Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

encrypted files

Started by starjax , Oct 16 2016 03:06 PM

  • Please log in to reply

#1
starjax
Posted 16 October 2016 - 03:06 PM

starjax

    Global Moderator

  • Global Moderator
  • 6,678 posts

so mom opened an attachment in email that she shouldn't have and now all the important files are encrypted.  malwarebytes detected and cleaned the infection.  Would like to try and decrypt the files if possible.

 

Frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by bobbie (administrator) on DDKHPDF1 (16-10-2016 15:54:55)
Running from C:\Documents and Settings\bobbie\Desktop
Loaded Profiles: bobbie &  (Available Profiles: bobbie)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files\QUICKENW\qagent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Marimba Inc.) C:\WINDOWS\system32\mrtMngr.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [QAGENT] => C:\Program Files\QUICKENW\QAGENT.EXE [94208 2001-08-01] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2015-06-04] (Google Inc.)
HKU\S-1-5-21-793174324-398084167-7186732-1006\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)
HKU\S-1-5-21-793174324-398084167-7186732-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-793174324-398084167-7186732-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-01-05] (Google Inc.)
HKU\S-1-5-21-793174324-398084167-7186732-1006\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-793174324-398084167-7186732-1006\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-793174324-398084167-7186732-1006\...\MountPoints2: {64949406-e8d7-11dc-9baa-001d097db105} - F:\LaunchU3.exe -a
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-01-05] (Google Inc.)
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {64949406-e8d7-11dc-9baa-001d097db105} - F:\LaunchU3.exe -a
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2015-06-04] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-07-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-04-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\bobbie\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2016-10-16]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DF0C4443-DFEC-4FB2-80D1-94BC2A2D5E63}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dell.com
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080105
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
SearchScopes: HKLM -> DefaultScope {9230cb90-79de-4945-88a4-762244a25bc8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UU^xdm003^YYA^us&ptb=A8E72484-5B7E-462E-91BE-57C7A722DD3B&ind=2013112111&n=77fda72f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {9230cb90-79de-4945-88a4-762244a25bc8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UU^xdm003^YYA^us&ptb=A8E72484-5B7E-462E-91BE-57C7A722DD3B&ind=2013112111&n=77fda72f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006 -> BrowserMngrDefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006 -> {9230cb90-79de-4945-88a4-762244a25bc8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UU^xdm003^YYA^us&ptb=A8E72484-5B7E-462E-91BE-57C7A722DD3B&ind=2013112111&n=77fda72f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3003489
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> BrowserMngrDefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9230cb90-79de-4945-88a4-762244a25bc8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UU^xdm003^YYA^us&ptb=A8E72484-5B7E-462E-91BE-57C7A722DD3B&ind=2013112111&n=77fda72f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3003489
SearchScopes: HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_255129277\LPToolbar.dll [2014-04-18] (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08] (Adblock Plus)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_255129277\LPToolbar.dll [2014-04-18] (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-793174324-398084167-7186732-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\bobbie\Application Data\Flickr\Flickr Uploadr\Profiles\rzx3a3az.default [2012-04-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: (Copy To Wordperfect Lightning) - c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2008-08-04] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-30] [not signed]
FF HKU\S-1-5-21-793174324-398084167-7186732-1006\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-04] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-04] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-24]
CHR Extension: (YouTube) - C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-24]
CHR Extension: (EverydayLookup) - C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpeepicldbpmefboahpolegllmiglnai [2016-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Documents and Settings\bobbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 datunidr; C:\WINDOWS\System32\DRIVERS\datunidr.sys [5376 2007-08-23] (Gteko Ltd.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-04] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-04] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-04] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-16] (Malwarebytes)
R2 mrtRate; C:\WINDOWS\system32\Drivers\mrtRate.sys [34712 2001-02-28] (Marimba, Inc.) [File not signed]
R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-16 15:54 - 2016-10-16 15:56 - 00026767 _____ C:\Documents and Settings\bobbie\Desktop\FRST.txt
2016-10-16 15:54 - 2016-10-16 15:54 - 00000000 ____D C:\Documents and Settings\bobbie\Desktop\FRST-OlderVersion
2016-10-16 15:53 - 2016-10-16 15:54 - 01756672 _____ (Farbar) C:\Documents and Settings\bobbie\Desktop\FRST.exe
2016-10-16 15:53 - 2016-10-16 15:54 - 00000000 ____D C:\FRST
2016-10-15 23:21 - 2016-10-15 23:21 - 00045568 ___SH C:\WINDOWS\Thumbs.db
2016-10-15 21:09 - 2016-10-15 21:09 - 00985843 _____ C:\Documents and Settings\bobbie\Local Settings\Application Data\census.cache
2016-10-15 21:05 - 2016-10-15 21:05 - 01196899 _____ C:\Documents and Settings\bobbie\Local Settings\Application Data\ars.cache
2016-10-15 19:43 - 2016-10-15 19:43 - 00000036 _____ C:\Documents and Settings\bobbie\Local Settings\Application Data\housecall.guid.cache
2016-10-15 19:39 - 2016-10-16 15:38 - 00000460 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1476578319.job
2016-10-15 19:36 - 2016-10-15 19:36 - 00000000 ____D C:\Documents and Settings\bobbie\Application Data\AVAST Software
2016-10-15 19:33 - 2016-10-15 19:33 - 00000000 ___DC C:\WINDOWS\$NtUninstallWdf01009$
2016-10-15 19:32 - 2016-10-16 15:38 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-10-15 19:32 - 2016-10-15 19:32 - 00039832 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2016-10-15 19:31 - 2016-10-15 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-15 19:30 - 2016-10-15 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-10-15 15:17 - 2016-10-15 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-10-10 11:25 - 2016-10-10 11:24 - 00007998 _____ C:\Documents and Settings\bobbie\My Documents\FedEx_000675410.zip
2016-10-10 11:22 - 2016-10-10 11:22 - 00001353 _____ C:\Documents and Settings\bobbie\Desktop\DECRYPT.txt
2016-10-10 08:52 - 2016-10-10 11:29 - 00077598 _____ C:\Documents and Settings\bobbie\My Documents\Payments - Citibank.pdf.crypted
2016-10-04 13:21 - 2016-10-10 11:23 - 00077978 _____ C:\Documents and Settings\bobbie\My Documents\Amazon.pdf.crypted

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-16 15:56 - 2008-03-01 17:26 - 00000000 ____D C:\Documents and Settings\bobbie\Local Settings\Temp
2016-10-16 15:45 - 2015-11-01 19:54 - 00000000 ____D C:\Program Files\Steam
2016-10-16 15:45 - 2011-07-30 20:26 - 00000000 ____D C:\Documents and Settings\bobbie\Application Data\HPAppData
2016-10-16 15:44 - 2014-08-13 09:41 - 00000365 _____ C:\Documents and Settings\bobbie\Desktop\lp.e036e10ef7f1f47cb2513307fbe5a05a28a394e02294463b5b859584bcac1cc8.mpwd
2016-10-16 15:39 - 2014-09-01 12:39 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-16 15:38 - 2014-04-09 08:48 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-10-16 15:38 - 2010-06-30 19:25 - 00000000 ____D C:\MDT
2016-10-16 15:38 - 2010-02-12 17:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-16 15:38 - 2004-08-10 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-16 00:04 - 2004-08-10 14:08 - 00032646 _____ C:\WINDOWS\SchedLgU.Txt
2016-10-16 00:03 - 2008-03-01 17:26 - 00000278 ___SH C:\Documents and Settings\bobbie\ntuser.ini
2016-10-15 23:47 - 2011-06-07 12:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2016-10-15 23:26 - 2010-02-12 17:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-15 23:21 - 2015-06-04 15:16 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2016-10-15 23:21 - 2014-11-17 13:10 - 00023552 ___SH C:\WINDOWS\system32\Thumbs.db
2016-10-15 23:21 - 2008-08-03 15:31 - 00000000 ____D C:\WINDOWS\Corel
2016-10-15 23:21 - 2008-06-15 13:57 - 00020480 _____ C:\Documents and Settings\bobbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-15 23:21 - 2008-04-25 15:25 - 00000000 ____D C:\WINDOWS\SHELLNEW
2016-10-15 23:21 - 2004-08-10 13:52 - 00000000 ___RD C:\WINDOWS\Web
2016-10-15 23:20 - 2009-05-21 22:02 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstall$
2016-10-15 23:20 - 2004-08-10 14:39 - 00000000 ____D C:\dell
2016-10-15 23:13 - 2004-08-10 13:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-10-15 23:12 - 2012-04-18 18:14 - 00000000 ____D C:\Documents and Settings\LogMeInRemoteUser
2016-10-15 23:12 - 2008-03-01 17:26 - 00000000 ____D C:\Documents and Settings\bobbie
2016-10-15 23:12 - 2004-08-10 14:08 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-10-15 23:12 - 2004-08-10 14:08 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-10-15 23:12 - 2004-08-10 14:02 - 00000000 ____D C:\WINDOWS\Registration
2016-10-15 23:12 - 2004-08-10 13:52 - 00000000 ___HD C:\WINDOWS\inf
2016-10-15 23:11 - 2012-03-30 14:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-15 20:40 - 2015-07-24 17:38 - 00000450 _____ C:\WINDOWS\Tasks\At2.job
2016-10-15 17:38 - 2015-07-24 17:38 - 00000450 _____ C:\WINDOWS\Tasks\At3.job
2016-10-15 15:20 - 2009-05-21 22:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951066$
2016-10-15 14:00 - 2015-07-24 17:38 - 00000450 _____ C:\WINDOWS\Tasks\At4.job
2016-10-15 10:10 - 2015-07-24 17:38 - 00000450 _____ C:\WINDOWS\Tasks\At1.job
2016-10-14 15:21 - 2015-06-04 15:16 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2016-10-14 13:28 - 2008-05-15 08:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-10-11 18:11 - 2012-03-30 14:52 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-11 18:11 - 2011-06-07 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-11 18:11 - 2004-08-10 14:02 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-10 12:03 - 2008-03-01 17:26 - 00000000 ___RD C:\Documents and Settings\bobbie\My Documents
2016-10-10 11:29 - 2016-09-12 09:28 - 00021504 _____ C:\Documents and Settings\bobbie\My Documents\STUDENT INFORMATION FORM.doc.crypted
2016-10-10 11:29 - 2016-09-12 08:59 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\studio policy 2016.doc.crypted
2016-10-10 11:29 - 2016-05-11 08:47 - 00050130 _____ C:\Documents and Settings\bobbie\My Documents\Too Much Chocolate Cake - Printer Friendly - Allrecipes.pdf.crypted
2016-10-10 11:29 - 2015-07-11 16:25 - 00130065 _____ C:\Documents and Settings\bobbie\My Documents\Staples.pdf.crypted
2016-10-10 11:29 - 2015-06-26 15:30 - 00038400 _____ C:\Documents and Settings\bobbie\My Documents\TRIP TO JAPAN.doc.crypted
2016-10-10 11:29 - 2014-09-17 14:16 - 00022016 _____ C:\Documents and Settings\bobbie\My Documents\terms.doc.crypted
2016-10-10 11:29 - 2014-06-07 17:20 - 00021504 _____ C:\Documents and Settings\bobbie\My Documents\Report on the catering for the conference May 30.doc.crypted
2016-10-10 11:29 - 2013-09-30 16:05 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\TAMTA Festival is November 9 at ORU.doc.crypted
2016-10-10 11:29 - 2013-08-13 11:50 - 00023552 _____ C:\Documents and Settings\bobbie\My Documents\schedule 2013.xls.crypted
2016-10-10 11:29 - 2013-06-24 10:48 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\These are judges that have had complaints.doc.crypted
2016-10-10 11:29 - 2013-06-22 18:38 - 00162816 _____ C:\Documents and Settings\bobbie\My Documents\Publication1.pub.crypted
2016-10-10 11:29 - 2013-04-26 08:34 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\SMALL PERFORMANCE AWARD 2013.doc.crypted
2016-10-10 11:29 - 2013-03-05 17:06 - 00000000 ____D C:\Documents and Settings\bobbie\My Documents\My Scans
2016-10-10 11:29 - 2013-01-01 17:47 - 00021504 _____ C:\Documents and Settings\bobbie\My Documents\STUDIO UPDATE JANUARY 2013.doc.crypted
2016-10-10 11:29 - 2012-12-09 19:23 - 02439351 _____ C:\Documents and Settings\bobbie\My Documents\Victoria Falls - Elephant Ride 080.jpg.crypted
2016-10-10 11:29 - 2012-12-08 09:35 - 04371968 _____ C:\Documents and Settings\bobbie\My Documents\WILDEBEEST   The wildebeest is a strange looking animal.doc.crypted
2016-10-10 11:29 - 2012-10-22 14:01 - 00088576 _____ C:\Documents and Settings\bobbie\My Documents\south africa.doc.crypted
2016-10-10 11:29 - 2012-08-15 14:09 - 11448949 _____ C:\Documents and Settings\bobbie\My Documents\pssx150is-cug-c-en-web.pdf.crypted
2016-10-10 11:29 - 2012-07-31 17:32 - 00023552 _____ C:\Documents and Settings\bobbie\My Documents\Student Schedule Fall 2012.xls.crypted
2016-10-10 11:29 - 2012-07-09 07:59 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\STUDIO POLICY 2012.doc.crypted
2016-10-10 11:29 - 2012-05-09 10:41 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\recital12 cert.doc.crypted
2016-10-10 11:29 - 2012-05-07 08:08 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\recital12.doc.crypted
2016-10-10 11:29 - 2012-04-27 12:30 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\RECITAL IS MAY 13.doc.crypted
2016-10-10 11:29 - 2012-04-24 19:04 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\This is the address for Morgan.doc.crypted
2016-10-10 11:29 - 2012-03-05 11:30 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\recital2012.doc.crypted
2016-10-10 11:29 - 2011-10-10 10:45 - 00047616 _____ C:\Documents and Settings\bobbie\My Documents\STUDIO UPDATES 2011.doc.crypted
2016-10-10 11:29 - 2010-10-06 08:03 - 00039184 _____ C:\Documents and Settings\bobbie\My Documents\Tulsa Festival Entry.pdf.crypted
2016-10-10 11:29 - 2010-08-11 09:48 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\opening letter 2010.doc.crypted
2016-10-10 11:29 - 2010-08-03 09:55 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\Theory level 8.doc.crypted
2016-10-10 11:29 - 2010-04-18 13:06 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\recital invite.doc.crypted
2016-10-10 11:29 - 2009-05-19 15:07 - 00026112 _____ C:\Documents and Settings\bobbie\My Documents\TUITION injvoice.doc.crypted
2016-10-10 11:29 - 2009-04-29 08:07 - 00026624 _____ C:\Documents and Settings\bobbie\My Documents\Practice Awards.doc.crypted
2016-10-10 11:29 - 2009-04-29 08:07 - 00000162 ____H C:\Documents and Settings\bobbie\My Documents\~$actice Awards.doc.crypted
2016-10-10 11:29 - 2009-04-28 16:42 - 00006599 _____ C:\Documents and Settings\bobbie\My Documents\sfly_logo_125_40.jpg.crypted
2016-10-10 11:29 - 2009-04-27 15:09 - 00000162 ____H C:\Documents and Settings\bobbie\My Documents\~$ards 2009.doc.crypted
2016-10-10 11:29 - 2009-04-27 13:57 - 00022016 _____ C:\Documents and Settings\bobbie\My Documents\TUITION.doc.crypted
2016-10-10 11:29 - 2009-04-27 08:56 - 00000162 ____H C:\Documents and Settings\bobbie\My Documents\~$new 09.doc.crypted
2016-10-10 11:29 - 2009-04-22 10:08 - 00026624 _____ C:\Documents and Settings\bobbie\My Documents\new 09.doc.crypted
2016-10-10 11:29 - 2009-03-09 08:23 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\STUDIO SPRING BRREAK IS.doc.crypted
2016-10-10 11:29 - 2009-02-23 12:01 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\Your time to perform at ORU on March 7  is.doc.crypted
2016-10-10 11:29 - 2009-01-16 20:22 - 00000162 ____H C:\Documents and Settings\bobbie\My Documents\~$uble ring.doc.crypted
2016-10-10 11:29 - 2008-12-12 16:11 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\Turbulent WatersSaxon Freiner.doc.crypted
2016-10-10 11:29 - 2008-12-08 15:24 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\YOU ARE INVITED TO OUR.doc.crypted
2016-10-10 11:29 - 2008-11-06 16:06 - 00047104 _____ C:\Documents and Settings\bobbie\My Documents\STUDIO UPDATES.doc.crypted
2016-10-10 11:29 - 2008-04-25 16:04 - 00108544 _____ C:\Documents and Settings\bobbie\My Documents\Publication2.pub.crypted
2016-10-10 11:29 - 2008-04-25 15:48 - 00128000 _____ C:\Documents and Settings\bobbie\My Documents\recital 08.pub.crypted
2016-10-10 11:29 - 2008-03-02 19:03 - 00000000 ____D C:\lj1000hb
2016-10-10 11:27 - 2008-03-01 17:26 - 00000000 ___RD C:\Documents and Settings\bobbie\My Documents\My Pictures
2016-10-10 11:23 - 2016-07-20 15:35 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\Medications for Roberta L.doc.crypted
2016-10-10 11:23 - 2016-06-14 08:52 - 00061774 _____ C:\Documents and Settings\bobbie\My Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf.crypted
2016-10-10 11:23 - 2016-05-08 19:37 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\CHANGE OF TIME.doc.crypted
2016-10-10 11:23 - 2015-11-28 15:00 - 00103412 _____ C:\Documents and Settings\bobbie\My Documents\MTNA National Conference Registration 2016.pdf.crypted
2016-10-10 11:23 - 2015-10-12 12:05 - 00936709 _____ C:\Documents and Settings\bobbie\My Documents\Blank Spades Score sheet.pdf.crypted
2016-10-10 11:23 - 2015-07-07 10:00 - 01526784 _____ C:\Documents and Settings\bobbie\My Documents\JOAN.doc.crypted
2016-10-10 11:23 - 2015-06-15 16:44 - 00021942 _____ C:\Documents and Settings\bobbie\My Documents\Bridge_Tally_2_Table.pdf.crypted
2016-10-10 11:23 - 2015-06-15 15:08 - 00030572 _____ C:\Documents and Settings\bobbie\My Documents\BridgeTally2TableIndividual-Large.pdf.crypted
2016-10-10 11:23 - 2015-05-25 09:37 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\cert 2015.doc.crypted
2016-10-10 11:23 - 2015-05-10 15:38 - 00675205 _____ C:\Documents and Settings\bobbie\My Documents\how_to_copy_photos_to_a_cd.pdf.crypted
2016-10-10 11:23 - 2014-06-22 18:57 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\Bridge.doc.crypted
2016-10-10 11:23 - 2014-05-26 08:33 - 00036864 _____ C:\Documents and Settings\bobbie\My Documents\final menu for OMTA.doc.crypted
2016-10-10 11:23 - 2014-05-20 14:23 - 00030720 _____ C:\Documents and Settings\bobbie\My Documents\Jessica these are the numbers as of no1.doc.crypted
2016-10-10 11:23 - 2014-05-20 09:12 - 00023552 _____ C:\Documents and Settings\bobbie\My Documents\Jessica these are the numbers as of now.doc.crypted
2016-10-10 11:23 - 2014-05-14 10:23 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\cert 2014.doc.crypted
2016-10-10 11:23 - 2013-08-06 09:33 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\BRITTANY.doc.crypted
2016-10-10 11:23 - 2013-06-25 12:00 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\MEXICAM 15 MG.doc.crypted
2016-10-10 11:23 - 2013-06-20 09:38 - 00072704 _____ C:\Documents and Settings\bobbie\My Documents\business.pub.crypted
2016-10-10 11:23 - 2013-06-19 18:16 - 00064512 _____ C:\Documents and Settings\bobbie\My Documents\cards.pub.crypted
2016-10-10 11:23 - 2013-05-04 14:05 - 00159933 _____ C:\Documents and Settings\bobbie\My Documents\MtWhitney Waide & Raza.jpeg.crypted
2016-10-10 11:23 - 2013-04-29 13:54 - 00035840 _____ C:\Documents and Settings\bobbie\My Documents\bio1`3.doc.crypted
2016-10-10 11:23 - 2013-04-29 09:33 - 00035840 _____ C:\Documents and Settings\bobbie\My Documents\bio1`2.doc.crypted
2016-10-10 11:23 - 2013-04-24 09:52 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\cert 2013.doc.crypted
2016-10-10 11:23 - 2012-04-26 07:09 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\GUILD AUDITIONS.doc.crypted
2016-10-10 11:23 - 2012-04-22 18:19 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\Mike.doc.crypted
2016-10-10 11:23 - 2011-12-09 18:06 - 00022528 _____ C:\Documents and Settings\bobbie\My Documents\CHRISTMAS RECITAL 2011.doc.crypted
2016-10-10 11:23 - 2011-10-08 19:04 - 00022528 _____ C:\Documents and Settings\bobbie\My Documents\medco drug plan drug prices 2011.xls.crypted
2016-10-10 11:23 - 2011-05-11 14:02 - 00831751 _____ C:\Documents and Settings\bobbie\My Documents\http___www.mmsend3.com_link.cfm_r=218378696&sid=13588888&m=1355353&u=MTNA&s=https___members.mtna.org_membercertificate.pdf.crypted
2016-10-10 11:23 - 2011-04-13 21:54 - 00022954 _____ C:\Documents and Settings\bobbie\My Documents\Grand-Piano-1533616.jpg.crypted
2016-10-10 11:23 - 2011-04-04 06:37 - 04893537 _____ C:\Documents and Settings\bobbie\My Documents\birth cert req 11.JPG.crypted
2016-10-10 11:23 - 2011-02-13 21:41 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\hyechka.doc.crypted
2016-10-10 11:23 - 2010-10-20 10:22 - 00024576 _____ C:\Documents and Settings\bobbie\My Documents\Dear TAMTA Judges.doc.crypted
2016-10-10 11:23 - 2010-04-29 13:39 - 00066005 _____ C:\Documents and Settings\bobbie\My Documents\DSC04821.JPG.crypted
2016-10-10 11:23 - 2010-03-09 08:16 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\MUSIC MAN.doc.crypted
2016-10-10 11:23 - 2009-10-23 16:37 - 00000000 ____D C:\Documents and Settings\bobbie\My Documents\Hoyle Card Games 2010
2016-10-10 11:23 - 2009-06-02 09:05 - 00090624 _____ C:\Documents and Settings\bobbie\My Documents\Level 7-8 Theory Template.doc.crypted
2016-10-10 11:23 - 2009-04-27 15:07 - 00020992 _____ C:\Documents and Settings\bobbie\My Documents\Copy of Certificate of AchievementThis is to certify that Molly Thomsonis.doc.crypted
2016-10-10 11:23 - 2009-04-20 14:51 - 12494848 _____ C:\Documents and Settings\bobbie\My Documents\an afterniin.pub.crypted
2016-10-10 11:23 - 2009-04-16 09:55 - 00026112 _____ C:\Documents and Settings\bobbie\My Documents\awards 2009.doc.crypted
2016-10-10 11:23 - 2009-04-07 08:25 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\equitable claim.doc.crypted
2016-10-10 11:23 - 2009-04-03 15:28 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\Equitable.doc.crypted
2016-10-10 11:23 - 2009-03-18 16:22 - 00186166 _____ C:\Documents and Settings\bobbie\My Documents\Fax to Bios at Home - 03-17-09.tif.crypted
2016-10-10 11:23 - 2009-01-25 19:07 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\Dear Parents.doc.crypted
2016-10-10 11:23 - 2009-01-15 13:15 - 00038912 _____ C:\Documents and Settings\bobbie\My Documents\double ring.doc.crypted
2016-10-10 11:23 - 2008-12-12 16:55 - 00023552 _____ C:\Documents and Settings\bobbie\My Documents\Knights Armor.doc.crypted
2016-10-10 11:23 - 2008-12-12 16:13 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\Minute MarchGracie Conklin.doc.crypted
2016-10-10 11:23 - 2008-11-07 22:05 - 00019968 _____ C:\Documents and Settings\bobbie\My Documents\CORRECTIONS.doc.crypted
2016-10-10 11:23 - 2008-10-29 18:22 - 00025088 _____ C:\Documents and Settings\bobbie\My Documents\molly.doc.crypted
2016-10-10 11:23 - 2008-10-18 14:42 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\hyechka studentst.doc.crypted
2016-10-10 11:23 - 2008-10-18 14:24 - 00024064 _____ C:\Documents and Settings\bobbie\My Documents\I do not have a list of Hyechka students included in my packet.doc.crypted
2016-10-10 11:22 - 2015-06-02 14:30 - 00052807 _____ C:\Documents and Settings\bobbie\My Documents\Account Details Print Friendly.pdf.crypted
2016-10-10 11:22 - 2015-05-27 00:16 - 00051200 _____ C:\Documents and Settings\bobbie\Desktop\Recital may 15.doc.crypted
2016-10-10 11:22 - 2015-05-25 09:13 - 00026624 _____ C:\Documents and Settings\bobbie\Desktop\RECITAL 15.doc.crypted
2016-10-10 11:22 - 2014-11-27 22:57 - 00043173 _____ C:\Documents and Settings\bobbie\My Documents\2922 Garfield Listing contract change of status.pdf.crypted
2016-10-10 11:22 - 2014-11-27 22:48 - 00156058 _____ C:\Documents and Settings\bobbie\My Documents\409-413  Olive Counter offer.pdf.crypted
2016-10-10 11:22 - 2014-06-28 16:25 - 00020480 _____ C:\Documents and Settings\bobbie\My Documents\aa dispute.doc.crypted
2016-10-10 11:22 - 2014-05-13 14:31 - 00051200 _____ C:\Documents and Settings\bobbie\Desktop\Recital may 18.doc.crypted
2016-10-10 11:22 - 2014-05-13 14:25 - 00026112 _____ C:\Documents and Settings\bobbie\Desktop\recital 14.doc.crypted
2016-10-10 11:22 - 2013-04-24 09:35 - 00026112 _____ C:\Documents and Settings\bobbie\Desktop\Recital 5-13.doc.crypted
2016-10-10 11:22 - 2013-04-23 11:11 - 00051712 _____ C:\Documents and Settings\bobbie\Desktop\Recital may 5.doc.crypted
2016-10-10 11:22 - 2012-05-09 16:28 - 00025088 _____ C:\Documents and Settings\bobbie\Desktop\may 13.doc.crypted
2016-10-10 11:22 - 2012-05-09 16:15 - 00115712 _____ C:\Documents and Settings\bobbie\Desktop\Recital may 13.doc.crypted
2016-10-10 11:22 - 2012-05-09 16:03 - 00000162 ____H C:\Documents and Settings\bobbie\Desktop\~$ogram template.doc.crypted
2016-10-10 11:22 - 2011-04-26 12:57 - 00027136 _____ C:\Documents and Settings\bobbie\My Documents\011 recital 3page.doc.crypted
2016-10-10 11:22 - 2011-04-26 12:28 - 00026112 _____ C:\Documents and Settings\bobbie\My Documents\11recital.doc.crypted
2016-10-10 11:22 - 2011-04-26 12:04 - 00027136 _____ C:\Documents and Settings\bobbie\My Documents\011 recital.doc.crypted
2016-10-10 11:22 - 2011-04-26 11:09 - 00026112 _____ C:\Documents and Settings\bobbie\My Documents\0101 recital.doc.crypted
2016-10-10 11:22 - 2011-04-17 16:32 - 00112128 _____ C:\Documents and Settings\bobbie\Desktop\Program template.doc.crypted
2016-10-10 11:22 - 2011-02-28 16:33 - 00022016 _____ C:\Documents and Settings\bobbie\My Documents\2.doc.crypted
2016-10-10 11:22 - 2011-02-28 15:50 - 00021504 _____ C:\Documents and Settings\bobbie\My Documents\Alexia.doc.crypted
2016-10-10 11:22 - 2010-08-29 12:59 - 622870528 _____ C:\Documents and Settings\bobbie\Desktop\winxpsp2.iso.crypted
2016-10-10 11:22 - 2010-04-15 14:09 - 00026112 _____ C:\Documents and Settings\bobbie\My Documents\010 recital.doc.crypted
2016-10-10 11:22 - 2009-06-09 08:41 - 00030208 _____ C:\Documents and Settings\bobbie\June 09 OMT article.doc.crypted
2016-10-10 11:22 - 2009-04-20 10:01 - 00024576 _____ C:\Documents and Settings\bobbie\My Documents\09 recital.doc.crypted
2016-10-08 15:00 - 2014-04-09 08:48 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-10-03 17:04 - 2008-04-30 14:15 - 00018944 _____ C:\Documents and Settings\bobbie\My Documents\Untitled Document.wps
2016-10-03 17:04 - 2008-03-02 23:13 - 00019660 _____ C:\Documents and Settings\bobbie\Application Data\wklnhst.dat
2016-09-25 15:21 - 2008-08-30 10:25 - 00002497 _____ C:\Documents and Settings\bobbie\Desktop\Microsoft Office Word 2003.lnk
2016-09-21 10:23 - 2010-08-22 19:43 - 00002521 _____ C:\Documents and Settings\bobbie\Desktop\Microsoft Office Outlook 2003.lnk
2016-09-19 11:23 - 2012-04-15 20:06 - 00000000 ____D C:\Documents and Settings\bobbie\Application Data\ZoomBrowser EX

==================== Files in the root of some directories =======

2014-04-18 18:23 - 2014-04-18 18:23 - 11239936 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2008-03-02 23:13 - 2016-10-03 17:04 - 0019660 _____ () C:\Documents and Settings\bobbie\Application Data\wklnhst.dat
2016-10-15 21:05 - 2016-10-15 21:05 - 1196899 _____ () C:\Documents and Settings\bobbie\Local Settings\Application Data\ars.cache
2016-10-15 21:09 - 2016-10-15 21:09 - 0985843 _____ () C:\Documents and Settings\bobbie\Local Settings\Application Data\census.cache
2008-06-15 13:57 - 2016-10-15 23:21 - 0020480 _____ () C:\Documents and Settings\bobbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-15 19:43 - 2016-10-15 19:43 - 0000036 _____ () C:\Documents and Settings\bobbie\Local Settings\Application Data\housecall.guid.cache
2008-08-04 15:00 - 2008-09-15 11:43 - 0000088 __RSH () C:\Documents and Settings\All Users\Application Data\5488DFEFA4.sys
2015-07-15 11:00 - 2015-07-15 11:00 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2008-05-11 14:00 - 2016-02-20 17:14 - 0007800 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2008-08-04 15:00 - 2012-05-10 07:56 - 0003350 ___SH () C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

Files to move or delete:
====================
C:\Documents and Settings\bobbie\g2ax_customer_downloadhelper_win32_x86.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some files in TEMP:
====================
C:\Documents and Settings\bobbie\Local Settings\Temp\Package_en_ww.exe
C:\Documents and Settings\bobbie\Local Settings\Temp\PicasaCD.exe
C:\Documents and Settings\bobbie\Local Settings\Temp\PicasaRestore.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by bobbie (16-10-2016 15:57:00)
Running from C:\Documents and Settings\bobbie\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2008-03-01 22:26:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-793174324-398084167-7186732-500 - Administrator - Enabled)
bobbie (S-1-5-21-793174324-398084167-7186732-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\bobbie
Guest (S-1-5-21-793174324-398084167-7186732-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-793174324-398084167-7186732-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-793174324-398084167-7186732-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan_Carrier (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Photo Navigator 1.0 (HKLM\...\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}) (Version:  - )
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Flickr Uploadr 3.0.5 (HKLM\...\Flickr Uploadr) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Photos Backup (HKU\.DEFAULT\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hearing Music (HKLM\...\Hearing Music) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Hoyle Card Games 2010 (remove only) (HKLM\...\Hoyle Card Games 2010) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Image Zone 4.2 (HKLM\...\HP Photo & Imaging) (Version: 4.2 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
hp LaserJet 1000 (HKLM\...\{975C8028-51D8-44A9-9585-82E9810FE96A}) (Version:  - )
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP PSC & OfficeJet 4.2 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PRO Network Connections 12.1.8.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
L7500 (Version: 140.0.000.000 - Hewlett-Packard) Hidden
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MPM (HKLM\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MPM (HKLM\...\{D48AD533-BAD5-469B-A9AA-272C6D80E70B}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA15}) (Version: 3.56.0 - dotPDN LLC)
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PDF Reader (HKU\S-1-5-21-793174324-398084167-7186732-1006\...\PDF Reader) (Version:  - )
PDF Reader (HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PDF Reader) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.01.09211 - Sony Corporation)
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{BA386F3E-92B8-4B1D-9C2F-E97B3707FE57}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
Quicken 2002 New User Edition (HKLM\...\Quicken 2002 New User Edition) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scrabble Complete (HKLM\...\{B36649A3-D0DD-4706-B042-F5B384529C7A}) (Version:  - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Lightning - EN (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - IPM (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Office 2002 (HKLM\...\WordPerfect Office 2002) (Version:  - )
WordPerfect Office 2002 (Version: 10 - Corel) Hidden
WordPerfect Office X4 (Version: 14.0 - Corel Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1476578319.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\bobbie\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-01-05 10:51 - 2006-08-18 14:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2006-11-05 11:58 - 2006-11-05 11:58 - 00516096 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
2006-11-05 11:28 - 2006-11-05 11:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2008-03-03 15:38 - 2001-08-01 13:30 - 00094208 _____ () C:\Program Files\QUICKENW\QAGENT.EXE
2004-08-10 13:50 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 13:51 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794 [113]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 13:51 - 2010-05-14 17:06 - 00000766 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
192.168.1.127 HP002264ED0E9A

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-793174324-398084167-7186732-1006\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-793174324-398084167-7186732-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-793174324-398084167-7186732-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Dell.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: BuildBU => c:\dell\bldbubg.exe
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Documents and Settings\bobbie\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Documents and Settings\bobbie\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [D:\setup\HPZNET01.EXE] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: [D:\setup\HPONICIFS01.EXE] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spoolsv.exe] => Enabled:Spooler SubSystem App
StandardProfile\AuthorizedApplications: [C:\WINDOWS\explorer.exe] => Enabled:Windows Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Infogrames Interactive\Scrabble Complete\ScrabbleComplete.exe] => Enabled:Scrabble Complete
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dplaysvr.exe] => Disabled:Microsoft DirectPlay Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP ENVY 4500 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP ENVY 4500 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357

==================== Restore Points =========================

18-07-2016 07:30:58 System Checkpoint
19-07-2016 08:31:00 System Checkpoint
20-07-2016 08:34:49 System Checkpoint
21-07-2016 09:31:01 System Checkpoint
22-07-2016 10:30:00 System Checkpoint
23-07-2016 10:42:10 System Checkpoint
24-07-2016 11:30:09 System Checkpoint
25-07-2016 12:30:10 System Checkpoint
26-07-2016 13:29:09 System Checkpoint
27-07-2016 13:30:12 System Checkpoint
28-07-2016 13:41:07 System Checkpoint
29-07-2016 14:32:56 System Checkpoint
30-07-2016 15:20:09 System Checkpoint
31-07-2016 16:01:12 System Checkpoint
01-08-2016 17:00:08 System Checkpoint
02-08-2016 18:00:12 System Checkpoint
03-08-2016 18:59:08 System Checkpoint
04-08-2016 19:59:09 System Checkpoint
05-08-2016 20:43:00 System Checkpoint
06-08-2016 21:43:00 System Checkpoint
07-08-2016 21:52:34 System Checkpoint
08-08-2016 22:43:00 System Checkpoint
09-08-2016 23:41:18 System Checkpoint
10-08-2016 03:00:24 Software Distribution Service 3.0
11-08-2016 03:41:59 System Checkpoint
12-08-2016 03:53:59 System Checkpoint
13-08-2016 04:41:26 System Checkpoint
14-08-2016 05:41:23 System Checkpoint
15-08-2016 06:41:23 System Checkpoint
16-08-2016 07:51:31 System Checkpoint
17-08-2016 08:41:24 System Checkpoint
18-08-2016 08:50:24 System Checkpoint
19-08-2016 08:51:46 System Checkpoint
20-08-2016 09:40:09 System Checkpoint
21-08-2016 10:40:09 System Checkpoint
22-08-2016 11:40:11 System Checkpoint
23-08-2016 12:40:11 System Checkpoint
24-08-2016 12:41:16 System Checkpoint
25-08-2016 13:38:03 System Checkpoint
26-08-2016 14:38:02 System Checkpoint
27-08-2016 15:36:44 System Checkpoint
28-08-2016 16:32:18 System Checkpoint
29-08-2016 17:32:18 System Checkpoint
30-08-2016 18:32:19 System Checkpoint
31-08-2016 19:32:20 System Checkpoint
01-09-2016 20:32:19 System Checkpoint
02-09-2016 21:31:44 System Checkpoint
03-09-2016 22:31:20 System Checkpoint
04-09-2016 23:31:23 System Checkpoint
06-09-2016 00:31:22 System Checkpoint
07-09-2016 09:16:41 System Checkpoint
08-09-2016 09:52:53 System Checkpoint
09-09-2016 10:52:53 System Checkpoint
10-09-2016 11:52:53 System Checkpoint
11-09-2016 12:51:56 System Checkpoint
12-09-2016 13:51:55 System Checkpoint
13-09-2016 14:52:58 System Checkpoint
14-09-2016 03:00:24 Software Distribution Service 3.0
15-09-2016 03:50:14 System Checkpoint
16-09-2016 04:50:16 System Checkpoint
17-09-2016 05:50:17 System Checkpoint
18-09-2016 06:50:15 System Checkpoint
19-09-2016 07:50:18 System Checkpoint
20-09-2016 08:50:13 System Checkpoint
21-09-2016 09:49:52 System Checkpoint
22-09-2016 09:56:57 System Checkpoint
23-09-2016 10:56:47 System Checkpoint
24-09-2016 10:57:00 System Checkpoint
25-09-2016 11:58:03 System Checkpoint
26-09-2016 12:13:15 System Checkpoint
27-09-2016 12:44:55 System Checkpoint
28-09-2016 12:46:14 System Checkpoint
29-09-2016 13:44:08 System Checkpoint
30-09-2016 14:56:09 System Checkpoint
01-10-2016 15:45:38 System Checkpoint
02-10-2016 16:43:23 System Checkpoint
03-10-2016 17:44:13 System Checkpoint
04-10-2016 18:42:08 System Checkpoint
05-10-2016 19:41:33 System Checkpoint
06-10-2016 19:50:57 System Checkpoint
07-10-2016 20:41:21 System Checkpoint
08-10-2016 21:41:20 System Checkpoint
09-10-2016 22:41:20 System Checkpoint
10-10-2016 23:40:23 System Checkpoint
12-10-2016 00:40:23 System Checkpoint
12-10-2016 03:00:24 Software Distribution Service 3.0
13-10-2016 03:40:06 System Checkpoint
14-10-2016 04:40:08 System Checkpoint
15-10-2016 05:40:09 System Checkpoint
15-10-2016 19:33:33 Installed Windows XP Wdf01009.
15-10-2016 23:11:23 Restore Operation
15-10-2016 23:46:38 Removed LogMeIn
15-10-2016 23:47:47 Removed LogMeIn Client
16-10-2016 00:03:55 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2016 11:59:52 AM) (Source: Microsoft Office 11) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (08/22/2016 02:50:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/22/2016 02:50:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/22/2016 02:50:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/22/2016 02:50:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/16/2016 07:32:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WksWP.exe, version 8.5.818.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/05/2016 07:16:16 PM) (Source: Microsoft Office 11) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (07/25/2016 11:48:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/25/2016 11:48:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/25/2016 11:48:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (10/15/2016 11:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:48:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:47:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:47:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:47:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:47:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.

Error: (10/15/2016 11:47:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
The specified module could not be found.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 2037.1 MB
Available physical RAM: 1064.45 MB
Total Virtual: 3407.43 MB
Available Virtual: 2587.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.96 GB) (Free:86.52 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (MACRIUM) (Removable) (Total:1.91 GB) (Free:1.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 


  • 0

Advertisements

#2
SleepyDude
Posted 16 October 2016 - 03:15 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,978 posts

Hi,

 

Try to ID the ransomware using http://www.bleepingc...ted-your-files/

 

There are so many that is difficult to keep track!

 

 

Edit: Our colleague Naathim called my attention that the .crypted file extension and the file Decrypt.txt is created by the Nemucod Ransomware that can be decrypted using a tool created by Emisoft http://www.bleepingc...ted-ransomware/


Edited by SleepyDude, 16 October 2016 - 04:28 PM.
Information about decryptor

  • 0

#3
starjax
Posted 16 October 2016 - 09:45 PM

starjax

    Global Moderator

  • Topic Starter
  • Global Moderator
  • 6,678 posts

Thanks Sleepydude.  I finally remembered I have an old xp system in storage that I can boot up and retrieve the unaltered files from that are needed for decrypting.


  • 0

#4
SleepyDude
Posted 17 October 2016 - 02:39 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,978 posts

Thanks Sleepydude.  I finally remembered I have an old xp system in storage that I can boot up and retrieve the unaltered files from that are needed for decrypting.

 

Good. The best way to recover from an infection like that is from any type of backup.


  • 0

#5
starjax
Posted 17 October 2016 - 08:11 PM

starjax

    Global Moderator

  • Topic Starter
  • Global Moderator
  • 6,678 posts

thanks all.  Files decrypted, backed up and new pc on the way. 


  • 0

#6
SleepyDude
Posted 18 October 2016 - 02:19 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,978 posts

thanks all.  Files decrypted, backed up and new pc on the way. 

 

Very good new. :cheers:


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP