Jump to content

fff5ee.com and dllhost.exe


sshutte
 Share

Recommended Posts

Hoping someone can assist me. My computer starting showing signs of something not being right. Ran Malware earlier this evening. Removed a bunch of items. Restarted and upgraded to the premium version of Malware. Ran it again. Didn't show anything being present, but now every few minutes is popping up with blocking Domain: fff5ee.com  and process: dllhost.exe   Did a little search online about those two things and now realize something is majorly wrong. I've attached the logs as directed. Please note: I'm not computer saavy at all so you may have to spell out every little detail for me! Sorry!

Nov11 9pm Malware log.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Hello sshutte, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
Are you aware you've been infected with a file-encrypting ransomware called CryptoWall 2.0?
Information on the infection can be found here.
 
You may find you are unable to open personal documents, images, and other files. Unfortunately, unless the ransom is paid, any encrypted files are unrecoverable. 
 
We can remove the infections present on your computer, but you must decide how you wish to proceed in regards to any encrypted files. Please let me know. 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM-x32\...\Run: [gqozmmhqim] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sue\AppData\Local\Temp\Low\fxuwvxm.dll"C:\Users\Sue\AppData\Local\Temp\LowHKU\S-1-5-21-3336796823-2872703279-625288369-1000\...\Run: [acillao] => rundll32 "C:\Users\Sue\AppData\Local\acillao.dll",acillao <===== ATTENTIONC:\Users\Sue\AppData\Local\acillao.dllHKU\S-1-5-21-3336796823-2872703279-625288369-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => "C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" File Not FoundURLSearchHook: ATTENTION ==> Default URLSearchHook is missing.BHO-x32: No Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} ->  No FileBHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No FileFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xmlS1 condgryp; \??\C:\Windows\system32\drivers\condgryp.sys [X]S1 dltsepub; \??\C:\Windows\system32\drivers\dltsepub.sys [X]S1 gcuhkyjx; \??\C:\Windows\system32\drivers\gcuhkyjx.sys [X]S0 lvmt; System32\drivers\oulraj.sys [X]U3 tmlwf; No ImagePathU3 tmwfp; No ImagePath2014-11-11 17:52 - 2014-11-11 17:52 - 00004200 _____ () C:\Users\Sue\AppData\Roaming\DECRYPT_INSTRUCTION.TXT2014-11-11 17:52 - 2014-11-11 17:52 - 00004200 _____ () C:\Users\Sue\AppData\DECRYPT_INSTRUCTION.TXT2014-11-11 17:52 - 2014-11-11 17:52 - 00000270 _____ () C:\Users\Sue\AppData\Roaming\DECRYPT_INSTRUCTION.URL2014-11-11 17:52 - 2014-11-11 17:52 - 00000270 _____ () C:\Users\Sue\AppData\DECRYPT_INSTRUCTION.URL2014-11-11 17:50 - 2014-11-11 17:50 - 00004200 _____ () C:\Users\Sue\AppData\Local\DECRYPT_INSTRUCTION.TXT2014-11-11 17:50 - 2014-11-11 17:50 - 00000270 _____ () C:\Users\Sue\AppData\Local\DECRYPT_INSTRUCTION.URL2014-11-08 20:51 - 2014-11-11 19:22 - 00000000 ____D () C:\ProgramData\RovwUkun2014-11-08 20:51 - 2014-11-11 19:22 - 00000000 ____D () C:\ProgramData\BizvAfimt2014-11-07 18:22 - 2014-11-11 17:48 - 00004200 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT2014-11-07 18:22 - 2014-11-11 17:48 - 00000270 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL2014-11-07 18:18 - 2014-11-07 18:18 - 00000000 ___HD () C:\7157cd12014-10-30 18:36 - 2014-11-08 20:54 - 00000160 ____H () C:\ProgramData\@system3.att2014-10-30 18:36 - 2014-11-08 20:53 - 00000424 _____ () C:\ProgramData\@system.temp2014-10-30 18:36 - 2014-10-30 18:36 - 00000448 ____H () C:\Users\Sue\AppData\Roaming\麽鎒駓覜2014-10-30 18:35 - 2014-11-11 19:22 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\FrameworkUpdate72014-10-30 18:33 - 2014-11-11 17:45 - 00000000 ____D () C:\ProgramData\Windows Genuine AdvantageCustomCLSID: HKU\S-1-5-21-3336796823-2872703279-625288369-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?Folder: C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}Folder: C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}Folder: C:\Users\Sue\AppDataCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Important: In the Encoding: drop-down box, select Unicode.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. This log will be very large. Ensure you attach the file.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 4
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Thoughts on CryptoWall?
  • Fixlog.txt (attached!)
  • MBAM log
  • ComboFix.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites

Hi Adam, I'm Sue. Ok I did NOT know I had a cryptowall. It must be very new, I haven't gotten a ransom note and it appears only some files are currently effected, though I did note the more I use the computer the worse it will get. I did read through the info on that. Can I do a complete system restore and try to save some files? There isn't much that's important, but a few things is like to save. If I do that and save them, and put it on another computer (assuming it works) will I just transfer the cryptowall? I'm not willing to pay a ransom, my stuff isn't worth that much. At this point I'm thinking if I can save my files, I'm getting a new computer. This thing was t all that special to begin with! Your guidance would be appreciated and I'll let you know what I decide to do. Thank you!

Link to post
Share on other sites

Hi Sue,

Here's one ransom note: C:\Users\Sue\AppData\Roaming\DECRYPT_INSTRUCTION.TXT

Unfortunately, a System Restore will not work.

Your WMI (Windows Management Instrumentation) is damaged in any case, so you will not actually be able to open System Restore.

-------------

Edit: It looks as if you're infected with CryptoWall, and not CryptoWall 2.0. So there may be the chance to recover your files.

We need to remove the malware first, repair the damage to your WMI, and then see if recovery is possible.

Link to post
Share on other sites

Next up: the Malware Bytes log from the scan I just ran (according to your directions above):

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/12/2014
Scan Time: 9:20:10 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.12.07
Rootkit Database: v2014.11.11.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Sue

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327372
Time Elapsed: 28 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

ComboFix log:

 

ComboFix 14-11-11.01 - Sue 11/12/2014  10:16:40.1.2 - x64
Running from: c:\users\Sue\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-12 to 2014-11-12  )))))))))))))))))))))))))))))))
.
.
2014-11-12 15:25 . 2014-11-12 15:25    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97F329F0-5FB7-4EFE-94D3-BB6943097D1B}\offreg.dll
2014-11-12 02:05 . 2014-11-12 14:16    --------    d-----w-    C:\FRST
2014-11-07 02:45 . 2014-09-17 16:24    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67EE9735-A8FE-43F8-AD4B-2076DE35750A}\gapaengine.dll
2014-11-07 02:45 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97F329F0-5FB7-4EFE-94D3-BB6943097D1B}\mpengine.dll
2014-11-06 01:21 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 15:26 . 2013-02-26 03:00    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2014-11-12 14:32 . 2012-04-07 00:53    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 14:32 . 2012-03-03 14:58    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 14:20 . 2014-07-04 12:04    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 23:43 . 2014-10-30 23:43    860488    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\xkbdxxcye.exe
2014-10-30 23:43 . 2014-10-30 23:43    81768    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\xinput1_3.dll
2014-10-30 23:43 . 2014-10-30 23:43    353096    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\ppgooglenaclpluginchrome.dll
2014-10-30 23:43 . 2014-10-30 23:43    33280    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\rundll32.exe
2014-10-30 23:43 . 2014-10-30 23:43    132424    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\widevinecdmadapter.dll
2014-10-30 23:43 . 2014-10-30 23:43    14669128    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-10-30 23:43 . 2014-10-30 23:43    8537928    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\pdf.dll
2014-10-30 23:43 . 2014-10-30 23:43    718152    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\libglesv2.dll
2014-10-30 23:43 . 2014-10-30 23:43    491336    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\metro_driver.dll
2014-10-30 23:43 . 2014-10-30 23:43    310088    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\libexif.dll
2014-10-30 23:43 . 2014-10-30 23:43    2401096    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\libpeerconnection.dll
2014-10-30 23:43 . 2014-10-30 23:43    1936712    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\nacl64.exe
2014-10-30 23:43 . 2014-10-30 23:43    126280    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\libegl.dll
2014-10-30 23:43 . 2014-10-30 23:43    1732936    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\ffmpegsumo.dll
2014-10-30 23:43 . 2014-10-30 23:43    1912136    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\delegate_execute.exe
2014-10-30 23:43 . 2014-10-30 23:43    3231688    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\d3dcompiler_46.dll
2014-10-30 23:43 . 2014-10-30 23:43    2106216    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\d3dcompiler_43.dll
2014-10-30 23:43 . 2014-10-30 23:43    131912    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\chrome_elf.dll
2014-10-30 23:43 . 2014-10-30 23:43    33836360    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\chrome_child.dll
2014-10-30 23:43 . 2014-10-30 23:43    30104904    ----a-w-    c:\programdata\Microsoft\PlayReady\Kdhnxzxhq\zujnodtykrw\36.0.1985.143\chrome.dll
2014-10-30 11:25 . 2012-02-25 23:07    275080    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-01 15:11 . 2014-07-04 10:39    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11 . 2014-07-04 10:39    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11 . 2012-10-08 00:17    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-17 16:24 . 2012-06-13 22:07    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2009-04-08 18:31 . 2009-04-08 18:31    106496    ----a-w-    c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45    155648    ----a-w-    c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-02-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 2244608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-1-8 12862]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys;c:\windows\SYSNATIVE\DRIVERS\GUCI_AVS.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:32]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8e67589c8d05.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26 16:34]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfec83d04465b2.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-26 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2009-09-17 314880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\AsScrPro.exe
.
**************************************************************************
.
Completion time: 2014-11-12  10:32:25 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-12 15:32
.
Pre-Run: 415,835,967,488 bytes free
Post-Run: 415,688,863,744 bytes free
.
- - End Of File - - 4C746E73488CA40913C4574A9466129D
5C616939100B85E558DA92B899A0FC36

Link to post
Share on other sites

My only other issue at this time is: your directions indicated that I should turn off any anti-virus software before running ComboFix, which I did: Malwarebytes, Microsoft Security essentials, and the firewall. After I finished running ComboFix, I was supposed to turn them back on. Only for whatever reason, my computer doesn't seem to be letting me turn the firewall back on? Am I a complete idiot? Why won't the firewall work correctly?  Also, it appears that many of the important documents I am worried about are not currently effected by the CryptoWall, meaning, it appears that I can still open them. If I back them up to a disk, will the CryptoWall issue be saved with them?

 

By the way, THANK YOU SO MUCH for your patience and assistance!! I will wait for your next directions.

Link to post
Share on other sites

Hello Sue, 
 

My only other issue at this time is: your directions indicated that I should turn off any anti-virus software before running ComboFix, which I did: Malwarebytes, Microsoft Security essentials, and the firewall.

You only needed to disable your Anti-Virus software (Microsoft Security Essentials). You didn't need to disable Malwarebytes or Windows Firewall. 
 

Only for whatever reason, my computer doesn't seem to be letting me turn the firewall back on? Am I a complete idiot? Why won't the firewall work correctly?

No, you're not. 
This is most likely due to the damage caused by the malware. We will resolve any issues with your Firewall soon. 
 
For now, please limit the time this machine is connected to the Internet. The machine should be only connected when you are downloading programmes, and posting logs. 
 

Also, it appears that many of the important documents I am worried about are not currently effected by the CryptoWall, meaning, it appears that I can still open them. If I back them up to a disk, will the CryptoWall issue be saved with them?

Lets get the removal of malware and repair of damage out of the way first, and then we can focus on safely backing up your data.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start2014-10-29 20:00 - 2014-10-30 21:15 - 0000000 ____D () C:\Users\Sue\AppData\Local\Microsoft\{654c34f2-02fd-f83d-a6d9-e3f79dc7f6fe}2014-10-30 18:43 - 2014-11-11 17:51 - 0000000 ____D () C:\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc2014-10-30 20:22 - 2014-11-11 17:51 - 0000000 ____D () C:\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg2014-10-30 18:41 - 2014-10-30 20:24 - 0000000 ____D () C:\Users\Sue\AppData\LocalLow\PlayReady\KdhnxzxhqEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Search

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Type the following text into the Search: textbox:
    DECRYPT_INSTRUCTION.*
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will be open, and saved in the same location as FRST64.exe.  
  • Attach the file in your next reply.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
  • Search.txt (attached!)
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

First up: the copied and pasted text of the Fixlog from FarBar...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Sue at 2014-11-12 11:14:43 Run:2
Running from C:\Users\Sue\Desktop
Loaded Profile: Sue (Available profiles: Sue)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-10-29 20:00 - 2014-10-30 21:15 - 0000000 ____D () C:\Users\Sue\AppData\Local\Microsoft\{654c34f2-02fd-f83d-a6d9-e3f79dc7f6fe}
2014-10-30 18:43 - 2014-11-11 17:51 - 0000000 ____D () C:\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc
2014-10-30 20:22 - 2014-11-11 17:51 - 0000000 ____D () C:\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg
2014-10-30 18:41 - 2014-10-30 20:24 - 0000000 ____D () C:\Users\Sue\AppData\LocalLow\PlayReady\Kdhnxzxhq
EmptyTemp:
end
*****************

C:\Users\Sue\AppData\Local\Microsoft\{654c34f2-02fd-f83d-a6d9-e3f79dc7f6fe} => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg => Moved successfully.
C:\Users\Sue\AppData\LocalLow\PlayReady\Kdhnxzxhq => Moved successfully.
EmptyTemp: => Removed 33.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Second in the list: the AdwCleaner log pasted below:

 

# AdwCleaner v4.101 - Report created 12/11/2014 at 11:27:34
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Sue - SUE-PC
# Running from : C:\Users\Sue\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup
File Deleted : C:\Windows\Uninstall.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\distromatic
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16455


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_cr_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_080ec8c21e71417fa3d6ee45ee9e9777_18_38_20140120_US_cr_sp_OC1

*************************

AdwCleaner[R0].txt - [2616 octets] - [12/11/2014 11:20:45]
AdwCleaner[s0].txt - [2516 octets] - [12/11/2014 11:27:34]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2576 octets] ##########

Link to post
Share on other sites

Third up: the Junkware Removal Tool log, copied and pasted below:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sue on Wed 11/12/2014 at 11:35:40.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sue\AppData\Roaming\mozilla\firefox\profiles\75qifpkc.default\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/12/2014 at 11:44:03.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Step 5a- the copied and pasted text from FRST.text

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Sue (administrator) on SUE-PC on 12-11-2014 11:51:33
Running from C:\Users\Sue\Desktop
Loaded Profile: Sue (Available profiles: Sue)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Farbar) C:\Users\Sue\Desktop\FRST64(4).exe
(Farbar) C:\Users\Sue\Desktop\FRST64(4).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [GUCI_AVS] => C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244608 2009-09-11] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3336796823-2872703279-625288369-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3336796823-2872703279-625288369-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-25] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6E0DB26B44ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3336796823-2872703279-625288369-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: gamesys.co.uk/TropicanaGeolocationPlugin -> C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation\BrowserPlugin\npGeolocationPlugin.dll No File
FF Plugin-x32: geocomply.com/gc_browser_plugin_client -> C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation\npgc-browser-plugin-client.dll No File
FF Plugin HKU\S-1-5-21-3336796823-2872703279-625288369-1000: geocomply.com/gc_browser_plugin_client_2_1_7 -> C:\PROGRA~2\GEOCOM~1\GC-BRO~1\217~1.1\NPGC-B~1.DLL (GeoComply)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-25]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-29] (PixArt Imaging Incorporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 11:48 - 2014-11-12 11:49 - 00106157 _____ () C:\Users\Sue\Desktop\Search.txt
2014-11-12 11:44 - 2014-11-12 11:44 - 00000761 _____ () C:\Users\Sue\Desktop\JRT.txt
2014-11-12 11:35 - 2014-11-12 11:35 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 11:33 - 2014-11-12 11:33 - 01706808 _____ (Thisisu) C:\Users\Sue\Desktop\JRT.exe
2014-11-12 11:20 - 2014-11-12 11:27 - 00000000 ____D () C:\AdwCleaner
2014-11-12 11:19 - 2014-11-12 11:19 - 02140160 _____ () C:\Users\Sue\Desktop\AdwCleaner.exe
2014-11-12 10:35 - 2014-11-12 10:35 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Sue\Desktop\tdsskiller.exe
2014-11-12 10:32 - 2014-11-12 10:32 - 00019387 _____ () C:\ComboFix.txt
2014-11-12 10:14 - 2014-11-12 10:32 - 00000000 ____D () C:\Qoobox
2014-11-12 10:14 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-12 10:14 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-12 10:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-12 10:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-12 10:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-12 10:14 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-12 10:14 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-12 10:14 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-12 10:13 - 2014-11-12 10:30 - 00000000 ____D () C:\Windows\erdnt
2014-11-12 10:12 - 2014-11-12 10:12 - 05598118 ____R (Swearware) C:\Users\Sue\Desktop\ComboFix.exe
2014-11-12 09:50 - 2014-11-12 09:50 - 00001042 _____ () C:\Users\Sue\Desktop\newest.txt
2014-11-12 08:19 - 2014-11-12 08:19 - 02116096 _____ (Farbar) C:\Users\Sue\Desktop\FRST64(4).exe
2014-11-12 08:15 - 2014-11-12 08:15 - 02116096 _____ (Farbar) C:\Users\Sue\Downloads\FRST64(3).exe
2014-11-12 08:12 - 2014-11-12 08:12 - 00696280 _____ () C:\Windows\Minidump\111214-25225-01.dmp
2014-11-11 21:08 - 2014-11-12 11:52 - 00018606 _____ () C:\Users\Sue\Desktop\FRST.txt
2014-11-11 21:08 - 2014-11-11 21:08 - 00022052 _____ () C:\Users\Sue\Desktop\Addition.txt
2014-11-11 21:07 - 2014-11-11 21:07 - 00022052 _____ () C:\Users\Sue\Downloads\Addition.txt
2014-11-11 21:05 - 2014-11-12 11:51 - 00000000 ____D () C:\FRST
2014-11-11 21:05 - 2014-11-11 21:07 - 00028176 _____ () C:\Users\Sue\Downloads\FRST.txt
2014-11-11 21:04 - 2014-11-11 21:04 - 02116096 _____ (Farbar) C:\Users\Sue\Downloads\FRST64(2).exe
2014-11-11 20:56 - 2014-11-11 20:57 - 02116096 _____ (Farbar) C:\Users\Sue\Downloads\FRST64(1).exe
2014-11-11 20:51 - 2014-11-11 20:51 - 02116096 _____ (Farbar) C:\Users\Sue\Downloads\FRST64.exe
2014-11-11 08:46 - 2014-11-11 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 07:30 - 2014-11-09 07:30 - 00277424 _____ () C:\Windows\Minidump\110914-26754-01.dmp
2014-10-20 11:35 - 2014-10-20 11:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec83d04465b2.job
2014-10-13 10:29 - 2014-10-13 10:29 - 00080000 _____ () C:\Users\Sue\AppData\Roaming\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 11:36 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 11:36 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 11:35 - 2010-01-08 10:12 - 01881318 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 11:34 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 11:32 - 2012-04-06 19:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 11:30 - 2014-07-04 07:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 11:30 - 2012-03-17 18:55 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\Skype
2014-11-12 11:28 - 2014-05-14 17:35 - 00004828 _____ () C:\Windows\setupact.log
2014-11-12 11:28 - 2013-02-25 22:00 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-12 11:28 - 2012-02-29 19:50 - 00058498 _____ () C:\Windows\PFRO.log
2014-11-12 11:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 10:32 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-11-12 10:26 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-12 09:32 - 2012-04-06 19:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 09:32 - 2012-03-03 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 08:12 - 2014-09-03 06:28 - 450666495 _____ () C:\Windows\MEMORY.DMP
2014-11-12 08:12 - 2012-12-28 17:00 - 00000000 ____D () C:\Windows\Minidump
2014-11-11 19:23 - 2014-05-02 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 19:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-11-11 18:58 - 2013-08-17 10:52 - 00000000 ___RD () C:\Users\Sue\Desktop\Work Photos
2014-11-11 17:58 - 2013-06-08 19:26 - 00000000 ____D () C:\Users\Sue\Desktop\Kiddos
2014-11-11 17:56 - 2014-10-05 13:47 - 00000000 ____D () C:\Users\Sue\Desktop\Iphone Photos
2014-11-11 17:53 - 2014-05-02 17:40 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\Mozilla
2014-11-11 17:53 - 2013-12-01 17:47 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\theBorgata
2014-11-11 17:51 - 2014-05-02 17:40 - 00000000 ____D () C:\Users\Sue\AppData\Local\Mozilla
2014-11-11 17:51 - 2012-02-25 17:51 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\Adobe
2014-11-11 17:51 - 2012-02-25 17:51 - 00000000 ____D () C:\Users\Sue\AppData\Local\Microsoft Games
2014-11-11 17:49 - 2013-02-25 21:49 - 00000000 ____D () C:\Users\Sue\AppData\Local\ASUS
2014-11-11 17:49 - 2012-05-08 18:04 - 00000000 ____D () C:\Users\Sue\AppData\Local\Apple Computer
2014-11-11 17:49 - 2012-04-26 19:19 - 00000000 ____D () C:\Users\Sue\AppData\Local\Google
2014-11-07 21:22 - 2010-01-08 10:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-07 18:25 - 2010-01-08 10:32 - 00001860 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-11-07 18:22 - 2014-10-05 13:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-07 18:22 - 2012-07-17 15:55 - 00000000 ____D () C:\Netgear
2014-11-07 18:22 - 2012-05-08 18:03 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-11-07 18:22 - 2012-03-04 15:51 - 00000000 ____D () C:\Users\Sue\AppData\Local\Adobe
2014-11-07 18:22 - 2010-01-08 10:36 - 00000000 __HDC () C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}
2014-11-07 18:22 - 2010-01-08 10:19 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-31 05:21 - 2012-02-25 17:42 - 00000000 ____D () C:\Users\Sue
2014-10-31 05:20 - 2009-07-29 00:20 - 00000000 ____D () C:\Windows\ASUS
2014-10-30 21:22 - 2014-07-04 05:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 21:22 - 2014-07-04 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-30 21:22 - 2014-07-04 05:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 20:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 06:25 - 2012-02-25 18:07 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 16:15 - 2014-10-07 08:11 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-21 11:34 - 2012-02-27 17:06 - 00000000 ____D () C:\Users\Sue\Documents\Banking
2014-10-20 11:35 - 2014-06-22 17:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e67589c8d05.job

Some content of TEMP:
====================
C:\Users\Sue\AppData\Local\Temp\Quarantine.exe
C:\Users\Sue\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 04:03

==================== End Of Log ============================

Link to post
Share on other sites

Step 5b- the copied and pasted text from Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Sue at 2014-11-12 11:52:46
Running from C:\Users\Sue\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.25 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM-x32\...\ASUSUSBDEVIC) (Version:  - )
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0000 - ASUS)
Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.1.0.29 - Best Buy)
Best Buy Software Installer (Version: 2.1.0.29 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
GeoComply Browser Plugin (HKLM-x32\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
iPlaySenecaCasino (HKLM-x32\...\iPlaySenecaCasino ) (Version:  - Boss Media AB)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM-x32\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Optimum WiFi Register (HKLM-x32\...\{4267D2C3-0C04-4F50-BEEE-8EA4A5B8FDB4}) (Version: 1.0.0 - Cablevision)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.14 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-11-2014 10:43:20 Windows Update
05-11-2014 10:13:46 Windows Update
06-11-2014 12:59:26 Windows Update
07-11-2014 09:57:30 Windows Update
12-11-2014 15:32:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-12 10:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10D8D031-9E7E-4B0D-A0F5-4F4FB06720E5} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-11-12] ()
Task: {2AAD839D-0F98-45D2-8E0E-BADDFB7AD836} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {529FA0CB-7FBD-4399-B209-1F660F66DEA5} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {5307A338-3FA0-4C35-987E-D762FEF98B72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {6EC910E6-B4E1-46E3-9AB6-39E3B0D8655F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75374E43-6445-4833-BAD6-C8C0BEE97B2D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3336796823-2872703279-625288369-1000Core => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {75B8790B-EB7B-45D7-914D-8B091F86AADF} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-22] (TODO: <Company name>)
Task: {D63BC951-91AC-4D1C-BB23-E91607D992BD} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {DDD74451-7500-4D33-9DC0-1E6D86148FC8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {E1363345-5137-418C-BD18-85C3F6650A12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3336796823-2872703279-625288369-1000UA => C:\Users\Sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E505842C-5A6E-4FD3-A5A9-EFE089EDEEB0} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {F081D847-93D2-4BEF-BABC-509062D45A5E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-06] (ATK)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e67589c8d05.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec83d04465b2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-09-24 16:50 - 2009-09-24 16:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-08 10:32 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-12 13:10 - 2009-11-12 13:10 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-10-23 16:40 - 2009-10-23 16:40 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-09-11 15:27 - 2009-09-11 15:27 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2010-01-08 10:31 - 2009-05-07 03:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-01-08 10:31 - 2009-05-07 03:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-01-08 10:31 - 2008-01-18 01:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-01-08 10:31 - 2009-07-06 01:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 19:52 - 2007-06-01 19:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-06-15 13:28 - 2007-06-15 13:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 20:08 - 2007-06-01 20:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2014-11-11 08:46 - 2014-11-11 08:46 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77132169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77132169.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3336796823-2872703279-625288369-500 - Administrator - Disabled)
Guest (S-1-5-21-3336796823-2872703279-625288369-501 - Limited - Disabled)
Sue (S-1-5-21-3336796823-2872703279-625288369-1000 - Administrator - Enabled) => C:\Users\Sue

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/21/2013 02:12:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-12 10:23:57.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-12 10:23:57.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 4061.09 MB
Available physical RAM: 2511.75 MB
Total Pagefile: 8120.32 MB
Available Pagefile: 6510.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:386.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hi Sue, 
 
Those logs are looking much better. 
Steps 1 - 3 will finish up the malware removal process. We can then move on to repairing the damage to your system, and backing up/potentially recovering your data afterwards. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Download fixlist.txt.
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Note: Do not be surprised if you see a large number of detected items. Most will be for files we have already removed.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 4
gxJsKn9.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Place a checkmark next to each checkable item.
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did your browsers reset OK?
  • ESET Online Scan log
  • FSS.txt
Link to post
Share on other sites

Ok step #1- the FarBar  Fix Log is copied and pasted below in TWO (it's too long to do otherwise):

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Sue at 2014-11-12 12:52:50 Run:3
Running from C:\Users\Sue\Desktop
Loaded Profile: Sue (Available profiles: Sue)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3336796823-2872703279-625288369-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77132169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77132169.sys => ""="Driver"
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\RevWarLetters\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\RevWarLetters\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Pictures\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Pictures\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Maps at NYHS\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Maps at NYHS\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 3 and 4\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 3 and 4\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 1 and 2\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 1 and 2\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\piazza water damage Aug 2009\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\piazza water damage Aug 2009\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Photos for Wayne\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Photos for Wayne\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\PeterCooperImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\PeterCooperImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\My Stuff\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\My Stuff\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\newpics\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\newpics\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Mt.SaintFrancis\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Mt.SaintFrancis\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Midvale School\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Midvale School\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\March 5th Images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\March 5th Images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\WW2007\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\WW2007\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel Damage June 2012\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel Damage June 2012\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel 2010\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel 2010\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\TurningWW2006\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\TurningWW2006\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\station\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\station\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Managers House Spring 2010\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Managers House Spring 2010\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\managers\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\managers\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Long Pond Winter\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Long Pond Winter\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2010\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2010\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2009\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2009\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted retouched jpeg images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted retouched jpeg images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted jpeg images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted jpeg images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Logos\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Logos\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\LexingtonAveHome\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\LexingtonAveHome\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\IronCompany\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\IronCompany\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Watteau School\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Watteau School\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\washington Reverse Glass\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\washington Reverse Glass\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Washington at Valley Forge\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Washington at Valley Forge\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.915\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.915\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.914\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.914\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.913\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.913\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2010.147\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2010.147\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Ringwood Collection Pics\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Ringwood Collection Pics\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Peter Cooper Bust\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Peter Cooper Bust\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Mrs. Ryerson Paintings\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Mrs. Ryerson Paintings\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\MJ Ryerson Painting\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\MJ Ryerson Painting\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Louis Vuitton Trunk\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Louis Vuitton Trunk\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Little Falls Painting\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Little Falls Painting\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Fragonard Paintings\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Fragonard Paintings\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Firearms\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Firearms\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1872\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1872\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1871\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1871\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Sunset with Sailboat-Greenwood Lake 1876\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Sunset with Sailboat-Greenwood Lake 1876\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Storm King 1872\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Storm King 1872\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Photos March 5, 2011\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Photos March 5, 2011\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\May 9, 2011 Conservator's House\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\May 9, 2011 Conservator's House\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Conservation & Restoration\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Conservation & Restoration\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DT photo\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DT photo\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\BT of gun\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\BT of gun\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\AT photo\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\AT photo\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\2007_0514Image\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\2007_0514Image\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\121.2008.63.2\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\121.2008.63.2\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\SallyLetterScan\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\SallyLetterScan\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Nellie Hewitt\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Nellie Hewitt\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Mrs. Sarah Hewitt\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Mrs. Sarah Hewitt\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Girls Together\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Girls Together\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Amy Hewitt Green\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Amy Hewitt Green\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittRelativesImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittRelativesImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\PeterCooperHewittImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\PeterCooperHewittImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\ErskineHewittImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\ErskineHewittImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\EdwardRingwoodHewittHouse\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\EdwardRingwoodHewittHouse\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Hasenclever Signature\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Hasenclever Signature\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Loose Photographs\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Loose Photographs\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M4\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M4\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M3\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M3\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M2\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M2\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Guest Book Items\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Guest Book Items\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\GreenPicsDownloaded\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\GreenPicsDownloaded\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Green Camp\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Green Camp\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\From Cooper Union\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\From Cooper Union\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Xmas 2011\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Xmas 2011\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\2009 Best\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\2009 Best\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th Favorites\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th Favorites\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010 Horse Pics\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010 Horse Pics\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\July 4 2010\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\July 4 2010\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2009\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2009\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\Ringwood 2008\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\Ringwood 2008\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\July 4 2011\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\July 4 2011\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\2011 Ringwood Manor\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\2011 Ringwood Manor\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\35thRegiment 2007\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\35thRegiment 2007\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\35th Reg. 2010\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\35th Reg. 2010\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\PR Photos\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\PR Photos\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2009 History Fair\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2009 History Fair\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\History Fair Pics1\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\History Fair Pics1\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\HIstory Fair Pic2\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\HIstory Fair Pic2\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\harpoon pics\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\harpoon pics\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Dresses\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Dresses\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\CooperUnionImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\CooperUnionImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Ceiling Collapse April 28, 2011\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Ceiling Collapse April 28, 2011\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov2007\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov2007\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov 2008\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov 2008\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Carriage Barn\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Carriage Barn\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Broken in burglary\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Broken in burglary\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\Bar Harbor Home\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\Bar Harbor Home\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Work Photos\AbramHewittImages\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Work Photos\AbramHewittImages\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Kiddos\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Kiddos\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\Desktop\Iphone Photos\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\Desktop\Iphone Photos\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\theBorgata\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\theBorgata\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\theBorgata\BorgataCasino\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\theBorgata\BorgataCasino\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Skype\sue.shutte\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Skype\sue.shutte\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\idb\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\idb\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\FS72LKFW\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\FS72LKFW\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Apple Computer\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Apple Computer\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\Search\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\Search\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\icons\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\icons\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\RTSHVXCX\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\RTSHVXCX\DECRYPT_INSTRUCTION.URL
 

Link to post
Share on other sites

Second part of the FixLog is copied and pasted below:

 

C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\databases\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\databases\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\databases\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\databases\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\ASUS\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\ASUS\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\PhotoClub\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\PhotoClub\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Adobe\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Adobe\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.URL
C:\Users\Sue\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.TXT
C:\Users\Sue\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Sonic\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Sonic\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\RAC\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\RAC\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\OFFICE\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\OFFICE\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.URL
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.TXT
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.URL
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Sonic\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Sonic\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\RAC\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\RAC\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\OFFICE\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\OFFICE\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.URL
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.URL
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.URL
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.URL
C:\Netgear\DECRYPT_INSTRUCTION.TXT
C:\Netgear\DECRYPT_INSTRUCTION.URL
C:\Netgear\assets\DECRYPT_INSTRUCTION.TXT
C:\Netgear\assets\DECRYPT_INSTRUCTION.URL
*****************

"HKU\S-1-5-21-3336796823-2872703279-625288369-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\77132169.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\77132169.sys" => Key deleted successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\RevWarLetters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\RevWarLetters\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Pictures\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Pictures\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Maps at NYHS\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Maps at NYHS\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 3 and 4\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 3 and 4\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 1 and 2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 1 and 2\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\piazza water damage Aug 2009\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\piazza water damage Aug 2009\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Photos for Wayne\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Photos for Wayne\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\PeterCooperImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\PeterCooperImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\My Stuff\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\My Stuff\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\newpics\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\newpics\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Mt.SaintFrancis\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Mt.SaintFrancis\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Midvale School\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Midvale School\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\March 5th Images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\March 5th Images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\WW2007\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\WW2007\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel Damage June 2012\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel Damage June 2012\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel 2010\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel 2010\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\TurningWW2006\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\TurningWW2006\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\station\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\station\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Managers House Spring 2010\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Managers House Spring 2010\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\managers\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\managers\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Long Pond Winter\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Long Pond Winter\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2010\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2010\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2009\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2009\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted retouched jpeg images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted retouched jpeg images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted jpeg images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted jpeg images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Logos\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Logos\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LexingtonAveHome\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\LexingtonAveHome\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\IronCompany\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\IronCompany\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Watteau School\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Watteau School\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\washington Reverse Glass\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\washington Reverse Glass\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Washington at Valley Forge\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Washington at Valley Forge\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.915\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.915\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.914\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.914\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.913\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.913\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2010.147\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2010.147\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Ringwood Collection Pics\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Ringwood Collection Pics\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Peter Cooper Bust\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Peter Cooper Bust\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Mrs. Ryerson Paintings\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Mrs. Ryerson Paintings\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\MJ Ryerson Painting\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\MJ Ryerson Painting\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Louis Vuitton Trunk\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Louis Vuitton Trunk\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Little Falls Painting\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Little Falls Painting\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Fragonard Paintings\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Fragonard Paintings\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Firearms\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Firearms\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1872\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1872\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1871\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1871\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Sunset with Sailboat-Greenwood Lake 1876\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Sunset with Sailboat-Greenwood Lake 1876\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Storm King 1872\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Storm King 1872\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Photos March 5, 2011\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Photos March 5, 2011\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\May 9, 2011 Conservator's House\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\May 9, 2011 Conservator's House\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Conservation & Restoration\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Conservation & Restoration\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DT photo\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DT photo\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\BT of gun\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\BT of gun\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\AT photo\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\AT photo\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\2007_0514Image\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\2007_0514Image\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\121.2008.63.2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Images for PastPerfect\121.2008.63.2\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\SallyLetterScan\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\SallyLetterScan\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Nellie Hewitt\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Nellie Hewitt\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Mrs. Sarah Hewitt\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Mrs. Sarah Hewitt\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Girls Together\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Girls Together\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Amy Hewitt Green\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittWomenImages\Amy Hewitt Green\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittRelativesImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittRelativesImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\PeterCooperHewittImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\PeterCooperHewittImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\ErskineHewittImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\ErskineHewittImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\EdwardRingwoodHewittHouse\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\EdwardRingwoodHewittHouse\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Hasenclever Signature\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Hasenclever Signature\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Loose Photographs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Loose Photographs\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M4\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M4\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M3\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M3\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M2\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Guest Book Items\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Guest Book Items\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\GreenPicsDownloaded\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\GreenPicsDownloaded\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Green Camp\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Green Camp\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\From Cooper Union\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\From Cooper Union\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Xmas 2011\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Xmas 2011\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\2009 Best\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\2009 Best\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th Favorites\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th Favorites\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010 Horse Pics\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010 Horse Pics\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\July 4 2010\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\July 4 2010\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2009\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2009\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\Ringwood 2008\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\Ringwood 2008\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4 2011\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\July 4 2011\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\2011 Ringwood Manor\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\2011 Ringwood Manor\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\35thRegiment 2007\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\35thRegiment 2007\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\35th Reg. 2010\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\35th Reg. 2010\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\PR Photos\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\PR Photos\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2009 History Fair\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2009 History Fair\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\History Fair Pics1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\History Fair Pics1\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\HIstory Fair Pic2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\HIstory Fair Pic2\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\harpoon pics\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\harpoon pics\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Dresses\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Dresses\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\CooperUnionImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\CooperUnionImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Ceiling Collapse April 28, 2011\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Ceiling Collapse April 28, 2011\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov2007\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov2007\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov 2008\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov 2008\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriage Barn\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Carriage Barn\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Broken in burglary\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Broken in burglary\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Bar Harbor Home\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\Bar Harbor Home\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\AbramHewittImages\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Work Photos\AbramHewittImages\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Kiddos\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Kiddos\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\Desktop\Iphone Photos\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\Desktop\Iphone Photos\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\theBorgata\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\theBorgata\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\theBorgata\BorgataCasino\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\theBorgata\BorgataCasino\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\sue.shutte\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\sue.shutte\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\idb\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\idb\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\FS72LKFW\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\FS72LKFW\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Apple Computer\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Apple Computer\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\Search\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\Search\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\icons\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\icons\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\RTSHVXCX\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\RTSHVXCX\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\databases\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\databases\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\databases\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\databases\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\ASUS\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\ASUS\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\PhotoClub\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\ASUS\LifeFrame\PhotoClub\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Adobe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Adobe\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Sue\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Sue\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
"C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Sonic\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Sonic\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\RAC\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\RAC\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\OFFICE\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\OFFICE\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.URL => Moved successfully.
"C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Sonic\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Sonic\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\RAC\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\RAC\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\OFFICE\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\OFFICE\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
"C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.URL" => File/Directory not found.
C:\Netgear\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Netgear\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Netgear\assets\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Netgear\assets\DECRYPT_INSTRUCTION.URL => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Copied and pasted is My Eset scan:

 

C:\FRST\Quarantine\C\7157cd1\7157cd1.exe    a variant of Win32/Injector.BPAJ trojan
C:\FRST\Quarantine\C\Netgear\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Netgear\assets\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\Microsoft Antimalware\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\Microsoft Antimalware\Scans\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\1\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MetaStore\3\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\OFFICE\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\RAC\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Microsoft\RAC\StateData\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\Sonic\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\96AFAF94\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\All Users\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\OFFLINE\B9E27D35\EE3E779C\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Adobe\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\ASUS\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\ASUS\LifeFrame\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\ASUS\LifeFrame\PhotoClub\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\databases\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\databases\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Google\Chrome Frame\User Data\iexplore\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\RTSHVXCX\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Games_6e70de9fd0324919b424492c3e6a043d\7.0.850\images\icons\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.850\images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Device Metadata\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Mozilla\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Local\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Adobe\Acrobat\9.0\Search\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Apple Computer\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc\Local\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc\Local\Google\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Apple Computer\gtkzhskcusfc\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Silverlight\is\0ffxdymz.naq\kfhw1fag.lm2\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg\Local\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg\Local\Google\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\LocalLow\Microsoft\Srnpbgktfg\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Adobe\Flash Player\AssetCache\FS72LKFW\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\http+++www.estatesales.net\idb\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\75qifpkc.default\storage\persistent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\Skype\sue.shutte\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\theBorgata\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\AppData\Roaming\theBorgata\BorgataCasino\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Iphone Photos\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Kiddos\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\AbramHewittImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Bar Harbor Home\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Broken in burglary\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Carriage Barn\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Carriages, Cars\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov 2008\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Carriages, Cars\NJCA Nov2007\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Ceiling Collapse April 28, 2011\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\CooperUnionImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Dresses\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2007 History Fair\History Fair\harpoon pics\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\HIstory Fair Pic2\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2008 History Fair\History Fair Pics1\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2009 History Fair\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\2010 Baseball Game\PR Photos\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\35th Reg. 2010\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\35thRegiment 2007\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\Brigade Napoleon\2011 Ringwood Manor\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4 2011\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th 2008\Ringwood 2008\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th 2009\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th 2010\July 4 2010\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th 2010 Horse Pics\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\July 4th Favorites\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Victorian Christmas Pics 2009\2009 Best\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Events\Victorian Christmas Images\Xmas 2011\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\From Cooper Union\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Green Camp\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\GreenPicsDownloaded\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Guest Book Items\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HarryWestPhotos\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M2\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M3\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Album M4\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HarryWestPhotos\Harry West - Loose Photographs\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Hasenclever Signature\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittBoysImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittBoysImages\EdwardRingwoodHewittImages\EdwardRingwoodHewittHouse\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittBoysImages\ErskineHewittImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittBoysImages\PeterCooperHewittImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittRelativesImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\Amy Hewitt Green\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\Girls Together\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\Mrs. Sarah Hewitt\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\Nellie Hewitt\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\HewittWomenImages\Sally Hewiit\SallyLetterScan\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\121.2008.63.2\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\2007_0514Image\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\AT photo\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\BT of gun\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Chambers Rifle\DT photo\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Conservation & Restoration\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\May 9, 2011 Conservator's House\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Greenwood Lake 1876\Photos March 5, 2011\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Storm King 1872\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Sunset with Sailboat-Greenwood Lake 1876\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1871\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Cropsey Paintings\Upper Hudson 1872\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Firearms\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Fragonard Paintings\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Little Falls Painting\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Louis Vuitton Trunk\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\MJ Ryerson Painting\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Mrs. Ryerson Paintings\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Peter Cooper Bust\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Ringwood Collection Pics\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2010.147\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.913\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.914\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Rugs\121.2011.915\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Washington at Valley Forge\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\washington Reverse Glass\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Images for PastPerfect\Watteau School\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\IronCompany\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LexingtonAveHome\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Logos\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted jpeg images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Roland Robbins Excavation Images\Converted retouched jpeg images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2009\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Hasenclever Furnace\Spring 2010\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Long Pond Winter\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\managers\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\Managers House Spring 2010\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\station\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\TurningWW2006\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel 2010\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\WaterWheel Damage June 2012\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\LongPond\WW2007\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\March 5th Images\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Midvale School\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Mt.SaintFrancis\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\My Stuff\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\My Stuff\ThesisPics\newpics\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\PeterCooperImages\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\Photos for Wayne\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\piazza water damage Aug 2009\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\PoliticalCartoons\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\PoliticalCartoons\Political Cartoons Good\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Abergaveny Sept 27, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Brecknock Sept. 29, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Chester Oct 18, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 1 and 2\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Letters in Safe\Monmouth Sept 17, 1770\Monmouth Sept 17, 1770 Pages 3 and 4\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Erskine Maps at NYHS\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\Pictures\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Sue\Desktop\Work Photos\RevWar& Robert Erskine Stuff\RevWarLetters\DECRYPT_INSTRUCTION.TXT.xBAD    Win32/Filecoder.CR trojan
C:\Users\Sue\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Sue\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Sue\AppData\Local\Apple Computer\iTunes\iAd\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Sue\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Sue\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan

Link to post
Share on other sites

Copied and pasted below is the FSS.txt :

 

Farbar Service Scanner Version: 21-07-2014
Ran by Sue (administrator) on 12-11-2014 at 14:32:33
Running from "C:\Users\Sue\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.