Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ransome virus infected on 4/19


  • Please log in to reply

#1
blt

blt

    New Member

  • Member
  • Pip
  • 2 posts

On 4/19 I came home to a virus asking for a ransom in bitcoins. I did go out and left computer on when this hack got in my computer. The instruction where to download and install tor browser/ww. torprojects. org watch video on you tube and then run browser which I did not do. I did run malwarebytes and after 24hrs came up with torjan win 32/repexit. I did not reboot after instead went to cloud cleaner but it was unable to complete stopped at file win sxs. So I did two scans after with windows defender which came back with torjan bedep I did delete these virus instead of quarantining them. I still have not rebooted. 

I have gone through my computer manually and on my D/ drive  recovery file the date has changed to 4/19

and I have on the C/drive to programs one just programs and the other programs x86 and computer tells me that I am not the admin. All files have ext of decrypt so I am unable to access them or my printer. At my wits end afraid to shut off computer and I use Wi-Fi to access internet.  This was in my downloads on 4/19 ACFrOgC5YAqz-mRcakWqogjgtG7KRvCSzin0cUjofymEzqw_BKSqhVVPQYkHj-B6SrgBCven-3xnkk9jo7keo1rtc=.pdf.crypt didn't get the beginning I also have to more read me files in download call de_cryped

Thanks Terri

any advise welcome

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by terri (administrator) on BLT (22-04-2016 09:35:58)
Running from C:\Users\terri\Desktop
Loaded Profiles: terri & Administrator (Available Profiles: terri & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\MyTransitGuide_b7\bar\1.bin\b7barsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.5.6\WsAppService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Microsoft Corporation) C:\WINDOWS\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\System32\BulkOperationHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
() C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
() C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-1041003029-3125384491-3920580002-1002\...\MountPoints2: {466289c9-8921-11e3-be79-9cb654457fcb} - "F:\LaunchU3.exe"
HKU\S-1-5-21-1041003029-3125384491-3920580002-500\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1041003029-3125384491-3920580002-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
Startup: C:\Users\terri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2570BD0D-0F70-46A6-8BCA-6A352BDEEBA7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7344279F-5411-4296-B37C-8E490693D543}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1041003029-3125384491-3920580002-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1041003029-3125384491-3920580002-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1041003029-3125384491-3920580002-1002 -> {F7F69748-5E5E-420C-8D74-6847E9DFB762} URL = hxxp://search.searchlf.com/s?query={searchTerms}&uid=ac580930-ff9c-49ed-bcd5-04ad1f97d532&uc=20160220&source=search&ap=appfocus5&i_id=email_appfocus5_1.0.2.12&page=defaultsearch
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-20] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1041003029-3125384491-3920580002-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2016-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-26] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.5.6\WsAppService.exe [387072 2015-12-25] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MirrorGo\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 aijtmou; C:\Windows\System32\drivers\mnomx.sys [79064 2016-04-19] (Malwarebytes)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-31] (Symantec Corporation)
S1 hzbheklt; C:\WINDOWS\system32\drivers\hzbheklt.sys [55168 2016-04-19] (Microsoft Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150813.001\IDSvia64.sys [692984 2015-07-30] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150813.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150813.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [13312 2013-12-09] (LXD Development, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1606000.08E\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 DasPtct; C:\Windows\system32\DRIVERS\ylhzphya.sys [39672 2015-09-14] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 09:35 - 2016-04-22 09:38 - 00018535 _____ C:\Users\terri\Desktop\FRST.txt
2016-04-22 09:34 - 2016-04-22 09:35 - 00000000 ____D C:\FRST
2016-04-22 09:30 - 2016-04-22 09:33 - 02375680 _____ (Farbar) C:\Users\terri\Desktop\FRST64.exe
2016-04-20 08:11 - 2016-04-20 08:11 - 00000000 _____ C:\Users\terri\Downloads\Setup (6).exe
2016-04-20 05:58 - 2016-04-20 05:58 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\terri\Downloads\SpyHunter-Installer.exe
2016-04-19 19:46 - 2016-04-19 19:46 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hzbheklt.sys
2016-04-19 19:06 - 2016-04-19 19:06 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mnomx.sys
2016-04-19 19:06 - 2015-09-14 13:03 - 00039672 _____ C:\WINDOWS\system32\Drivers\ylhzphya.sys
2016-04-19 15:24 - 2016-04-19 15:24 - 01551174 ____T C:\Users\terri\Downloads\de_crypt_readme.bmp
2016-04-19 15:24 - 2016-04-19 15:24 - 00003318 _____ C:\Users\terri\Downloads\de_crypt_readme.html
2016-04-19 15:23 - 2016-04-19 15:23 - 01551174 ____T C:\Users\terri\Documents\de_crypt_readme.bmp
2016-04-19 15:23 - 2016-04-19 15:23 - 00003318 _____ C:\Users\terri\Documents\de_crypt_readme.html
2016-04-19 15:19 - 2016-04-19 15:19 - 01551174 ____T C:\Users\terri\Desktop\de_crypt_readme.bmp
2016-04-19 15:19 - 2016-04-19 15:19 - 00003318 _____ C:\Users\terri\Desktop\de_crypt_readme.html
2016-04-19 14:51 - 2016-04-19 21:53 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2016-04-19 14:50 - 2016-04-19 14:50 - 00000003 _____ C:\ProgramData\ECFE33BD322A.dat
2016-04-18 23:05 - 2016-04-19 15:24 - 00068588 _____ C:\Users\terri\Downloads\2015TurboTaxReturn.pdf.crypt
2016-04-18 11:34 - 2016-04-19 15:19 - 00590861 _____ C:\Users\terri\Desktop\20_Delicious_Supercharged_Smoothie_Recipes_Crystallized_Press[1].pdf.crypt
2016-04-02 14:18 - 2016-04-02 14:18 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2016-04-02 14:18 - 2016-04-02 14:18 - 00000000 ____D C:\Users\terri\Documents\Wondershare
2016-04-02 14:13 - 2016-04-02 14:13 - 00000000 ____D C:\Users\terri\AppData\Roaming\HMYGSetting
2016-04-02 14:08 - 2016-04-02 14:08 - 00000000 ____D C:\ProgramData\wondershare
2016-04-02 14:08 - 2015-02-27 10:35 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2016-04-02 14:07 - 2016-04-07 04:49 - 00000000 ____D C:\Users\terri\AppData\Roaming\Wondershare
2016-04-02 14:06 - 2016-04-07 04:49 - 00000000 ____D C:\Users\terri\.android
2016-04-02 14:06 - 2016-04-07 04:49 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-04-02 14:03 - 2016-04-02 14:03 - 66634384 _____ (Wondershare ) C:\Users\terri\Downloads\android-transfer.exe
2016-03-25 19:25 - 2016-03-25 19:25 - 00003236 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-24 09:36 - 2016-03-24 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hoyle®
2016-03-24 09:34 - 2016-03-24 09:35 - 00000000 ____D C:\SIERRA
2016-03-24 09:34 - 2016-03-24 09:34 - 00000000 ____D C:\Program Files (x86)\WON
2016-03-24 09:34 - 2016-03-24 09:34 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2016-03-24 09:32 - 2016-03-24 09:38 - 00000439 _____ C:\WINDOWS\SIERRA.INI
2016-03-24 09:32 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 09:44 - 2014-10-13 11:33 - 00003762 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6BC44B1A-701E-4959-A554-EE68848FED42}
2016-04-22 09:43 - 2015-11-12 15:10 - 00000268 _____ C:\WINDOWS\Tasks\ClutteCraft678.job
2016-04-22 09:38 - 2015-11-12 15:10 - 00000268 _____ C:\WINDOWS\Tasks\GoldSta587.job
2016-04-21 19:15 - 2014-10-16 16:44 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1041003029-3125384491-3920580002-1002
2016-04-21 06:28 - 2015-12-04 12:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 14:42 - 2014-10-13 13:47 - 00000000 ____D C:\Users\Public\CyberLink
2016-04-20 14:20 - 2013-12-20 19:15 - 00002100 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2016-04-20 14:20 - 2013-12-20 19:15 - 00002100 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2016-04-20 14:20 - 2013-12-20 19:12 - 00002088 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-04-19 22:14 - 2013-12-20 19:27 - 00000000 ____D C:\ProgramData\Norton
2016-04-19 22:14 - 2013-07-16 20:49 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2016-04-19 21:23 - 2014-10-13 11:26 - 00000000 ____D C:\Users\terri\AppData\Local\VirtualStore
2016-04-19 21:23 - 2012-08-03 20:02 - 00000000 ___HD C:\SYSTEM.SAV
2016-04-19 21:22 - 2015-09-17 07:03 - 00000000 ____D C:\Users\terri\Desktop\Employ Florida - Senior Services_files
2016-04-19 21:22 - 2015-07-31 17:57 - 00000000 ____D C:\Users\terri\Desktop\Texas Lottery Winner Claim Form_files
2016-04-19 21:22 - 2015-05-14 10:37 - 00000000 ____D C:\Users\terri\Desktop\KINGSTON
2016-04-19 21:22 - 2015-05-10 22:23 - 00000000 ____D C:\Users\terri\Desktop\bank
2016-04-19 21:22 - 2015-05-10 22:22 - 00000000 ____D C:\Users\terri\Desktop\[bleep]
2016-04-19 21:22 - 2014-12-15 14:34 - 00000000 ____D C:\Users\terri\Documents\Symantec
2016-04-19 21:22 - 2014-12-10 10:42 - 00000000 ____D C:\Users\terri\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2016-04-19 21:22 - 2014-10-16 00:52 - 00000000 ____D C:\Users\terri\Desktop\math
2016-04-19 21:22 - 2014-10-16 00:50 - 00000000 ____D C:\Users\terri\Desktop\wellness
2016-04-19 21:22 - 2014-10-16 00:43 - 00000000 ____D C:\Users\terri\Desktop\Humo
2016-04-19 21:22 - 2014-08-19 17:43 - 00000000 ____D C:\Users\terri\Documents\files
2016-04-19 21:22 - 2014-07-20 19:09 - 00000000 ____D C:\Users\terri\Desktop\blt
2016-04-19 21:22 - 2014-05-15 09:45 - 00000000 ____D C:\Users\terri\Desktop\resume
2016-04-19 21:22 - 2014-01-30 01:45 - 00000000 ____D C:\Users\terri\Documents\Youcam
2016-04-19 19:06 - 2015-12-04 13:33 - 00001309 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-04-19 15:26 - 2016-02-24 13:13 - 00041837 _____ C:\Users\terri\Downloads\mailfax.tif.crypt
2016-04-19 15:26 - 2015-01-08 11:46 - 00062245 _____ C:\Users\terri\Downloads\10336685_10154232961780495_2215475230050381209_n.jpg.crypt
2016-04-19 15:26 - 2015-01-08 11:45 - 00054404 _____ C:\Users\terri\Downloads\10277005_10154239991115495_2022868713205346431_n.jpg.crypt
2016-04-19 15:26 - 2014-09-18 16:49 - 00393199 _____ C:\Users\terri\Downloads\IMG_20130507_164058.jpg.crypt
2016-04-19 15:26 - 2014-09-14 21:14 - 00687691 _____ C:\Users\terri\Documents\ancient philosophy map.jpg.crypt
2016-04-19 15:26 - 2014-09-10 16:10 - 00729027 _____ C:\Users\terri\Documents\ancient olympic Terri Bedard.jpg.crypt
2016-04-19 15:26 - 2014-09-10 16:04 - 00595530 _____ C:\Users\terri\Documents\Scan0013.jpg.crypt
2016-04-19 15:26 - 2014-07-17 13:57 - 00019627 _____ C:\Users\terri\Documents\Snapshot_20140717_2.JPG.crypt
2016-04-19 15:26 - 2014-07-17 13:29 - 00019552 _____ C:\Users\terri\Documents\Snapshot_20140717_1.JPG.crypt
2016-04-19 15:26 - 2014-07-17 13:29 - 00019215 _____ C:\Users\terri\Documents\Snapshot_20140717.JPG.crypt
2016-04-19 15:26 - 2014-07-02 17:54 - 00307213 _____ C:\Users\terri\Documents\Scan0012.jpg.crypt
2016-04-19 15:26 - 2014-07-02 17:52 - 00302430 _____ C:\Users\terri\Documents\Scan0011.jpg.crypt
2016-04-19 15:26 - 2014-07-02 17:50 - 00302153 _____ C:\Users\terri\Documents\Scan0010.jpg.crypt
2016-04-19 15:26 - 2014-07-02 17:49 - 00311611 _____ C:\Users\terri\Documents\Scan0009.jpg.crypt
2016-04-19 15:26 - 2014-07-02 17:47 - 00268156 _____ C:\Users\terri\Documents\Scan0008.jpg.crypt
2016-04-19 15:26 - 2014-07-02 17:41 - 00328103 _____ C:\Users\terri\Documents\Scan0007.jpg.crypt
2016-04-19 15:26 - 2014-07-02 17:40 - 00311866 _____ C:\Users\terri\Documents\Scan0006.jpg.crypt
2016-04-19 15:26 - 2014-03-22 21:48 - 00212319 _____ C:\Users\terri\Documents\1991-Toyota-Camry-Engine-Starting-Problems-1024x768.jpg.crypt
2016-04-19 15:26 - 2014-02-12 12:01 - 00369763 _____ C:\Users\terri\Documents\Scan0005.jpg.crypt
2016-04-19 15:26 - 2014-02-12 11:59 - 00373916 _____ C:\Users\terri\Documents\Scan0004.jpg.crypt
2016-04-19 15:26 - 2014-02-12 11:57 - 00432762 _____ C:\Users\terri\Documents\Scan0003.jpg.crypt
2016-04-19 15:26 - 2014-02-12 11:54 - 00377127 _____ C:\Users\terri\Documents\Scan0002.jpg.crypt
2016-04-19 15:26 - 2014-02-12 11:51 - 00368464 _____ C:\Users\terri\Documents\Scan0001.jpg.crypt
2016-04-19 15:25 - 2014-10-09 09:51 - 00130075 _____ C:\Users\terri\Desktop\make symbols on keyboard.jpg.crypt
2016-04-19 15:24 - 2016-03-22 14:33 - 00062151 _____ C:\Users\terri\Downloads\i8965_exemptions.pdf.crypt
2016-04-19 15:24 - 2016-02-22 14:00 - 00195056 _____ C:\Users\terri\Downloads\EligibilityNotice (1).pdf.crypt
2016-04-19 15:24 - 2016-02-08 13:45 - 00195056 _____ C:\Users\terri\Downloads\EligibilityNotice.pdf.crypt
2016-04-19 15:24 - 2016-01-26 17:02 - 00564901 _____ C:\Users\terri\Downloads\IB_TH220R.pdf.crypt
2016-04-19 15:24 - 2016-01-22 10:54 - 00018894 _____ C:\Users\terri\Documents\House keeping.docx.crypt
2016-04-19 15:24 - 2016-01-13 14:02 - 00131080 _____ C:\Users\terri\Downloads\ProgramName.pdf.crypt
2016-04-19 15:24 - 2015-12-28 13:37 - 00032078 _____ C:\Users\terri\Documents\Functional resume.docx.crypt
2016-04-19 15:24 - 2015-12-28 13:11 - 00028071 _____ C:\Users\terri\Downloads\STATEMENT (1).PDF.crypt
2016-04-19 15:24 - 2015-12-11 19:05 - 00309823 _____ C:\Users\terri\Downloads\service contract washer dryerbrandsmart.zip.crypt
2016-04-19 15:24 - 2015-12-06 10:52 - 00193114 _____ C:\Users\terri\Downloads\Stmnt_112015_3826 nov capital one.pdf.crypt
2016-04-19 15:24 - 2015-12-05 00:47 - 00025789 _____ C:\Users\terri\Documents\TerriBedard google resume.docx.crypt
2016-04-19 15:24 - 2015-10-17 09:53 - 00265137 _____ C:\Users\terri\Downloads\STATEMENTsept.pdf.crypt
2016-04-19 15:24 - 2015-10-17 09:51 - 00317254 _____ C:\Users\terri\Downloads\STATEMENT.PDF.crypt
2016-04-19 15:24 - 2015-09-17 09:20 - 01135474 _____ C:\Users\terri\Downloads\TaxDocument.pdf.crypt
2016-04-19 15:24 - 2015-09-17 09:17 - 00257448 _____ C:\Users\terri\Downloads\Student Loan Debt Burden Forbearance.pdf.crypt
2016-04-19 15:24 - 2015-09-16 15:23 - 00025314 _____ C:\Users\terri\Downloads\FLIDCARDP2.pdf.crypt
2016-04-19 15:24 - 2015-09-16 15:21 - 00021881 _____ C:\Users\terri\Downloads\FLIDCARDP.pdf.crypt
2016-04-19 15:24 - 2015-08-18 18:06 - 00022604 _____ C:\Users\terri\Downloads\ACFrOgC5YAqz-iuwf_sX4upG0N7FBVaXXgTPUVKqt8I_QlBQImRcakWqO5JgtG7KRvCSzin0cUjxxfymEcZqw_BKSqhVVPQYkHj-B6Srh8CVEM-3xnkk9jo7lep1rtc=.pdf.crypt
2016-04-19 15:24 - 2015-05-22 16:25 - 00025600 _____ C:\Users\terri\Downloads\resume.wps.crypt
2016-04-19 15:24 - 2015-05-08 02:54 - 00068798 _____ C:\Users\terri\Documents\invoice_NP1117644246.pdf.crypt
2016-04-19 15:24 - 2015-03-28 15:19 - 00007927 _____ C:\Users\terri\Downloads\121840_resumepg1 2015-03-28 001.docx.crypt
2016-04-19 15:24 - 2015-03-28 15:17 - 00006766 _____ C:\Users\terri\Downloads\121524_resume 2015-03-28 001.docx.crypt
2016-04-19 15:24 - 2015-03-28 15:06 - 00061245 _____ C:\Users\terri\Downloads\120218_Reference Letter 2015-03-27 001.docx.crypt
2016-04-19 15:24 - 2015-03-28 14:28 - 00381580 _____ C:\Users\terri\Documents\last reference amy.docx.crypt
2016-04-19 15:24 - 2015-03-28 14:15 - 00381682 _____ C:\Users\terri\Documents\test reference Doc1.docx.crypt
2016-04-19 15:24 - 2015-03-05 16:52 - 00062845 _____ C:\Users\terri\Downloads\UserFile.pdf.crypt
2016-04-19 15:24 - 2015-02-24 19:09 - 00127757 _____ C:\Users\terri\Downloads\PlainLanguageDisclosure.pdf.crypt
2016-04-19 15:24 - 2015-02-24 19:08 - 00018857 _____ C:\Users\terri\Downloads\DisclosureStatement.pdf.crypt
2016-04-19 15:24 - 2015-01-11 03:52 - 00307400 _____ C:\Users\terri\Downloads\Chapter 2.pdf.crypt
2016-04-19 15:24 - 2015-01-11 03:31 - 00408995 _____ C:\Users\terri\Downloads\Chapter 1 (1).pdf.crypt
2016-04-19 15:24 - 2015-01-07 18:18 - 00019579 _____ C:\Users\terri\Downloads\Getting Started Statements.docx.crypt
2016-04-19 15:24 - 2015-01-07 17:07 - 00015466 _____ C:\Users\terri\Downloads\MAT 0057 Scavenger.docx.crypt
2016-04-19 15:24 - 2015-01-07 16:14 - 00408995 _____ C:\Users\terri\Downloads\Chapter 1.pdf.crypt
2016-04-19 15:24 - 2015-01-07 13:40 - 00518636 _____ C:\Users\terri\Downloads\Syllabus - MAT0057.pdf.crypt
2016-04-19 15:24 - 2014-12-11 06:23 - 00545522 _____ C:\Users\terri\Downloads\03-24-02-DC-Listening-Guide-large-with-new-TDO-logo (1).pdf.crypt
2016-04-19 15:24 - 2014-12-10 22:46 - 00000157 _____ C:\Users\terri\Documents\help micro.txt.crypt
2016-04-19 15:24 - 2014-12-03 19:20 - 01160418 _____ C:\Users\terri\Downloads\Use and Care Guide - 9763001.pdf.crypt
2016-04-19 15:24 - 2014-12-02 20:13 - 00545522 _____ C:\Users\terri\Downloads\03-24-02-DC-Listening-Guide-large-with-new-TDO-logo.pdf.crypt
2016-04-19 15:24 - 2014-11-22 10:27 - 00173754 _____ C:\Users\terri\Downloads\HUM2020OnlinePracticeExamTwo. (1).pdf.crypt
2016-04-19 15:24 - 2014-11-19 16:27 - 00168938 _____ C:\Users\terri\Downloads\HUM2020OnlinePracticeExamTwo..pdf.crypt
2016-04-19 15:24 - 2014-11-17 19:07 - 00142244 _____ C:\Users\terri\Downloads\HUM2020AnswerKeyTwentyQuestionsLandmarks7Renaissance.pdf.crypt
2016-04-19 15:24 - 2014-11-17 19:04 - 00141788 _____ C:\Users\terri\Downloads\HUM2020AnswerKeyTwentyQuestionsLandmarks6Christendom.pdf.crypt
2016-04-19 15:24 - 2014-11-17 19:02 - 00145335 _____ C:\Users\terri\Downloads\HUM2020AnswerKeyTwentyQuestionsLandmarks5RiseoftheWest.pdf.crypt
2016-04-19 15:24 - 2014-11-17 18:23 - 00148635 _____ C:\Users\terri\Downloads\HUM2020AnswerKeyTwentyQuestionsLandmarks4Revelation.pdf.crypt
2016-04-19 15:24 - 2014-11-17 18:20 - 00132869 _____ C:\Users\terri\Downloads\HUM2020AnswerKeyTwentyQuestionsLandmarks9Encounters.pdf.crypt
2016-04-19 15:24 - 2014-11-04 21:13 - 01877849 _____ C:\Users\terri\Downloads\ContentServer.pdf.crypt
2016-04-19 15:24 - 2014-10-30 07:19 - 00218078 _____ C:\Users\terri\Downloads\School-of-Radiologic-Technology-Brouchure-20121.pdf.crypt
2016-04-19 15:24 - 2014-10-28 18:38 - 01494226 _____ C:\Users\terri\Downloads\CDXGT630UI_US_ES_FR.pdf.crypt
2016-04-19 15:24 - 2014-10-14 16:11 - 00313662 _____ C:\Users\terri\Downloads\bedard.pdf.crypt
2016-04-19 15:24 - 2014-10-09 10:20 - 00035328 _____ C:\Users\terri\Documents\HUM 2021twenty jud islam christ.doc.crypt
2016-04-19 15:24 - 2014-10-08 02:02 - 00017934 _____ C:\Users\terri\Documents\Terri Bedard China new and old.odt.crypt
2016-04-19 15:24 - 2014-10-08 01:52 - 00027136 _____ C:\Users\terri\Documents\Terri Bedard China new and old.doc.crypt
2016-04-19 15:24 - 2014-10-08 01:52 - 00000162 ____H C:\Users\terri\Documents\~$rri Bedard China new and old.doc.crypt
2016-04-19 15:24 - 2014-10-08 01:06 - 00000162 ____H C:\Users\terri\Documents\~$seum Proposal on Engineering In Ancient Greece Terri Bedard.doc.crypt
2016-04-19 15:24 - 2014-10-02 14:28 - 00038912 _____ C:\Users\terri\Documents\HUM 2021ansrome2.doc.crypt
2016-04-19 15:24 - 2014-10-02 14:23 - 00038912 _____ C:\Users\terri\Documents\HUM 2021ansancigreece2.doc.crypt
2016-04-19 15:24 - 2014-10-02 14:21 - 00038400 _____ C:\Users\terri\Documents\HUM 2021ansancientgreece1.doc.crypt
2016-04-19 15:24 - 2014-10-02 14:18 - 00045568 _____ C:\Users\terri\Documents\HUM 2021ansearly civil.doc.crypt
2016-04-19 15:24 - 2014-10-02 14:16 - 00038400 _____ C:\Users\terri\Documents\HUM 2021answerkey Introhuman.doc.crypt
2016-04-19 15:24 - 2014-10-02 14:07 - 00048640 _____ C:\Users\terri\Documents\HUM 2021prexam.doc.crypt
2016-04-19 15:24 - 2014-10-02 13:52 - 00024576 _____ C:\Users\terri\Documents\Terri Bedard Reflection pretest.doc.crypt
2016-04-19 15:24 - 2014-09-15 10:31 - 00080896 _____ C:\Users\terri\Documents\Museum Proposal on Engineering In Ancient Greece Terri Bedard.doc.crypt
2016-04-19 15:24 - 2014-09-14 22:18 - 00143360 _____ C:\Users\terri\Documents\quiz error what a solution fed up.doc.crypt
2016-04-19 15:24 - 2014-09-10 17:30 - 00036864 _____ C:\Users\terri\Documents\twentey question 4.doc.crypt
2016-04-19 15:24 - 2014-09-10 17:22 - 00024064 _____ C:\Users\terri\Documents\Googled.doc.crypt
2016-04-19 15:24 - 2014-09-10 10:18 - 00025088 _____ C:\Users\terri\Documents\interview With AchillesTerri Bedard.doc.crypt
2016-04-19 15:24 - 2014-09-10 03:15 - 00008684 _____ C:\Users\terri\Documents\HUM2020TwentyQuestionsLandmarks2part1Greece.odt.crypt
2016-04-19 15:24 - 2014-09-09 12:35 - 00005854 _____ C:\Users\terri\Downloads\HUM2020TwentyQuestionsLandmarks2part1Greece.docx.crypt
2016-04-19 15:24 - 2014-09-02 10:03 - 00558050 _____ C:\Users\terri\Documents\scan map.pdf.crypt
2016-04-19 15:24 - 2014-08-27 01:32 - 00514048 _____ C:\Users\terri\Documents\Timetim call log.doc.crypt
2016-04-19 15:24 - 2014-08-27 01:32 - 00000162 ____H C:\Users\terri\Documents\~$metim call log.doc.crypt
2016-04-19 15:24 - 2014-08-27 01:21 - 00026624 _____ C:\Users\terri\Documents\Show and tell.doc.crypt
2016-04-19 15:24 - 2014-08-25 18:49 - 00073216 _____ C:\Users\terri\Documents\Week 2 Checklist.doc.crypt
2016-04-19 15:24 - 2014-08-25 18:32 - 00042496 _____ C:\Users\terri\Documents\HUM 2020  Twenty Question early Civil.doc.crypt
2016-04-19 15:24 - 2014-08-25 18:30 - 00035840 _____ C:\Users\terri\Documents\HUM 2020.doc.crypt
2016-04-19 15:24 - 2014-08-25 18:17 - 00025600 _____ C:\Users\terri\Documents\HUM 2020 Technology and Culture.doc.crypt
2016-04-19 15:24 - 2014-08-22 13:39 - 00025088 _____ C:\Users\terri\Documents\HUM 2020 Mayan instruction.doc.crypt
2016-04-19 15:24 - 2014-08-22 13:33 - 00035840 _____ C:\Users\terri\Documents\Hum 2020 Twenty question TB.doc.crypt
2016-04-19 15:24 - 2014-08-21 13:45 - 00039936 _____ C:\Users\terri\Documents\Hum 2020 Twenty question.doc.crypt
2016-04-19 15:24 - 2014-08-21 13:42 - 00007541 _____ C:\Users\terri\Downloads\HUM2020TwentyQuestionsIntro.docx.crypt
2016-04-19 15:24 - 2014-08-17 12:01 - 00082225 _____ C:\Users\terri\Downloads\HUM2020OnlineLectureNotesIntrotoHumanities.pdf.crypt
2016-04-19 15:24 - 2014-08-15 12:46 - 00127505 _____ C:\Users\terri\Downloads\HUM2020TwentyQuestionsIntro.pdf.crypt
2016-04-19 15:24 - 2014-08-15 12:40 - 00025151 _____ C:\Users\terri\Downloads\HUM2020AssignmentHistoricalDialogue.pdf.crypt
2016-04-19 15:24 - 2014-08-15 12:29 - 00137396 _____ C:\Users\terri\Downloads\HUM2020OnlineSyllabus.pdf.crypt
2016-04-19 15:24 - 2014-08-07 11:40 - 01938891 _____ C:\Users\terri\Downloads\Scan0078.PDF.crypt
2016-04-19 15:24 - 2014-08-07 03:52 - 00031235 _____ C:\Users\terri\Documents\I did not do this and have no clue to what this is.rtf.crypt
2016-04-19 15:24 - 2014-07-22 14:45 - 00007295 _____ C:\Users\terri\Documents\hard drive.rtf.crypt
2016-04-19 15:24 - 2014-07-18 08:04 - 00010278 _____ C:\Users\terri\Documents\List of square roots 1-30.rtf.crypt
2016-04-19 15:24 - 2014-07-16 11:21 - 00004585 _____ C:\Users\terri\Documents\square roots.rtf.crypt
2016-04-19 15:24 - 2014-07-05 14:30 - 00024064 _____ C:\Users\terri\Documents\I am writing a letter to Amazon about virtual locations that are near me.doc.crypt
2016-04-19 15:24 - 2014-07-02 00:58 - 00024064 _____ C:\Users\terri\Documents\graphingchart.doc.crypt
2016-04-19 15:24 - 2014-06-20 22:24 - 00001644 _____ C:\Users\terri\Documents\Test reveiw.txt.crypt
2016-04-19 15:24 - 2014-06-20 17:01 - 00005138 _____ C:\Users\terri\Documents\test1.txt.crypt
2016-04-19 15:24 - 2014-06-20 16:54 - 00005834 _____ C:\Users\terri\Documents\test11.txt.crypt
2016-04-19 15:24 - 2014-06-19 15:30 - 00000306 _____ C:\Users\terri\Documents\order.txt.crypt
2016-04-19 15:24 - 2014-06-17 16:20 - 00025088 _____ C:\Users\terri\Documents\Identify a concept in this course that was new to you and provide examples of how you have found it to be relevant in your life.doc.crypt
2016-04-19 15:24 - 2014-06-06 12:34 - 00318966 _____ C:\Users\terri\Downloads\48383317.pdf.crypt
2016-04-19 15:24 - 2014-06-05 00:20 - 00018566 _____ C:\Users\terri\Downloads\Psy2012 study guide final.docx.crypt
2016-04-19 15:24 - 2014-06-04 00:04 - 00025088 _____ C:\Users\terri\Documents\My three biggest stressors I.doc.crypt
2016-04-19 15:24 - 2014-05-30 00:07 - 00133120 _____ C:\Users\terri\Documents\problem.doc.crypt
2016-04-19 15:24 - 2014-05-23 12:30 - 00024576 _____ C:\Users\terri\Documents\You have taught your son very well he sounds like a very compassionate little guy.doc.crypt
2016-04-19 15:24 - 2014-05-22 11:34 - 00183296 _____ C:\Users\terri\Documents\I dont understand what I got wrong.doc.crypt
2016-04-19 15:24 - 2014-05-18 15:54 - 02413495 _____ C:\Users\terri\Downloads\Dispatcher.pdf.crypt
2016-04-19 15:24 - 2014-05-17 11:24 - 00016338 _____ C:\Users\terri\Downloads\dying to be thin written assignment.docx.crypt
2016-04-19 15:24 - 2014-05-14 10:09 - 00001076 _____ C:\Users\terri\Downloads\Assignment 5.html.zip.crypt
2016-04-19 15:24 - 2014-05-14 03:48 - 00004561 _____ C:\Users\terri\Documents\General Psychology Online Summer 52041.txt.crypt
2016-04-19 15:24 - 2014-05-14 00:16 - 00167424 _____ C:\Users\terri\Documents\promat.doc.crypt
2016-04-19 15:24 - 2014-05-09 12:24 - 00329728 _____ C:\Users\terri\Documents\skip to main content.doc.crypt
2016-04-19 15:24 - 2014-05-07 00:27 - 00092160 _____ C:\Users\terri\Documents\Study sheet for math goes with test.doc.crypt
2016-04-19 15:24 - 2014-05-06 11:33 - 00025766 _____ C:\Users\terri\Documents\Weekly Assignments-Psych online Summer 2013.docx.crypt
2016-04-19 15:24 - 2014-05-06 11:32 - 00025766 _____ C:\Users\terri\Downloads\Weekly Assignments-Psych online Summer 2013 (1).docx.crypt
2016-04-19 15:24 - 2014-05-06 11:31 - 00025766 _____ C:\Users\terri\Downloads\Weekly Assignments-Psych online Summer 2013.docx.crypt
2016-04-19 15:24 - 2014-05-06 11:30 - 00080384 _____ C:\Users\terri\Downloads\Psych2012 Summer 2014 online syllabus 52041.doc.crypt
2016-04-19 15:24 - 2014-05-03 12:08 - 00024064 _____ C:\Users\terri\Documents\How to obtain your AVERAGE at any time.doc.crypt
2016-04-19 15:24 - 2014-05-01 06:02 - 00201065 _____ C:\Users\terri\Documents\MAT0018 - Final Exam Review Sheet[1].pdf.crypt
2016-04-19 15:24 - 2014-04-29 19:14 - 00201065 _____ C:\Users\terri\Downloads\MAT0018 - Final Exam Review Sheet[1].pdf.crypt
2016-04-19 15:24 - 2014-04-28 07:47 - 00210224 _____ C:\Users\terri\Downloads\fafsa.pdf.crypt
2016-04-19 15:24 - 2014-04-24 15:00 - 08604118 _____ C:\Users\terri\Downloads\Lakeland-Campus-Map.pdf.crypt
2016-04-19 15:24 - 2014-04-24 14:59 - 00360781 _____ C:\Users\terri\Downloads\Airside-3.pdf.crypt
2016-04-19 15:24 - 2014-04-23 11:42 - 00046148 _____ C:\Users\terri\Downloads\TuitionPayPlan.pdf.crypt
2016-04-19 15:24 - 2014-04-22 20:08 - 00024064 _____ C:\Users\terri\Documents\Math Work sheet for final study.doc.crypt
2016-04-19 15:24 - 2014-04-18 09:22 - 00130048 _____ C:\Users\terri\Documents\TERRI BEDARDgrade2014.doc.crypt
2016-04-19 15:24 - 2014-04-17 20:30 - 00060928 _____ C:\Users\terri\Documents\TEST 4 WILL COVER ALL OF THE FOLLOWING MATERIAL AND NOTHING ELSE.doc.crypt
2016-04-19 15:24 - 2014-04-17 20:18 - 00012314 _____ C:\Users\terri\Downloads\--TEST 4 STUFF.html.zip.crypt
2016-04-19 15:24 - 2014-04-16 11:50 - 00000430 _____ C:\Users\terri\Downloads\Plagiarism Checker.html.zip.crypt
2016-04-19 15:24 - 2014-04-16 10:27 - 00115048 _____ C:\Users\terri\Downloads\Test F Review.pdf.crypt
2016-04-19 15:24 - 2014-04-16 10:25 - 00092552 _____ C:\Users\terri\Downloads\Quiz 6 wo ans.pdf.crypt
2016-04-19 15:24 - 2014-04-15 20:13 - 00201065 _____ C:\Users\terri\Downloads\MAT0018+-+Final+Exam+Review+Sheet[1].pdf.crypt
2016-04-19 15:24 - 2014-04-10 11:24 - 00000162 ____H C:\Users\terri\Documents\~$ted works.doc.crypt
2016-04-19 15:24 - 2014-04-08 20:55 - 00477807 _____ C:\Users\terri\Downloads\6.1.pdf.crypt
2016-04-19 15:24 - 2014-04-08 18:57 - 00112489 _____ C:\Users\terri\Downloads\Test E Review.pdf.crypt
2016-04-19 15:24 - 2014-04-08 18:51 - 00086434 _____ C:\Users\terri\Downloads\quiz 5 wo ans.pdf.crypt
2016-04-19 15:24 - 2014-04-08 18:45 - 00086434 _____ C:\Users\terri\Downloads\quiz+5+wo+ans.pdf.crypt
2016-04-19 15:24 - 2014-03-23 01:27 - 00027136 _____ C:\Users\terri\Downloads\Bedard Terri (2).doc.crypt
2016-04-19 15:24 - 2014-03-20 02:11 - 00028672 _____ C:\Users\terri\Documents\Trying to explain or understand an activity.doc.crypt
2016-04-19 15:24 - 2014-03-19 10:54 - 00107299 _____ C:\Users\terri\Downloads\Test+D+Review.pdf.crypt
2016-04-19 15:24 - 2014-03-19 10:52 - 00082774 _____ C:\Users\terri\Downloads\Quiz+4+wo+answers.pdf.crypt
2016-04-19 15:24 - 2014-03-15 08:48 - 00136156 _____ C:\Users\terri\Downloads\fafactsheet.pdf.crypt
2016-04-19 15:24 - 2014-03-12 09:45 - 00026112 _____ C:\Users\terri\Documents\Terri Bedard Why We Crave Horror Movies.doc.crypt
2016-04-19 15:24 - 2014-03-10 22:57 - 00074752 _____ C:\Users\terri\Documents\TEST 3 WILL COVER ALL OF THE FOLLOWING MATERIAL AND NOTHING ELSE.doc.crypt
2016-04-19 15:24 - 2014-03-06 14:02 - 00792851 _____ C:\Users\terri\Downloads\4.4.pdf.crypt
2016-04-19 15:24 - 2014-03-03 17:42 - 00543464 _____ C:\Users\terri\Downloads\aldi-employment-application (1).pdf.crypt
2016-04-19 15:24 - 2014-03-01 18:05 - 00543464 _____ C:\Users\terri\Downloads\aldi-employment-application.pdf.crypt
2016-04-19 15:24 - 2014-03-01 11:44 - 00028672 _____ C:\Users\terri\Documents\Process.doc.crypt
2016-04-19 15:24 - 2014-02-27 11:23 - 00028160 _____ C:\Users\terri\Documents\Growing up in a upper middle class family was not always what it seemed on the outside.doc.crypt
2016-04-19 15:24 - 2014-02-23 16:24 - 00380723 _____ C:\Users\terri\Downloads\b82f04a7-f92d-4c7f-9e04-b48c58d555e1.pdf.crypt
2016-04-19 15:24 - 2014-02-22 23:05 - 00343785 _____ C:\Users\terri\Downloads\ViewNoticeServlet.pdf.crypt
2016-04-19 15:24 - 2014-02-21 00:31 - 00027136 _____ C:\Users\terri\Downloads\Bedard Terri (1).doc.crypt
2016-04-19 15:24 - 2014-02-17 16:00 - 00026112 _____ C:\Users\terri\Documents\Terri Bedard Propaganda.doc.crypt
2016-04-19 15:24 - 2014-02-12 10:56 - 00118612 _____ C:\Users\terri\Downloads\Test B Review.pdf.crypt
2016-04-19 15:24 - 2014-02-11 09:58 - 00086528 _____ C:\Users\terri\Documents\TEST 2 Ethics.doc.crypt
2016-04-19 15:24 - 2014-02-11 09:36 - 00015645 _____ C:\Users\terri\Downloads\--THE TEST 2 STUDY SHEET.html.zip.crypt
2016-04-19 15:24 - 2014-02-11 09:32 - 00021646 _____ C:\Users\terri\Downloads\--ALL THE TEST 1 STUDY SHEETS.html.zip.crypt
2016-04-19 15:24 - 2014-02-08 23:52 - 00023040 _____ C:\Users\terri\Downloads\Terri Bedard Research Proposal costakis.doc.crypt
2016-04-19 15:24 - 2014-02-08 23:46 - 00027136 _____ C:\Users\terri\Downloads\Bedard Terri.doc.crypt
2016-04-19 15:24 - 2014-02-07 12:44 - 00189440 _____ C:\Users\terri\Documents\Your teammatescrimanil minds.doc.crypt
2016-04-19 15:24 - 2014-02-06 02:50 - 00026112 _____ C:\Users\terri\Documents\Terri Bedard descriptive.doc.crypt
2016-04-19 15:24 - 2014-02-04 20:22 - 00035880 _____ C:\Users\terri\Downloads\UI Online - Doc_20140204000000 (1).pdf.crypt
2016-04-19 15:24 - 2014-02-04 19:35 - 00058466 _____ C:\Users\terri\Downloads\UI Online - Doc_20140204000000.pdf.crypt
2016-04-19 15:23 - 2016-03-22 14:54 - 00135993 _____ C:\Users\terri\Desktop\SecurityScreenAdv_en.pdf.crypt
2016-04-19 15:23 - 2016-03-20 20:32 - 00985664 _____ C:\Users\terri\Desktop\pdf-0009-taking-charge identy.pdf.crypt
2016-04-19 15:23 - 2016-03-03 10:04 - 00326583 _____ C:\Users\terri\Desktop\phototree of life.htm.crypt
2016-04-19 15:23 - 2016-03-02 12:24 - 01079749 _____ C:\Users\terri\Desktop\VIEW_BILLbrig.pdf.crypt
2016-04-19 15:23 - 2016-03-02 12:24 - 01020190 _____ C:\Users\terri\Desktop\VIEW_BILLbrigh.pdf.crypt
2016-04-19 15:23 - 2016-03-02 12:23 - 00824144 _____ C:\Users\terri\Desktop\VIEW_BILLbri.pdf.crypt
2016-04-19 15:23 - 2016-01-22 10:55 - 01661259 _____ C:\Users\terri\Desktop\Serving all your landscaping.docx.crypt
2016-04-19 15:23 - 2016-01-20 12:34 - 00310271 _____ C:\Users\terri\Desktop\photo.htm.crypt
2016-04-19 15:23 - 2016-01-14 14:32 - 00262417 _____ C:\Users\terri\Desktop\STATEMENT.pdf.crypt
2016-04-19 15:23 - 2015-12-28 13:17 - 00028071 _____ C:\Users\terri\Desktop\STATEMENT (1) over draft.pdf.crypt
2016-04-19 15:23 - 2015-12-08 10:24 - 00025750 _____ C:\Users\terri\Desktop\TerriBedard google resume.docx.crypt
2016-04-19 15:23 - 2015-12-06 11:22 - 00072286 _____ C:\Users\terri\Desktop\TD Credit Card Service Online.docx.crypt
2016-04-19 15:23 - 2015-11-06 09:55 - 00000162 ____H C:\Users\terri\Desktop\~$ll center.docx.crypt
2016-04-19 15:23 - 2015-09-17 08:35 - 00101702 _____ C:\Users\terri\Desktop\payment_plan_income_sens_FLS.pdf.crypt
2016-04-19 15:23 - 2015-07-31 20:18 - 00264529 _____ C:\Users\terri\Desktop\Stmnt_072015_3826 capital one july.pdf.crypt
2016-04-19 15:23 - 2015-07-31 17:57 - 00029497 _____ C:\Users\terri\Desktop\Texas Lottery Winner Claim Form.htm.crypt
2016-04-19 15:23 - 2015-07-31 17:57 - 00003975 _____ C:\Users\terri\Desktop\Texas Lottery Winner Claim Form.txt.crypt
2016-04-19 15:23 - 2015-06-01 09:45 - 00474548 _____ C:\Users\terri\Desktop\oldnavyjuneStatement.pdf.crypt
2016-04-19 15:23 - 2015-05-23 09:52 - 00536384 _____ C:\Users\terri\Documents\CLjobs.docx.crypt
2016-04-19 15:23 - 2015-05-13 10:44 - 00144896 _____ C:\Users\terri\Documents\Chapter One to Four under.doc.crypt
2016-04-19 15:23 - 2015-05-09 00:43 - 00714443 _____ C:\Users\terri\Documents\BillImage.pdf.crypt
2016-04-19 15:23 - 2015-04-21 23:18 - 00012026 _____ C:\Users\terri\Documents\April 21.docx.crypt
2016-04-19 15:23 - 2015-02-21 14:26 - 00129308 _____ C:\Users\terri\Documents\2176 ultra sound.pdf.crypt
2016-04-19 15:23 - 2015-02-21 14:21 - 16052319 _____ C:\Users\terri\Documents\2014-2015 College Catalog Addendum.pdf.crypt
2016-04-19 15:23 - 2015-01-16 14:04 - 00000162 ____H C:\Users\terri\Desktop\~$dedule1 chap1.docx.crypt
2016-04-19 15:23 - 2014-12-23 05:46 - 00000162 ____H C:\Users\terri\Desktop\~$mecourse online.docx.crypt
2016-04-19 15:23 - 2014-12-11 02:57 - 00000221 _____ C:\Users\terri\Desktop\micro.txt.crypt
2016-04-19 15:23 - 2014-12-05 18:54 - 00000022 _____ C:\Users\terri\Documents\den.txt.crypt
2016-04-19 15:23 - 2014-10-13 11:33 - 00009564 _____ C:\Users\terri\Desktop\Removed Apps.html.crypt
2016-04-19 15:23 - 2014-09-09 23:41 - 00024576 _____ C:\Users\terri\Documents\Elgin Marbles.doc.crypt
2016-04-19 15:23 - 2014-09-02 23:11 - 00026112 _____ C:\Users\terri\Documents\Early civilization 4 concerns Terri Bedard.doc.crypt
2016-04-19 15:23 - 2014-09-02 10:28 - 00826423 _____ C:\Users\terri\Documents\Early Civilizations concept map.pdf.crypt
2016-04-19 15:23 - 2014-09-01 22:08 - 357291465 _____ C:\Users\terri\Desktop\Storage_Manager_Server-windows-x86_64-5.7.2-Eval.zip.crypt
2016-04-19 15:23 - 2014-08-25 18:43 - 00034816 _____ C:\Users\terri\Documents\Early Civilizations overview week 2.doc.crypt
2016-04-19 15:23 - 2014-08-25 15:21 - 00026112 _____ C:\Users\terri\Documents\ex. 2 Ancient Maya Terri Bedard.doc.crypt
2016-04-19 15:23 - 2014-08-22 00:58 - 00027136 _____ C:\Users\terri\Documents\Exercise 2 Mayan Astronomy.doc.crypt
2016-04-19 15:23 - 2014-08-22 00:58 - 00027136 _____ C:\Users\terri\Documents\Exercise 2 Mayan a.doc.crypt
2016-04-19 15:23 - 2014-08-22 00:52 - 00032768 _____ C:\Users\terri\Documents\Exercise 1 Standing of the Shoulder of Gaints.doc.crypt
2016-04-19 15:23 - 2014-07-24 10:33 - 00061622 _____ C:\Users\terri\Documents\classbooks 2014 fall.rtf.crypt
2016-04-19 15:23 - 2014-07-16 10:58 - 00000560 _____ C:\Users\terri\Documents\book letter.rtf.crypt
2016-04-19 15:23 - 2014-07-02 01:30 - 00193536 _____ C:\Users\terri\Documents\6.2.doc.crypt
2016-04-19 15:23 - 2014-06-20 16:50 - 00004018 _____ C:\Users\terri\Documents\chapter10test.txt.crypt
2016-04-19 15:23 - 2014-06-20 16:49 - 00004556 _____ C:\Users\terri\Documents\chapter6test.txt.crypt
2016-04-19 15:23 - 2014-06-20 16:47 - 00003775 _____ C:\Users\terri\Documents\Chapter 5test.txt.crypt
2016-04-19 15:23 - 2014-06-20 16:45 - 00005005 _____ C:\Users\terri\Documents\Chapter4test.txt.crypt
2016-04-19 15:23 - 2014-06-20 16:44 - 00004085 _____ C:\Users\terri\Documents\chapter 3.txt.crypt
2016-04-19 15:23 - 2014-06-20 15:52 - 00004336 _____ C:\Users\terri\Documents\classlist.txt.crypt
2016-04-19 15:23 - 2014-06-10 13:05 - 00024064 _____ C:\Users\terri\Documents\Due june 10th.doc.crypt
2016-04-19 15:23 - 2014-06-05 15:10 - 00024576 _____ C:\Users\terri\Documents\chow chow.doc.crypt
2016-04-19 15:23 - 2014-06-05 00:35 - 00661825 _____ C:\Users\terri\Documents\basic_review_card.pdf.crypt
2016-04-19 15:23 - 2014-05-22 22:14 - 00035840 _____ C:\Users\terri\Documents\Dr.doc.crypt
2016-04-19 15:23 - 2014-05-17 11:33 - 00033792 _____ C:\Users\terri\Documents\Discussion 2.doc.crypt
2016-04-19 15:23 - 2014-05-13 11:57 - 00024064 _____ C:\Users\terri\Documents\4.doc.crypt
2016-04-19 15:23 - 2014-04-10 11:24 - 00024064 _____ C:\Users\terri\Documents\cited works.doc.crypt
2016-04-19 15:23 - 2014-03-23 01:25 - 00029184 _____ C:\Users\terri\Documents\BedardTerri my face country.doc.crypt
2016-04-19 15:23 - 2014-03-21 09:16 - 00029184 _____ C:\Users\terri\Documents\BedardTerri third essay.doc.crypt
2016-04-19 15:23 - 2014-03-20 20:40 - 00024064 _____ C:\Users\terri\Documents\BedardTerriprocess.doc.crypt
2016-04-19 15:23 - 2014-03-20 00:26 - 00029184 _____ C:\Users\terri\Documents\Bedard Terri process.doc.crypt
2016-04-19 15:23 - 2014-02-27 11:10 - 00024064 _____ C:\Users\terri\Documents\BedardTerri.doc.crypt
2016-04-19 15:23 - 2014-02-26 13:38 - 00027648 _____ C:\Users\terri\Documents\Everybody loves a good story.doc.crypt
2016-04-19 15:23 - 2014-01-29 19:52 - 00024064 _____ C:\Users\terri\Documents\Bedard Terri.doc.crypt
2016-04-19 15:20 - 2016-01-14 19:03 - 00014205 _____ C:\Users\terri\Desktop\house keeping cover letter resume.docx.crypt
2016-04-19 15:20 - 2016-01-14 15:41 - 00012041 _____ C:\Users\terri\Desktop\cover letter store assoc distress center.docx.crypt
2016-04-19 15:20 - 2015-12-26 14:41 - 00019236 _____ C:\Users\terri\Desktop\assembly.docx.crypt
2016-04-19 15:20 - 2015-12-08 16:47 - 00247420 _____ C:\Users\terri\Desktop\es2282-adobe8medicaid.pdf.crypt
2016-04-19 15:20 - 2015-12-08 10:13 - 00878907 _____ C:\Users\terri\Desktop\BillImagebhn.pdf.crypt
2016-04-19 15:20 - 2015-12-06 21:46 - 00018897 _____ C:\Users\terri\Desktop\House keeping.docx.crypt
2016-04-19 15:20 - 2015-12-06 12:49 - 00011967 _____ C:\Users\terri\Desktop\cover letter store assoc.GENERAL.docx.crypt
2016-04-19 15:20 - 2015-11-25 12:26 - 00011966 _____ C:\Users\terri\Desktop\cover letter store assoc..docx.crypt
2016-04-19 15:20 - 2015-11-12 15:29 - 00011329 _____ C:\Users\terri\Desktop\condoroute.ods.xlsx.crypt
2016-04-19 15:20 - 2015-11-03 14:30 - 00018750 _____ C:\Users\terri\Desktop\call center.docx.crypt
2016-04-19 15:20 - 2015-10-20 12:03 - 00018658 _____ C:\Users\terri\Desktop\Customer serv Resume revised.docx.crypt
2016-04-19 15:20 - 2015-09-17 07:02 - 00022062 _____ C:\Users\terri\Desktop\Employ Florida - Senior Services.htm.crypt
2016-04-19 15:20 - 2015-07-31 18:09 - 00026455 _____ C:\Users\terri\Desktop\ClaimFormSubmit.pdf.crypt
2016-04-19 15:20 - 2015-06-05 20:45 - 00534572 _____ C:\Users\terri\Desktop\brighthouse june bill.pdf.crypt
2016-04-19 15:20 - 2015-06-01 08:25 - 00258712 _____ C:\Users\terri\Desktop\chase disney june statement.pdf.crypt
2016-04-19 15:20 - 2015-06-01 08:16 - 00140758 _____ C:\Users\terri\Desktop\capital one june statement.pdf.crypt
2016-04-19 15:20 - 2015-03-28 19:46 - 00018676 _____ C:\Users\terri\Desktop\Customer serv Resume.docx.crypt
2016-04-19 15:20 - 2015-02-21 14:15 - 00410902 _____ C:\Users\terri\Desktop\Broward College.docx.crypt
2016-04-19 15:19 - 2016-01-20 12:33 - 00427897 _____ C:\Users\terri\Desktop\344722305698499lottery numbers.htm.crypt
2016-04-19 15:19 - 2015-12-29 19:59 - 00019271 _____ C:\Users\terri\Desktop\assembly 23.docx.crypt
2016-04-19 15:19 - 2014-11-06 19:42 - 01572470 _____ C:\Users\terri\Desktop\A-Students-Guide-to-Study-Abroad-Book.pdf.crypt
2016-04-19 14:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-04-19 14:33 - 2015-04-01 11:51 - 00003154 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForterri
2016-04-19 14:33 - 2015-04-01 11:51 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForterri.job
2016-04-19 10:04 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-19 10:04 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-17 03:37 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-17 03:36 - 2014-10-13 12:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-15 19:15 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 19:45 - 2015-10-08 13:10 - 00453280 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-07 04:51 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-07 04:50 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-04 16:39 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-02 14:06 - 2015-02-03 19:04 - 00000000 ____D C:\Users\terri
2016-03-26 09:12 - 2014-10-19 19:03 - 00000000 ____D C:\Users\terri\AppData\Local\Windows Live
2016-03-26 08:27 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-25 19:31 - 2015-10-17 16:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-03-25 19:27 - 2015-12-07 14:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-25 19:25 - 2015-07-19 11:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-03-25 19:25 - 2013-12-20 19:27 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64

==================== Files in the root of some directories =======

2014-11-03 13:41 - 2014-11-03 13:41 - 0000000 _____ () C:\Users\terri\AppData\Local\{06B4E2A0-7780-4395-B46C-19DFA3BA22EB}
2016-04-19 14:50 - 2016-04-19 14:50 - 0000003 _____ () C:\ProgramData\ECFE33BD322A.dat

Files to move or delete:
====================
C:\ProgramData\ECFE33BD322A.dat

Some files in TEMP:
====================
C:\Users\terri\AppData\Local\Temp\PCloudCleanerUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-20 19:00

==================== End of FRST.txt ============================


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello Terri,

 

Welcome to Geekstogo.

Do you have a backup for this computer?

I take it that you can still download to that machine. Assuming you can, please do this:

IDToolbyNathan.pngIDTool

  • Please download IDTool and save the file to your Desktop.
  • Right-Click idtool.zip and click Extract All. Select your Desktop and click Extract.
  • Right-Click IDTool.exe and click AVOiBNU.jpg Run as administrator to run the programme.
  • If you're prompted to download and install Micorsoft .NET Framework, please agree.
  • Allow the programme to collect the necessary data.
  • Once the main console is loaded, click Rescan Computer and Generate a New Report.
  • Upon completion, and when prompted that the rescan is complete, click Generate Text Friendly Report for Forums.
  • Copy the contents of the report and paste in your next reply.

 


  • 0

#3
blt

blt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

I was able to down load this tool but it did not generate a successful scan. I seem to only be able to get online. Window is not letting access my administration rights. It has even accessed my bac up drive for my restore.  Do you have any other ideas? The only thing I can see doing is paying 130 to computer store to wipe and reinstall. I had purchased my computer preinstalled with windows so I have no physical disk to reinstall windows my self.

 

 

 

Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 4/26/2016 10:21:10 AM
Operating System: Windows 8
Service Pack: N/A
Version Number: 6.2
Product Type: Workstation
--------------------------------------------
[Detected Flags]
 


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Yes, doesn't always work but often that tool can help identify which file encryptor it is and thus allow us to form a plan of action.

Unfortunately, because of efforts to remove the infection (tools used and files removed) much of the information that might help us has been deleted. The water is muddied further in that a lot of other malware seems to have been downloaded with the ransomware. This is par for the course but can complicate matters. Explains the reports you were getting from the security programs you ran.

My first thought from what you said in your opening statement was that the file encryptor infection on your machine is some form of TeslaCrypt 3 and I do see an indication in your logs but other indications are missing.  I was looking for confirmation with ID tool.

 

For earlier versions of TeslaCrypt we could help with decryption tools. The only solution for the later versions is full format and re-install hence my question about backup and yes, later versions of ransomware will infect backup drives if they are connected.

 

For more information on TeslaCrypt go here. There is some useful information and suggestions about actions you could attempt although in this case I suspect that you will not be able to recover the data lost.

 

If it is not TeslaCrypt but some other file incryptor then I think it is a recent version with similar infection and encryption techniques. The advice would be the same

Not what you want to hear but my recommendation is a complete format and fresh install. That's what I would do if I were in your place. :)

You may wish to keep the backup drive somewhere though. If, down the track, a solution is found to decrypting those files you will still have the data there.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP