf9b6ef6c4eF192\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\ABaaa75C2145D5cb557d84a719777738\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\ADf898EC77de3F011Bc0a31b937b087B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\AF6b8f852Db3E7e6CB3ea40578b5BA96\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\B0f0e92C440182f5F393298eb1ff5044\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\B4b926297Dc308b5EE6851bc69e7F077\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\B55fd9F6E4cc743095707b1a56c4801C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\B5f6fcFC3CfcEE05E31189c1fbe56EFC\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\B9bef9C47140CDfaE9cdb0607d14F785\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BA420d5AFE0d1D332Caa369655472BD4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BA7d67A56990B752E2a20b9c574dDA8C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BBe3723439f36672764604f7484bB0C3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BC450491BA211D50EA8074937acdDBC8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BCbaf5C7E50026aa558a9f45852fE21E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BDbf2bDE76265C3450e61390d4677C49\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BE1ad722447086a8A6b0d3a889f5B181\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BE823a3C6010E546F7b9baa810f231CB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\BF8ec85736fd012d672e4efca5814B50\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C09e7827B30148c1057c3a247c482FA3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C1c1eeF0E94b9771F509c8972bd63C0D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C34772181B0fE720B06a4c88ff96CBC1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C418a535FDf46FbaFC5a40f48ccbEA2B\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C57c402E317eC379F5a6c4c4f752C50D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C608f65691d74D13179eb7c7ad044DB6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C64452B44E2fC9d932e4f32d24620CB0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C76f6654B3338Cfa7261c67a0e49E71F\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C87f5c795C633Dd49Bcb7968e1ee1F9A\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C88fd9DA5A9826e83170e925472c8EB4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\C9ed27C73Fe382fdF21177e63d3a20DB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CAb1d880A070A2d0A808e769e957C6A1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CC7c13B06Ff60Aad4C714caa2b1e8369\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CCe3a82F9E0b75fbCEfa2cc36a615DCA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CCfdba59D436A7ef3Fe3dbff261c5C5F\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CD168377D7919A8d173572c25318F887\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CD2c6aC89Abc8Fb0CDa9055cadb60B35\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CD9a7e5910440Be8512b156e36a1C9EB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CE7abdD2D65c1Ac4B0229fc50842F72D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\CF21d6A6CD34525995ab70b1d545467C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D00643625022223d4248cf4b1d7a6FE0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D0b1aa37715bB3f089d1cb9c5bb7E5C8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D12693972B2c0Ed7C2f141422eecFE70\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D14ff2E283feE47899e72359b89e926C\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D25ffaAB0739E76e08f0bc2f53f029B3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D27f66EBAC6b636a568f913c29dd19CD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D2826945DC34429f58a6da20932c67C8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D4b7413163043D5a8C25532fdb126450\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D4e063F73Fd06Cb4EB0d73e4f7eaC252\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D617021E5B2d1303D780baa1fcf4E122\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D676534E0C7884b8449526fd0a79C469\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D7a0941261e13B36376b6f9f258a3157\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\D910acDA1B786671CD28aa8fe37297BA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\DC23e1AE94195Fa3DCbec6e6e6a5DA04\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\DD2a91EDB4769Aef2106a8b4564702AD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\DE44a751B4efF78c52d9abd58818FF04\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\DF492b699EceCCd98Ba79e6e3928A210\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E067b686D79119f367c88491386e5F78\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E06f907DA19672c999798a9bbb7b8AA6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E14d228963f80079AD94356d5c5d4FBB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E1e153AE19b45Fc6E9a554904cdb143E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E2a197BD468e4667064a558c41ef721E\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E30d4f6E088892ff2D47d25dcaabAEF4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E3bd31038A1b22cd6A35d346cc9c9CF8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E4884aA64B9dBAfd71b00c14f605D87D\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E4fc65BAE4f94Aaa82bd73f2000a7540\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E5ae6cD877c533a36015f05432620673\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E61d36D03Bb579132C82e385f692E1CA\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E642fdE4AF5846fdC1dad56cc2067942\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E7042bFFC0740C0a126a7d002b965CE7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E8457607282d7F4e4469d71b42f928A2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\AppData\Local\Corel\Thumbs\E97f801F0Afa1459C11d16e843d83F81\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

C:\Users\Laura\Downloads\cnet_full_video_converter_free_exe.exe a variant of Win32/InstallCore.D potentially unwanted application

 

D:\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan

 

E:\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR Trojan

Link to post
Share on other sites

Hi Todd, 

 

That's good. :)

If no important files have been encrypted, we can move onto the final stages of this process.

 

We now need to update your vulnerable software to reduce the risk of reinfection.  
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Flash Player 11 ActiveX

    • Adobe Flash Player 11 Plugin

    • Adobe Reader 9.5.5 MUI

    • Java 7 Update 60

  • Follow the prompts, and reboot if necessary.
     

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.