Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My files have been encrypted [Closed]

Started by [email protected] , Mar 17 2015 06:13 PM

  • This topic is locked This topic is locked

#1
[email protected]
Posted 17 March 2015 - 06:13 PM

[email protected]

    New Member

  • Member
  • Pip
  • 2 posts

I left my computer running all night downloading some music and several if not most of my folders have warnings that the files are now encrypted

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on DESKTOP on 17-03-2015 19:47:55
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available profiles: Owner & Valerie & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\WINDOWS\zHotkey.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\shwiconEM.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Eastman Kodak Company) C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Roxio) C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
(Roxio, Inc.) C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Realtek Semiconductor Corp.) C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe
(Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
(Roxio, Inc.) C:\PROGRA~1\Roxio\EASYCD~1\AUDIOC~1\Playlist.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2004-05-17] ()
HKLM\...\Run: [ShowWnd] => C:\WINDOWS\ShowWnd.exe [36864 2003-09-19] ()
HKLM\...\Run: [SunKistEM] => C:\Program Files\Digital Media Reader\shwiconem.exe [135168 2004-11-15] (Alcor Micro, Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2010-10-28] (Apple Computer, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-03-18] (ATI Technologies, Inc.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2004-12-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [801136 2015-02-08] (Webroot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1626112 2009-08-03] (Eastman Kodak Company)
HKLM\...\Run: [{503561fa-674f-4bcd-3292-e5f3b2a37604}] => "C:\Documents and Settings\All Users\Application Data\Microsoft\{503561fa-674f-4bcd-3292-e5f3b2a37604}\{503561fa-674f-4bcd-3292-e5f3b2a37604}.exe"
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [RoxioEngineUtility] => C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [65536 2003-05-01] (Roxio)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [868352 2003-05-30] (Roxio)
HKLM\...\Run: [RoxioAudioCentral] => C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [319488 2003-05-22] (Roxio, Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer\Run: [{503561fa-674f-4bcd-3292-e5f3b2a37604}] => "C:\Documents and Settings\All Users\Application Data\Microsoft\{503561fa-674f-4bcd-3292-e5f3b2a37604}\{503561fa-674f-4bcd-3292-e5f3b2a37604}.exe" No File
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Run: [Tsbglmcdt] => regsvr32.exe /s "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Tsbglmcdt.dll"
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\MountPoints2: O - O:\LaunchU3.exe -a
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torconnectpaycom/1hLRgR
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AWUS036H Wireless LAN Utility.lnk
ShortcutTarget: AWUS036H Wireless LAN Utility.lnk -> C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-4270454083-941970028-1945739218-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4270454083-941970028-1945739218-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-05-08] (Sun Microsystems, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-03-16] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-10-26] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-05-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-05-08] (Sun Microsystems, Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-03-16] (Webroot)
Toolbar: HKU\.DEFAULT -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-05-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-05-08] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-05-08]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-28]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> bing.com/billcook
CHR DefaultSearchURL: Default -> https://www.bing.com...316&FORM=CHROMN
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> https://www.bing.com...nguage}&PC=U316
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-06-18]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Webroot Password Manager) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-06-18]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-06-18]
CHR HKLM\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\Documents and Settings\All Users\Application Data\WRData\pkg\lpchrome.crx [2013-04-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-05-08] (Sun Microsystems, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [284016 2009-08-05] (Eastman Kodak Company)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2010-10-28] (New Boundary Technologies, Inc.) [File not signed]
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2004-08-10] (Microsoft Corporation) [File not signed]
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [801136 2015-02-08] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-06-17] (Cisco Systems, Inc.) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2300928 2004-12-02] (Realtek Semiconductor Corp.)
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2010-05-13] (Adaptec) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [66992 2003-05-30] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24698 2003-05-30] (Roxio) [File not signed]
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [259072 2003-05-30] (Roxio) [File not signed]
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R1 DVDVRRdr_xp; C:\WINDOWS\system32\Drivers\DVDVRRdr_xp.sys [146560 2003-05-30] (Roxio) [File not signed]
R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [21737 2003-05-30] (Roxio) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [22713 2003-05-30] (Roxio) [File not signed]
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [118409 2003-05-30] (Roxio) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-14] (Realtek Semiconductor Corporation                           )
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [323328 2009-06-26] (Realtek Semiconductor Corporation                           ) [File not signed]
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [213120 2003-05-30] (Roxio)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [118304 2015-02-08] (Webroot)
U4 intelppm; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 19:47 - 2015-03-17 19:48 - 00000000 ____D () C:\FRST
2015-03-16 18:01 - 2015-03-16 18:01 - 00000000 ____D () C:\Program Files\iTunes
2015-03-16 18:01 - 2015-03-16 18:01 - 00000000 ____D () C:\Program Files\iPod
2015-03-16 18:01 - 2015-03-16 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2015-03-16 18:01 - 2015-03-16 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-02 19:08 - 2015-03-02 19:08 - 00008604 _____ () C:\Documents and Settings\Administrator\Desktop\HELP_DECRYPT.HTML
2015-03-02 19:08 - 2015-03-02 19:08 - 00004242 _____ () C:\Documents and Settings\Administrator\Desktop\HELP_DECRYPT.TXT
2015-03-02 19:08 - 2015-03-02 19:08 - 00000288 _____ () C:\Documents and Settings\Administrator\Desktop\HELP_DECRYPT.URL
2015-02-26 19:29 - 2015-02-26 19:29 - 00008604 _____ () C:\HELP_DECRYPT.HTML
2015-02-26 19:29 - 2015-02-26 19:29 - 00004242 _____ () C:\HELP_DECRYPT.TXT
2015-02-26 19:29 - 2015-02-26 19:29 - 00000288 _____ () C:\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\My Documents\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\My Documents\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\My Documents\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\HELP_DECRYPT.URL
2015-02-26 19:24 - 2015-02-26 19:24 - 00008604 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:24 - 2015-02-26 19:24 - 00004242 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:24 - 2015-02-26 19:24 - 00000288 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-02-26 19:21 - 2015-02-26 19:21 - 00008604 _____ () C:\Documents and Settings\Administrator\My Documents\HELP_DECRYPT.HTML
2015-02-26 19:21 - 2015-02-26 19:21 - 00008604 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.HTML
2015-02-26 19:21 - 2015-02-26 19:21 - 00004242 _____ () C:\Documents and Settings\Administrator\My Documents\HELP_DECRYPT.TXT
2015-02-26 19:21 - 2015-02-26 19:21 - 00004242 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.TXT
2015-02-26 19:21 - 2015-02-26 19:21 - 00000288 _____ () C:\Documents and Settings\Administrator\My Documents\HELP_DECRYPT.URL
2015-02-26 19:21 - 2015-02-26 19:21 - 00000288 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.URL
2015-02-26 18:40 - 2015-02-26 18:40 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.HTML
2015-02-26 18:40 - 2015-02-26 18:40 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 18:40 - 2015-02-26 18:40 - 00004242 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.TXT
2015-02-26 18:40 - 2015-02-26 18:40 - 00004242 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 18:40 - 2015-02-26 18:40 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.URL
2015-02-26 18:40 - 2015-02-26 18:40 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 18:36 - 2015-02-26 18:36 - 00008604 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.HTML
2015-02-26 18:36 - 2015-02-26 18:36 - 00004242 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.TXT
2015-02-26 18:36 - 2015-02-26 18:36 - 00000288 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.URL
2015-02-24 19:30 - 2015-02-24 21:31 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\New Folder
2015-02-24 06:57 - 2015-01-07 21:46 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2015-02-24 06:56 - 2015-03-16 17:59 - 00000000 ____D () C:\Program Files\iTunes(2)
2015-02-24 06:56 - 2015-03-16 17:59 - 00000000 ____D () C:\Program Files\iPod(2)
2015-02-24 06:56 - 2015-03-16 17:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB(3)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 19:48 - 2005-04-13 13:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-03-17 19:41 - 2012-05-08 19:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-17 19:10 - 2010-10-28 19:00 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 18:10 - 2010-10-28 19:00 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 17:53 - 2005-04-13 06:11 - 00000261 _____ () C:\WINDOWS\wiadebug.log
2015-03-17 17:53 - 2005-04-13 06:11 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-17 14:57 - 2005-04-13 13:17 - 01631674 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-17 08:18 - 2014-06-18 20:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-17 05:59 - 2005-04-13 12:56 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-17 05:54 - 2014-11-26 06:46 - 00000049 _____ () C:\WINDOWS\NeroDigital.ini
2015-03-17 05:54 - 2012-05-09 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WRData
2015-03-17 05:49 - 2014-11-25 21:00 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-16 23:11 - 2012-09-17 08:18 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-16 18:41 - 2012-05-08 19:58 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-03-16 18:41 - 2011-05-13 03:22 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-03-16 18:05 - 2013-04-17 07:34 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2015-03-16 18:04 - 2014-11-26 22:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2015-03-16 18:04 - 2005-04-13 13:14 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-16 18:03 - 2005-04-13 13:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-16 18:02 - 2010-10-28 11:10 - 00000000 ____D () C:\Documents and Settings\Owner
2015-03-16 18:02 - 2010-10-28 10:53 - 00000000 ____D () C:\Documents and Settings\Valerie
2015-03-16 18:02 - 2005-04-13 13:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-16 18:02 - 2005-04-13 13:26 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-16 18:02 - 2005-04-13 13:26 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-16 17:59 - 2014-12-18 23:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2015-03-16 17:59 - 2014-11-25 21:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-16 17:57 - 2005-04-13 13:26 - 00032448 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-16 17:56 - 2014-12-18 23:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
2015-03-16 12:30 - 2014-11-25 21:17 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-08 15:03 - 2014-11-25 21:00 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-27 21:24 - 2014-12-27 20:49 - 00049802 _____ () C:\WINDOWS\setupapi.log
2015-02-26 21:20 - 2010-10-28 13:32 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-26 19:29 - 2014-07-06 17:34 - 00000000 ____D () C:\NASCAR
2015-02-26 19:28 - 2014-06-21 18:16 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Monkey Quest
2015-02-26 19:28 - 2012-08-27 08:18 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
2015-02-26 19:28 - 2010-10-28 08:20 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2015-02-26 19:24 - 2014-08-29 15:51 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Digital Praise
2015-02-26 19:24 - 2013-04-22 15:26 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\PriceGong
2015-02-26 19:24 - 2010-10-28 11:10 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Sun
2015-02-26 19:22 - 2010-10-29 17:41 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Adobe
2015-02-26 19:22 - 2010-10-28 10:32 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\System Recovery
2015-02-26 19:21 - 2015-01-06 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB(2)
2015-02-26 19:21 - 2014-11-25 21:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-02-26 19:21 - 2014-08-29 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Digital Praise
2015-02-26 19:21 - 2010-10-28 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Napster
2015-02-26 19:11 - 2014-12-18 23:23 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Dropbox
2015-02-26 18:40 - 2014-11-26 22:24 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Calibre Library
2015-02-26 18:40 - 2014-06-18 09:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-02-26 18:39 - 2015-01-11 17:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\01-11-2015
2015-02-26 18:39 - 2014-11-25 21:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
2015-02-26 18:36 - 2005-04-13 13:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2015-02-26 18:35 - 2014-11-26 22:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\calibre
2015-02-26 18:35 - 2014-11-26 22:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2015-02-26 18:35 - 2005-04-13 06:06 - 00000000 ____D () C:\Bundle
 
==================== Files in the root of some directories =======
 
2013-04-17 07:34 - 2015-03-16 18:05 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2015-02-26 18:36 - 2015-02-26 18:36 - 0008604 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.HTML
2015-02-26 18:36 - 2015-02-26 18:36 - 0045808 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.PNG
2015-02-26 18:36 - 2015-02-26 18:36 - 0004242 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.TXT
2015-02-26 18:36 - 2015-02-26 18:36 - 0000288 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.URL
2014-12-01 19:27 - 2015-01-12 00:23 - 0000308 _____ () C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2005-04-13 13:49 - 2014-12-29 22:12 - 0024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-26 18:40 - 2015-02-26 18:40 - 0008604 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 18:40 - 2015-02-26 18:40 - 0045808 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.PNG
2015-02-26 18:40 - 2015-02-26 18:40 - 0004242 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 18:40 - 2015-02-26 18:40 - 0000288 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.URL
2014-11-26 22:34 - 2014-11-26 23:26 - 0255584 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\installer.log
2014-11-26 23:21 - 2014-11-26 23:21 - 0000177 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\LaunchHomeCenter.log
2015-02-26 19:22 - 2015-02-26 19:22 - 0008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 0045808 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-02-26 19:22 - 2015-02-26 19:22 - 0004242 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 0000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdw0alr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\fixutil.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HXFSETUP.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\UNNERO.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UNNeroBurnRights.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WRupdate168144906.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WRupdate216375078.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WRupdate42705906.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WRupdate43014640.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ApnStub.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\LPPlugin.dll
C:\Documents and Settings\Owner\Local Settings\Temp\setup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WRupdate151936359.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WRupdate177456328.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WRupdate33346156.exe
C:\Documents and Settings\Owner\Local Settings\Temp\WRupdate578410968.exe
C:\Documents and Settings\Owner\Local Settings\Temp\{99BD0E8B-E794-43A1-BA69-C8D46C06E8C7}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Administrator at 2015-03-17 19:48:46
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7646-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
aiofw (Version: 4.2.6.8 - Eastman Kodak Company) Hidden
aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden
aioscnnr (Version: 4.2.6.0 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5145 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.12-050317m-022317C - )
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{1E9AC64C-A2C1-4FD3-A6F3-64D0E661B0E9}) (Version: 0.9.43 - Kovid Goyal)
center (Version: 4.2.6.8 - Eastman Kodak Company) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10104.2 - Cisco Consumer Products LLC)
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
Dropbox (HKU\S-1-5-21-4270454083-941970028-1945739218-500\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EZ Vinyl/Tape Converter 7.4 by MixMeister (HKLM\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
ImTOO DVD Ripper Ultimate (HKLM\...\ImTOO DVD Ripper Ultimate 5) (Version: 5.0.64.0517 - ImTOO)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150020}) (Version: 1.5.0.20 - Sun Microsystems, Inc.)
Java™ 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
KODAK AiO Home Center (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)
ksDIP (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Keyboard Driver (HKLM\...\{FF262740-C85A-11D5-BBEC-00D0B740900A}) (Version:  - )
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PreReq (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
REALTEK Wireless LAN Driver and Utility (HKLM\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0116 - ALFA NETWORK Inc.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 8.0.7.33 - Webroot)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB890629 (HKLM\...\KB890629) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB890760 (HKLM\...\KB890760) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Winmx Community 1 (HKLM\...\Winmx Community 1) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{7F67036B-66F1-411A-AD85-759FB9C5B0DB}\InprocServer32 -> C:\WINDOWS\system32\ShellvRTF.dll (XSS)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4270454083-941970028-1945739218-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
03-01-2015 16:25:56 System Checkpoint
04-01-2015 17:24:04 System Checkpoint
05-01-2015 18:23:42 System Checkpoint
06-01-2015 19:23:42 System Checkpoint
06-01-2015 23:26:51 Restore Operation
07-01-2015 23:55:26 System Checkpoint
09-01-2015 00:55:13 System Checkpoint
10-01-2015 01:50:32 System Checkpoint
11-01-2015 02:35:52 System Checkpoint
12-01-2015 03:26:25 System Checkpoint
13-01-2015 04:24:11 System Checkpoint
14-01-2015 04:24:50 System Checkpoint
14-01-2015 09:00:19 Software Distribution Service 3.0
15-01-2015 09:25:08 System Checkpoint
16-01-2015 10:24:54 System Checkpoint
17-01-2015 11:24:53 System Checkpoint
18-01-2015 12:24:55 System Checkpoint
19-01-2015 13:24:53 System Checkpoint
20-01-2015 14:23:04 System Checkpoint
21-01-2015 15:22:54 System Checkpoint
22-01-2015 16:22:52 System Checkpoint
23-01-2015 17:22:53 System Checkpoint
24-01-2015 18:22:52 System Checkpoint
25-01-2015 19:16:57 System Checkpoint
26-01-2015 21:24:34 System Checkpoint
27-01-2015 22:09:03 System Checkpoint
28-01-2015 23:06:16 System Checkpoint
29-01-2015 23:44:34 System Checkpoint
31-01-2015 00:37:03 System Checkpoint
01-02-2015 01:31:43 System Checkpoint
02-02-2015 02:22:14 System Checkpoint
03-02-2015 03:14:37 System Checkpoint
04-02-2015 04:06:53 System Checkpoint
05-02-2015 05:02:28 System Checkpoint
06-02-2015 05:58:00 System Checkpoint
07-02-2015 06:44:58 System Checkpoint
08-02-2015 07:37:22 System Checkpoint
09-02-2015 08:22:54 System Checkpoint
10-02-2015 09:22:45 System Checkpoint
11-02-2015 09:00:24 Software Distribution Service 3.0
17-02-2015 22:11:19 System Checkpoint
18-02-2015 22:41:39 System Checkpoint
19-02-2015 23:32:59 System Checkpoint
21-02-2015 00:23:27 System Checkpoint
22-02-2015 01:19:46 System Checkpoint
23-02-2015 02:11:03 System Checkpoint
24-02-2015 03:06:21 System Checkpoint
25-02-2015 03:48:21 System Checkpoint
26-02-2015 04:41:20 System Checkpoint
27-02-2015 05:34:34 System Checkpoint
28-02-2015 06:31:09 System Checkpoint
01-03-2015 06:31:58 System Checkpoint
02-03-2015 07:30:22 System Checkpoint
04-03-2015 07:16:27 System Checkpoint
05-03-2015 07:32:19 System Checkpoint
06-03-2015 08:32:16 System Checkpoint
07-03-2015 09:32:13 System Checkpoint
08-03-2015 10:32:12 System Checkpoint
09-03-2015 11:32:18 System Checkpoint
10-03-2015 13:33:09 System Checkpoint
11-03-2015 14:30:02 System Checkpoint
12-03-2015 15:30:00 System Checkpoint
13-03-2015 16:30:02 System Checkpoint
14-03-2015 17:29:58 System Checkpoint
15-03-2015 18:30:05 System Checkpoint
16-03-2015 17:57:22 Restore Operation
17-03-2015 08:00:30 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2005-04-13 12:55 - 2004-08-10 15:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2005-04-13 12:56 - 2004-09-28 04:54 - 00269824 _____ () C:\WINDOWS\system32\sbe.dll
2005-04-13 12:55 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-04-13 12:55 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-04-13 12:55 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2009-06-29 16:14 - 2009-06-29 16:14 - 00012288 _____ () C:\Program Files\Kodak\AiO\Center\Logger.dll
2005-04-13 12:57 - 2008-04-13 20:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll
2010-10-28 10:25 - 2004-05-17 21:30 - 00543232 _____ () C:\WINDOWS\zHotkey.exe
2010-10-28 10:25 - 2001-07-02 23:36 - 00024576 _____ () C:\WINDOWS\HKNTDLL.dll
2002-12-20 06:32 - 2002-12-20 06:32 - 00040960 _____ () C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll
2003-05-22 19:36 - 2003-05-22 19:36 - 00024576 _____ () C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\PlayListps.dll
2014-06-17 19:16 - 2009-04-03 16:32 - 00110592 _____ () C:\Program Files\AWUS036H Wireless LAN Utility\EnumDevLib.dll
2014-06-17 19:16 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files\AWUS036H Wireless LAN Utility\acAuth.dll
2014-12-18 23:20 - 2014-10-21 20:22 - 00750080 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libGLESv2.dll
2015-03-17 05:50 - 2015-03-17 05:50 - 00043008 _____ () c:\Documents and Settings\Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdw0alr.dll
2014-12-18 23:20 - 2014-10-21 20:22 - 00047616 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libEGL.dll
2014-12-18 23:19 - 2014-10-21 20:22 - 00863744 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-18 23:19 - 2014-10-21 20:22 - 00200704 _____ () C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-16 23:11 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-16 23:11 - 2015-03-07 02:13 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4270454083-941970028-1945739218-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-4270454083-941970028-1945739218-1003 - Limited - Enabled)
Guest (S-1-5-21-4270454083-941970028-1945739218-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-4270454083-941970028-1945739218-1005 - Limited - Disabled)
Owner (S-1-5-21-4270454083-941970028-1945739218-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-4270454083-941970028-1945739218-1002 - Limited - Disabled)
Valerie (S-1-5-21-4270454083-941970028-1945739218-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Valerie
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/16/2015 06:03:57 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.
 
Error: (03/16/2015 05:54:55 PM) (Source: Media Center Guide) (EventID: 0) (User: )
Description: Event Info: Unable to initialize connection to the database.  
Process: DefaultDomain
Object Name: Media Center Guide
 
Error: (03/16/2015 05:54:55 PM) (Source: Media Center Guide) (EventID: 82) (User: )
Description: Event Info: Exception opening connection to database.
Program Guide info not available. Data may be corrupt. Media Center could not load the Guide. Please restart the computer and try again. If the problem persists, see Help for more information.
Process: DefaultDomain
Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection
 
Error: (03/16/2015 05:54:37 PM) (Source: Media Center Guide) (EventID: 0) (User: )
Description: Event Info: Unable to initialize connection to the database.  
Process: DefaultDomain
Object Name: Media Center Guide
 
Error: (03/16/2015 05:54:37 PM) (Source: Media Center Guide) (EventID: 82) (User: )
Description: Event Info: Exception opening connection to database.
Program Guide info not available. Data may be corrupt. Media Center could not load the Guide. Please restart the computer and try again. If the problem persists, see Help for more information.
Process: DefaultDomain
Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection
 
Error: (03/16/2015 05:53:53 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.
 
Error: (02/24/2015 07:00:57 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (02/19/2015 05:52:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dropbox.exe, version 3.2.6.0, faulting module qt5core.dll, version 5.3.2.0, fault address 0x0001bc16.
Processing media-specific event for [dropbox.exe!ws!]
 
Error: (02/17/2015 09:46:46 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.
 
Error: (02/08/2015 03:21:01 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.
 
 
System errors:
=============
Error: (03/16/2015 07:26:03 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/14/2015 07:26:00 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 06:26:18 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 06:26:18 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 07:27:44 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 07:27:29 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 07:26:57 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 07:26:57 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 07:26:42 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (03/12/2015 07:26:00 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
 
Microsoft Office Sessions:
=========================
Error: (03/16/2015 06:03:57 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: 
 
Error: (03/16/2015 05:54:55 PM) (Source: Media Center Guide) (EventID: 0) (User: )
Description: Event Info: Unable to initialize connection to the database.  
Process: DefaultDomain
Object Name: Media Center Guide
 
Error: (03/16/2015 05:54:55 PM) (Source: Media Center Guide) (EventID: 82) (User: )
Description: Event Info: Exception opening connection to database.
Program Guide info not available. Data may be corrupt. Media Center could not load the Guide. Please restart the computer and try again. If the problem persists, see Help for more information.
Process: DefaultDomain
Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection
 
Error: (03/16/2015 05:54:37 PM) (Source: Media Center Guide) (EventID: 0) (User: )
Description: Event Info: Unable to initialize connection to the database.  
Process: DefaultDomain
Object Name: Media Center Guide
 
Error: (03/16/2015 05:54:37 PM) (Source: Media Center Guide) (EventID: 82) (User: )
Description: Event Info: Exception opening connection to database.
Program Guide info not available. Data may be corrupt. Media Center could not load the Guide. Please restart the computer and try again. If the problem persists, see Help for more information.
Process: DefaultDomain
Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection
 
Error: (03/16/2015 05:53:53 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: 
 
Error: (02/24/2015 07:00:57 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.
 
Error: (02/19/2015 05:52:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dropbox.exe3.2.6.0qt5core.dll5.3.2.00001bc16
 
Error: (02/17/2015 09:46:46 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: 
 
Error: (02/08/2015 03:21:01 PM) (Source: PerfDisk) (EventID: 2001) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 Processor 3400+
Percentage of memory in use: 78%
Total physical RAM: 894.48 MB
Available physical RAM: 195.78 MB
Total Pagefile: 2165.24 MB
Available Pagefile: 1153.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:182.1 GB) (Free:141.9 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (MY BOOK) (Fixed) (Total:931.28 GB) (Free:223.2 GB) FAT32
Drive n: () (Fixed) (Total:4.2 GB) (Free:0.99 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 38EF9D17)
Partition 1: (Active) - (Size=182.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.2 GB) - (Type=0B)
 
========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
==================== End Of Log ============================

 


  • 0

Advertisements

#2
BrianDrab
Posted 17 March 2015 - 06:38 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Unfortunately it looks like you were hit with CryptoWall.

 

http://www.bleepingc...ion#cryptowall3

 

There is currently no way to recover your files without restoring from backup. We can definitely clean your machine of the infection but your files are encrypted and being held ransom. Do you have a backup of your data?

 

You can export a list of all files that were encrypted by running this tool. It's also mentioned in the article above.

http://www.bleepingc...load/listcwall/

 

After reviewing the information, let me know what you wish to do.


  • 0

#3
[email protected]
Posted 18 March 2015 - 04:00 AM

[email protected]

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

I have partial backups of my data. I want toremove the virus first though.


  • 0

#4
BrianDrab
Posted 18 March 2015 - 07:08 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, thanks for the info. Please start with the following.

 

Step#1 - Warnings
Windows XP has reached End of Life
You likely are already aware of this but I feel it is necessary to mention it. Windows XP has reached end of life. What this means is that Microsoft will no longer be supporting it. Security vulnerabilities that are found in Windows XP will no longer be patched so this leaves you very exposed to threats. Upgrading, if possible, to a newer Operating System is advised. You can read more about this from here.

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   16.49KB   219 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#5 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

 

Items for your next post

1. FRST Fix log

2. AdwCleaner log

3. Junkware log

4. Rootkit scan log

 

 


  • 0

#5
BrianDrab
Posted 22 March 2015 - 08:01 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP