Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some sort of Malware/Ransomware


  • This topic is locked This topic is locked
2 replies to this topic

#1 lel1120

lel1120

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 20 April 2016 - 05:30 PM

 hello... My computer was infected on Monday evening (in the middle of the night) I wasn't even on the computer, but the next morning I awoke to a Notepad message with the malware/ransomware...

 
I ran Malwarebytes and have removed the malware/ransomware (I think!) but now all of my files are .crypted
 
I tried the simple task of remaining a few of the file and am able too; but they will not open by just doing that.  
 
I ran the suggested FRST and please see attached Notepad:
 
TIA for any help!!
-Lindsay
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by Lindsay (administrator) on LINDSAY-PC (20-04-2016 15:15:22)
Running from C:\Users\Lindsay\Downloads
Loaded Profiles: Lindsay (Available Profiles: Lindsay)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
( ) C:\Windows\System32\dlcjcoms.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(SwapDrive, Inc.) C:\Program Files\Online Backup\OnlineBackup.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\Hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
() C:\Program Files\Belkin\F1U201.401\usbshare.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\Hp\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2006-12-18] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [675840 2008-08-01] (Sonix)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [BrowserAppCoreService] => C:\Users\Lindsay\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)
HKLM\...\Run: [ATT_McciTrayApp] => "C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [@BackupScheduler] => C:\Program Files\Online Backup\OnlineBackup.exe [611768 2007-09-20] (SwapDrive, Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\Hp\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [GoogleChromeAutoLaunch_992BA959EE9962246D5D731966759E72] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Crypted] => C:\Users\Lindsay\AppData\Local\Temp\a.txt <===== ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [**5b7f285d<*>] => C:\Users\Lindsay\AppData\Local\ywuv\G2uUB.GjHytT <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Umdrmedia] => C:\Users\Lindsay\AppData\Local\Umdrmedia\a2.exe
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [ARCworks] => C:\Windows\System32\regsvr32.exe C:\Users\Lindsay\AppData\Local\Umdrmedia\gkjnyqjd.dll
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Run: [Udqmedia] => regsvr32.exe C:\Users\Lindsay\AppData\Local\Udqmedia\rjkvynws.dll <===== ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\RunOnce: [Application Restart #3] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\MountPoints2: {99a7cd71-5e96-11dc-be60-8000131432f2} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Lindsay\AppData\Local\Umdrmedia\rnlcugwd.dll ATTENTION
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION
 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION
HKU\S-1-5-18\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2007-10-12]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\F1U201.401.lnk [2008-06-13]
ShortcutTarget: F1U201.401.lnk -> C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-10-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2008-03-18]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2008-09-29]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5F65C9C6-74BA-41CE-927B-79616BFA11A0}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1078577255-633202429-3496206462-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKLM -> {61FBACB3-E8CE-4F01-8815-2BC6B991FA77} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
SearchScopes: HKLM -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=4&tid={5348328E-801C-4593-B46A-D695BC064081}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {21A5A706-4507-4BAE-88F8-D6F63671CB22} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {2C7390BE-6D43-4F63-983E-F8AD11424426} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {3A8B0D16-D90D-4090-985E-E3A3D7289769} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {57C89EB0-EF8F-4699-86D5-FE8801218B2C} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {61FBACB3-E8CE-4F01-8815-2BC6B991FA77} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {790880C7-573A-4DAF-9349-BAB2CDE6AF8A} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {9748A70E-2C34-4E6D-B368-81C214721410} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {AD43A510-0817-11DE-A4D6-59A755D89593} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=bfg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078577255-633202429-3496206462-1000 -> {B03AA86A-D1DF-4705-89C1-8BF7BD02F118} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-01-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1078577255-633202429-3496206462-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lindsay\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2007-11-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007-11-30] (Apple Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\f065acs5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2007-11-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-31] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Search by Image (by Google)) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Pin It Button) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1078577255-633202429-3496206462-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddpocmpoechljihmgemoaahhmadaenbc] - <no Path\update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2007-03-28] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2007-03-28] () [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-01-09] (Hewlett-Packard Development Company, L.P.) [File not signed]
S4 dlbf_device; C:\Windows\system32\dlbfcoms.exe [538096 2007-03-09] ( )
R2 dlcj_device; C:\Windows\system32\dlcjcoms.exe [537480 2006-11-17] ( )
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 AT&T Troubleshoot & Resolve; "C:\Program Files\ATT\8.4.1.11\ma\bin\MAHostService.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-04-26] (Oak Technology Inc.) [File not signed]
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [596480 2007-04-10] (Omnivision Technologies, Inc.) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [148992 2006-12-12] (Conexant Systems Inc.) [File not signed]
S3 KLIF; C:\Windows\system32\drivers\klif.sys [148496 2009-03-16] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-04-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 RimSerPort; C:\Windows\System32\DRIVERS\RimSerial.sys [18432 2005-08-16] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482240 2009-06-09] ()
S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [47360 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [47360 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [28032 2009-11-25] (Susteen, Inc.)
R3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [104064 2007-11-25] (Microsoft Corporation) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U2 WZCSVC; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-20 14:54 - 2016-04-20 14:54 - 00000518 ____C C:\Users\Lindsay\Desktop\message.txt
2016-04-20 14:33 - 2016-04-20 14:39 - 00091481 ____C C:\Users\Lindsay\Downloads\Shortcut.txt
2016-04-20 14:13 - 2016-04-20 14:13 - 01726464 ____C (Farbar) C:\Users\Lindsay\Downloads\FRST (2).exe
2016-04-20 13:58 - 2016-04-20 13:58 - 00000829 ____C C:\Users\Lindsay\Desktop\FRST - Shortcut.lnk
2016-04-20 12:20 - 2016-04-20 14:58 - 00337181 ____C C:\Users\Lindsay\Downloads\Addition.txt
2016-04-20 12:17 - 2016-04-20 15:16 - 00030652 ____C C:\Users\Lindsay\Downloads\FRST.txt
2016-04-20 12:15 - 2016-04-20 12:15 - 01726464 ____C (Farbar) C:\Users\Lindsay\Downloads\FRST (1).exe
2016-04-20 12:13 - 2016-04-20 15:15 - 00000000 ___DC C:\FRST
2016-04-20 12:13 - 2016-04-20 12:13 - 01726464 ____C (Farbar) C:\Users\Lindsay\Downloads\FRST.exe
2016-04-20 12:08 - 2016-04-20 12:08 - 01355144 ____C (Emsisoft Ltd) C:\Users\Lindsay\Downloads\decrypt_autolocky.exe
2016-04-20 12:04 - 2016-04-20 12:04 - 00201234 ____C C:\Users\Lindsay\Downloads\py2exe-0.6.9.win32-py2.7.exe
2016-04-20 11:45 - 2016-04-20 11:45 - 00712192 ____C (Cisco Systems Inc.) C:\Users\Lindsay\Downloads\TeslaDecrypter.exe
2016-04-20 11:38 - 2016-04-20 11:38 - 00452424 ____C (Bleeping Computer, LLC) C:\Users\Lindsay\Downloads\ListCWall.exe
2016-04-20 11:38 - 2016-04-20 11:38 - 00001248 ____C C:\Users\Lindsay\Desktop\ListCWall.txt
2016-04-20 11:28 - 2016-04-20 11:28 - 00001682 ____C C:\Users\Lindsay\Desktop\ShadowExplorer.lnk
2016-04-20 11:28 - 2016-04-20 11:28 - 00000000 ___DC C:\Users\Lindsay\AppData\Roaming\www.shadowexplorer.com
2016-04-20 11:28 - 2016-04-20 11:28 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2016-04-20 11:27 - 2016-04-20 11:28 - 00000000 ___DC C:\Program Files\ShadowExplorer
2016-04-20 11:26 - 2016-04-20 11:27 - 00969845 ____C (ShadowExplorer.com ) C:\Users\Lindsay\Downloads\ShadowExplorer-0.9-setup.exe
2016-04-20 09:11 - 2016-04-20 15:13 - 00170200 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 09:08 - 2016-04-20 09:08 - 00000899 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-20 09:08 - 2016-04-20 09:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-20 09:08 - 2016-04-20 09:08 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-04-20 09:08 - 2016-04-20 09:08 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2016-04-20 09:08 - 2016-03-10 14:09 - 00053120 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-20 09:08 - 2016-03-10 14:08 - 00126336 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-20 09:08 - 2016-03-10 14:08 - 00024448 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-20 09:05 - 2016-04-20 09:06 - 22851472 ____C (Malwarebytes ) C:\Users\Lindsay\Downloads\mbam-setup-web.NT-2.2.1.1043.exe
2016-04-19 12:41 - 2016-04-20 15:09 - 00008192 ____C C:\Windows\system32\WDPABKP.dat
2016-04-19 12:38 - 2016-04-20 15:14 - 00006736 ____C C:\Windows\system32\PerfStringBackup.TMP
2016-04-19 12:33 - 2016-04-19 16:30 - 00000000 ___DC C:\Users\Lindsay\AppData\Roaming\Online Backup
2016-04-18 21:05 - 2016-04-18 21:05 - 02236106 ____C C:\Users\Lindsay\Documents\Photograph.jpg.crypted
2016-04-18 21:05 - 2016-04-18 21:05 - 01129722 ____C C:\Users\Lindsay\Documents\Photograph (9).jpg.crypted
2016-04-18 21:05 - 2016-04-18 21:05 - 00585673 ____C C:\Users\Lindsay\Documents\scan0002.jpg.crypted
2016-04-18 21:05 - 2016-04-18 21:05 - 00302986 ____C C:\Users\Lindsay\Documents\Photograph (8).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:05 - 01969674 ____C C:\Users\Lindsay\Documents\Photograph (6).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:05 - 00338858 ____C C:\Users\Lindsay\Documents\Photograph (7).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 41731691 ____C C:\Users\Lindsay\Documents\Sandy Turner Submittal package.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 04855323 ____C C:\Users\Lindsay\Documents\Subcontract Attachments.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 03430618 ____C C:\Users\Lindsay\Documents\W9-signed.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 02336827 ____C C:\Users\Lindsay\Documents\Photograph (14).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01987306 ____C C:\Users\Lindsay\Documents\Photograph (12).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01823770 ____C C:\Users\Lindsay\Documents\Photograph (10).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01485930 ____C C:\Users\Lindsay\Documents\Photograph (13).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01235128 ____C C:\Users\Lindsay\Documents\004.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01176824 ____C C:\Users\Lindsay\Documents\002.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01154584 ____C C:\Users\Lindsay\Documents\003.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01148106 ____C C:\Users\Lindsay\Documents\Photograph (4).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 01145368 ____C C:\Users\Lindsay\Documents\001.JPG.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00920986 ____C C:\Users\Lindsay\Documents\Photograph (3).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00910073 ____C C:\Users\Lindsay\Documents\W9-signed (2).max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00822922 ____C C:\Users\Lindsay\Documents\Social Security no.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00818794 ____C C:\Users\Lindsay\Documents\Photograph (2).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00611578 ____C C:\Users\Lindsay\Documents\Subcontract Attachments (2).max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00508074 ____C C:\Users\Lindsay\Documents\Photograph (11).jpg.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00202314 ____C C:\Users\Lindsay\Documents\Sarah Sanderson Grace.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00186024 ____C C:\Users\Lindsay\Documents\SGS.max.crypted
2016-04-18 21:04 - 2016-04-18 21:04 - 00073290 ____C C:\Users\Lindsay\Documents\Photograph (5).jpg.crypted
2016-04-18 21:03 - 2016-04-18 21:04 - 16578155 ____C C:\Users\Lindsay\Documents\NYE printables.max.crypted
2016-04-18 21:03 - 2016-04-18 21:04 - 00585674 ____C C:\Users\Lindsay\Documents\Sandy Turner II.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 18392603 ____C C:\Users\Lindsay\Documents\Hartley Subcontract Phase.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 15420347 ____C C:\Users\Lindsay\Documents\Greenleaf Ph. 2&3 Lath & Plaster Submittal.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 03113339 ____C C:\Users\Lindsay\Documents\Prevailing Wage Handout.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 02514539 ____C C:\Users\Lindsay\Documents\Housing in Ghana.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01682970 ____C C:\Users\Lindsay\Documents\Parent vendor WAIVER OF LIABILITY & HH Agreement-signed.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01500266 ____C C:\Users\Lindsay\Documents\greenleaf CO #8.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01125256 ____C C:\Users\Lindsay\Documents\HH.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01124026 ____C C:\Users\Lindsay\Documents\Hartley East County Hall of Justice 3.27.15 2.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01119978 ____C C:\Users\Lindsay\Documents\NYE printables (3).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01057130 ____C C:\Users\Lindsay\Documents\greenleaf CO #8 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 01050218 ____C C:\Users\Lindsay\Documents\labels-p4-blanks.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00982058 ____C C:\Users\Lindsay\Documents\greenleaf CO #7 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00980682 ____C C:\Users\Lindsay\Documents\greenleaf CO #6 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00882954 ____C C:\Users\Lindsay\Documents\greenleaf CO #5.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00880522 ____C C:\Users\Lindsay\Documents\greenleaf CO #6.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00875370 ____C C:\Users\Lindsay\Documents\greenleaf CO #7.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00778026 ____C C:\Users\Lindsay\Documents\Greenleaf CO #9.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00630250 ____C C:\Users\Lindsay\Documents\NYE printables (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00599402 ____C C:\Users\Lindsay\Documents\Greenleaf CO #9 (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00585834 ____C C:\Users\Lindsay\Documents\Greenleaf Ph. 2&3 Lath & Plaster Submittal (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00553305 ____C C:\Users\Lindsay\Documents\LOI (2).max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00450920 ____C C:\Users\Lindsay\Documents\LOI.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00319481 ____C C:\Users\Lindsay\Documents\Lego 4.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00318841 ____C C:\Users\Lindsay\Documents\Lego 3.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00311434 ____C C:\Users\Lindsay\Documents\No-Loss-Letter.max.crypted
2016-04-18 21:03 - 2016-04-18 21:03 - 00000134 ____C C:\Users\Lindsay\Documents\K-1.max.crypted
2016-04-18 21:02 - 2016-04-18 21:03 - 01016074 ____C C:\Users\Lindsay\Documents\greenleaf CO #5 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:03 - 00883978 ____C C:\Users\Lindsay\Documents\greenleaf CO #4.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 10450699 ____C C:\Users\Lindsay\Documents\Employee Master File - Part 2 of 2.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 05268539 ____C C:\Users\Lindsay\Documents\Greenleaf - DPI_COR#014R2 Kel-Prime & Acrylic Finish Upgrade.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 03927691 ____C C:\Users\Lindsay\Documents\doc20151214110729.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 03362619 ____C C:\Users\Lindsay\Documents\Green Leaf Change Orders (1).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01916026 ____C C:\Users\Lindsay\Documents\greenleaf CO #2 (2) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01059434 ____C C:\Users\Lindsay\Documents\Greenleaf CO #3 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01053242 ____C C:\Users\Lindsay\Documents\greenleaf CO #3 (2) (2) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01024778 ____C C:\Users\Lindsay\Documents\Greenleaf CO #2 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 01016298 ____C C:\Users\Lindsay\Documents\Green Leaf Change Orders (1) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00999562 ____C C:\Users\Lindsay\Documents\greenleaf CO #4 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00975306 ____C C:\Users\Lindsay\Documents\Green Leaf  CO #1 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00902298 ____C C:\Users\Lindsay\Documents\greenleaf CO #3 (2) (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00891946 ____C C:\Users\Lindsay\Documents\Greenleaf CO #3.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00890314 ____C C:\Users\Lindsay\Documents\Green Leaf  CO #1.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00878634 ____C C:\Users\Lindsay\Documents\Greenleaf CO #2.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00693114 ____C C:\Users\Lindsay\Documents\CleaningChecklistPrintable.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00632138 ____C C:\Users\Lindsay\Documents\Greenleaf CO #10 (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00576586 ____C C:\Users\Lindsay\Documents\Attachments (4).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00545081 ____C C:\Users\Lindsay\Documents\Attachments.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00538122 ____C C:\Users\Lindsay\Documents\6-30-15 Cahill pg 2.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00495434 ____C C:\Users\Lindsay\Documents\5-28-15 Cahill.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00480874 ____C C:\Users\Lindsay\Documents\Greenleaf CO #10.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00424490 ____C C:\Users\Lindsay\Documents\Attachments (5).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00395434 ____C C:\Users\Lindsay\Documents\Attachments (3).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00393898 ____C C:\Users\Lindsay\Documents\Attachments (6).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00391754 ____C C:\Users\Lindsay\Documents\Attachments (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000216 ____C C:\Users\Lindsay\Documents\GENERAL TERMS AND CONDITIONS - ALL Trees.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000216 ____C C:\Users\Lindsay\Documents\GENERAL TERMS AND CONDITIONS - ALL Trees (2).max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000182 ____C C:\Users\Lindsay\Documents\Drywall Bay Area 010115.max.crypted
2016-04-18 21:02 - 2016-04-18 21:02 - 00000182 ____C C:\Users\Lindsay\Documents\Drywall Bay Area 010115 (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:02 - 00855801 ____C C:\Users\Lindsay\Documents\2015 Certs.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 23345610 ____C C:\Users\Lindsay\Documents\Document (8).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 15444603 ____C C:\Users\Lindsay\Documents\11-20-2014 Employer Enrollment Appilcation.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 05276682 ____C C:\Users\Lindsay\Documents\Document (4).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 03459657 ____C C:\Users\Lindsay\Documents\#6-#9.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 02811499 ____C C:\Users\Lindsay\Documents\Document (8) (2).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 01340201 ____C C:\Users\Lindsay\Documents\Document (7).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 01153753 ____C C:\Users\Lindsay\Documents\Document (9).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00921401 ____C C:\Users\Lindsay\Documents\Document (6).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00766426 ____C C:\Users\Lindsay\Documents\101790265-Quatrefoil-Monogram-Papaya-Peach.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00694857 ____C C:\Users\Lindsay\Documents\Document (5).pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00653802 ____C C:\Users\Lindsay\Documents\2015 Certs (2) (3).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00620810 ____C C:\Users\Lindsay\Documents\2015 Certs (2) (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00612074 ____C C:\Users\Lindsay\Documents\2015 Certs (3).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00524650 ____C C:\Users\Lindsay\Documents\2015 Certs (4).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00460552 ____C C:\Users\Lindsay\Documents\1R.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00460296 ____C C:\Users\Lindsay\Documents\1.max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00383466 ____C C:\Users\Lindsay\Documents\2015 Certs (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00177145 ____C C:\Users\Lindsay\Documents\Document.pdf.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00000248 ____C C:\Users\Lindsay\Documents\2012-07-31 - GENERAL TERMS AND CONDITIONS - ALL Trees (2).max.crypted
2016-04-18 21:01 - 2016-04-18 21:01 - 00000232 ____C C:\Users\Lindsay\Documents\2012-07-31 - GENERAL TERMS AND CONDITIONS - ALL Trees.max.crypted
2016-04-18 21:00 - 2016-04-18 21:01 - 24264474 ____C C:\Users\Lindsay\Documents\Document (14).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:01 - 02027753 ____C C:\Users\Lindsay\Documents\Document (3).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 03442650 ____C C:\Users\Lindsay\Documents\Document (15).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 01503609 ____C C:\Users\Lindsay\Documents\Document (12).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 01491129 ____C C:\Users\Lindsay\Documents\Document (13).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00564169 ____C C:\Users\Lindsay\Documents\Document (10).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00531929 ____C C:\Users\Lindsay\Documents\Document (11).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00095513 ____C C:\Users\Lindsay\Documents\Document (2).pdf.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00053978 ____C C:\Users\Lindsay\Documents\Happy birthday Johnny.doc.crypted
2016-04-18 21:00 - 2016-04-18 21:00 - 00024248 ____C C:\Users\Lindsay\Documents\tat.doc.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00418345 ____C C:\Users\Lindsay\Desktop\Warriors.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00285626 ____C C:\Users\Lindsay\Desktop\Warriors 3 x 2.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00196648 ____C C:\Users\Lindsay\Desktop\shaw.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00154490 ____C C:\Users\Lindsay\Desktop\wired_california_drought_guide1-1024x576.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00109514 ____C C:\Users\Lindsay\Desktop\CLAYTON-VALLEY-Little-League.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00084954 ____C C:\Users\Lindsay\Desktop\CLAYTON-VALLEY-Little-League1.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00069497 ____C C:\Users\Lindsay\Desktop\Capture.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00069018 ____C C:\Users\Lindsay\Desktop\Giants-baseball-for-post.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00062297 ____C C:\Users\Lindsay\Desktop\swim 2015.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00050666 ____C C:\Users\Lindsay\Desktop\clip-art-spongebob-491292.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00049081 ____C C:\Users\Lindsay\Desktop\Capture2.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00046841 ____C C:\Users\Lindsay\Desktop\Save-the-Date.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00044602 ____C C:\Users\Lindsay\Desktop\salvador-dali-the-elephants-4360.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00038409 ____C C:\Users\Lindsay\Desktop\procserv (1).jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00035385 ____C C:\Users\Lindsay\Desktop\procserv (2).jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00032777 ____C C:\Users\Lindsay\Desktop\procserv.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00025001 ____C C:\Users\Lindsay\Desktop\Capturek.JPG.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00020266 ____C C:\Users\Lindsay\Desktop\Little League Logo New.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00012872 ____C C:\Users\Lindsay\Desktop\img-thing.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00011288 ____C C:\Users\Lindsay\Desktop\download.jpg.crypted
2016-04-18 20:13 - 2016-04-18 20:13 - 00006568 ____C C:\Users\Lindsay\Desktop\download (1).jpg.crypted
2016-04-18 20:12 - 2016-04-18 20:13 - 00026057 ____C C:\Users\Lindsay\Desktop\Award 4.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 15333515 ____C C:\Users\Lindsay\Desktop\TimeManagementPrintableKit.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01399290 ____C C:\Users\Lindsay\Desktop\OrganizingChallengeProjectPrintable.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01327785 ____C C:\Users\Lindsay\Desktop\EV 2-2-16.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01298970 ____C C:\Users\Lindsay\Desktop\Scan14-06-13 1405.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 01193882 ____C C:\Users\Lindsay\Desktop\Signed Subcontract with prices 6-22-15.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00616138 ____C C:\Users\Lindsay\Desktop\Etsy_10134009917.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00382698 ____C C:\Users\Lindsay\Desktop\Revised Greenleaf Phase 2 & 3 Plaster Proposal.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00372538 ____C C:\Users\Lindsay\Desktop\Oakland Civic Center.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00303336 ____C C:\Users\Lindsay\Desktop\SSG.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00199706 ____C C:\Users\Lindsay\Desktop\CVLL_Volunteer_Refund_Form_2015.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00197690 ____C C:\Users\Lindsay\Desktop\CVLL_Volunteer_Refund_Form_2015-mcnally.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00185418 ____C C:\Users\Lindsay\Desktop\Drywall_Current_Rates.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00154762 ____C C:\Users\Lindsay\Desktop\McNally-WCSpringClinicRegistrationform2016.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00117961 ____C C:\Users\Lindsay\Desktop\Project1.mpp.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00081690 ____C C:\Users\Lindsay\Desktop\OUSD Whittier Rack 1-28-15.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00076745 ____C C:\Users\Lindsay\Desktop\Plaster Rates.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00070506 ____C C:\Users\Lindsay\Desktop\Little_League_Day___A_s___SF_Giants.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00060250 ____C C:\Users\Lindsay\Desktop\My Subcontractor Agreement.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00053162 ____C C:\Users\Lindsay\Desktop\My Account - Nationwide.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00024714 ____C C:\Users\Lindsay\Desktop\dmv_registration_hold_dispute.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00022121 ____C C:\Users\Lindsay\Desktop\Award 1.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00021274 ____C C:\Users\Lindsay\Desktop\Grace-CA report.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00021065 ____C C:\Users\Lindsay\Desktop\Award 2.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00020360 ____C C:\Users\Lindsay\Desktop\Will.pdf
2016-04-18 20:12 - 2016-04-18 20:12 - 00019353 ____C C:\Users\Lindsay\Desktop\Award 3.JPG.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00017993 ____C C:\Users\Lindsay\Desktop\Save the Date.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00016665 ____C C:\Users\Lindsay\Desktop\Time Keeper.pdf.crypted
2016-04-18 20:12 - 2016-04-18 20:12 - 00008073 ____C C:\Users\Lindsay\Desktop\Drywall Bay Area 010115.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:12 - 00181002 ____C C:\Users\Lindsay\Desktop\Carpenters_Current_Rates.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:12 - 00045640 ____C C:\Users\Lindsay\Desktop\Bid.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 30353611 ____C C:\Users\Lindsay\Desktop\Nathaniel Hartley.ZIP.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 03071579 ____C C:\Users\Lindsay\Desktop\Aronuna 7-2-14 (2).pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 01315034 ____C C:\Users\Lindsay\Desktop\5-30-14 sketch.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00338650 ____C C:\Users\Lindsay\Desktop\Aronuna 7-2-14.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00200378 ____C C:\Users\Lindsay\Desktop\2015-2016 Drywall.Lathing Wage Card.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00183130 ____C C:\Users\Lindsay\Desktop\Aronuna 7-2-14.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00089866 ____C C:\Users\Lindsay\Desktop\McNally-WCSpringClinicRegistrationform2016.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00083658 ____C C:\Users\Lindsay\Desktop\5-1-15 receipt.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00031928 ____C C:\Users\Lindsay\Desktop\Bid.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00026330 ____C C:\Users\Lindsay\Desktop\Grace-CA report.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00024265 ____C C:\Users\Lindsay\Desktop\Save the Date.doc.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00021033 ____C C:\Users\Lindsay\Desktop\2015 Rates.pdf.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00016585 ____C C:\Users\Lindsay\Desktop\2015 Rates.xls.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00016072 ____C C:\Users\Lindsay\Desktop\Time Keeper.xls.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00012409 ____C C:\Users\Lindsay\Desktop\Giants - FarmB Practice - Revised.xlsx.crypted
2016-04-18 20:11 - 2016-04-18 20:11 - 00010793 ____C C:\Users\Lindsay\Desktop\Farm_B Giants - parents copy.xlsx.crypted
2016-04-18 12:15 - 2016-04-20 10:57 - 00000000 ___DC C:\Users\Lindsay\AppData\Local\Umdrmedia
2016-03-28 10:36 - 2016-03-28 10:36 - 00000000 ___DC C:\Program Files\Common Files\Java
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-20 15:14 - 2006-11-02 04:18 - 00000000 ___DC C:\Windows\inf
2016-04-20 15:11 - 2010-11-19 11:41 - 00000437 ____C C:\Windows\system32\Drivers\etc\hosts.ics
2016-04-20 15:08 - 2010-03-26 10:17 - 00000882 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 15:06 - 2006-11-02 06:01 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-04-20 15:06 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 15:06 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 15:01 - 2007-09-07 19:37 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-04-20 15:01 - 2006-11-02 06:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-20 14:56 - 2010-03-26 10:17 - 00000886 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 14:03 - 2012-04-26 15:55 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-20 11:59 - 2016-01-11 18:37 - 00000000 ___DC C:\Users\Lindsay\Desktop\Divorce
2016-04-20 11:00 - 2011-09-27 17:43 - 00000000 ___DC C:\Program Files\Upromise
2016-04-20 11:00 - 2006-11-02 04:18 - 00000000 ___DC C:\Windows\tapi
2016-04-20 10:57 - 2015-02-19 14:03 - 00000000 ___DC C:\Program Files\EliteUnzip
2016-04-20 10:57 - 2012-04-23 10:39 - 00000000 ___DC C:\ProgramData\InstallMate
2016-04-19 12:44 - 2007-09-07 07:56 - 00000000 ___DC C:\Users\Lindsay
2016-04-19 12:38 - 2015-11-18 13:12 - 00000000 ___DC C:\Users\Lindsay\AppData\Local\IIIQ
2016-04-19 12:25 - 2007-10-06 21:52 - 00000000 ___DC C:\Windows\Minidump
2016-04-19 11:32 - 2011-05-18 10:22 - 00000000 ___DC C:\ProgramData\Motive
2016-04-19 11:15 - 2011-05-18 10:21 - 00000000 ___DC C:\Program Files\ATT
2016-04-18 21:27 - 2011-02-15 15:33 - 00000000 ___DC C:\Users\Lindsay\Documents\Rosetta Stone
2016-04-18 21:27 - 2009-02-10 15:24 - 00000000 ___DC C:\Users\Lindsay\Documents\My Scans
2016-04-18 21:06 - 2011-01-31 17:53 - 00000000 ___DC C:\Users\Lindsay\Documents\2011-01-31 Deck's 1st Birthday
2016-04-18 21:00 - 2015-02-27 14:40 - 00000000 ___DC C:\Users\Lindsay\Desktop\WCPS 2015 Auction
2016-04-18 20:59 - 2014-04-22 14:51 - 00000000 ___DC C:\Users\Lindsay\Desktop\To Recycle
2016-04-18 20:56 - 2015-01-25 11:47 - 00000000 ___DC C:\Users\Lindsay\Desktop\Sweet Ellie
2016-04-18 20:15 - 2008-02-25 13:44 - 00000000 ___DC C:\Users\Lindsay\Desktop\Random
2016-04-18 20:14 - 2016-02-08 12:01 - 00000000 ___DC C:\Users\Lindsay\Desktop\Grace
2016-04-18 20:14 - 2014-04-22 14:28 - 00000000 ___DC C:\Users\Lindsay\Desktop\Chore Charts
2016-04-18 20:14 - 2013-12-06 14:32 - 00000000 ___DC C:\Users\Lindsay\Desktop\Budget
2016-04-18 20:14 - 2013-12-06 12:15 - 00000000 ___DC C:\Users\Lindsay\Desktop\Games
2016-04-18 18:43 - 2012-04-30 10:44 - 00000000 ___DC C:\Thirty One
2016-04-18 18:41 - 2008-03-19 12:55 - 00000000 ___DC C:\Stan
2016-04-18 18:40 - 2009-03-05 14:36 - 00000000 ___DC C:\SLEB
2016-04-18 18:39 - 2010-11-15 14:10 - 00000000 ___DC C:\School
2016-04-18 18:38 - 2015-12-17 16:56 - 00000000 ___DC C:\Project Photos
2016-04-18 16:38 - 2008-05-12 12:36 - 00000000 ___DC C:\Photos
2016-04-18 16:32 - 2007-09-12 14:09 - 00000000 ___DC C:\Office Documents
2016-04-18 16:29 - 2009-03-01 11:31 - 00000000 ___DC C:\Mom
2016-04-18 16:27 - 2007-10-05 10:50 - 00000000 ___DC C:\Mark
2016-04-18 16:15 - 2007-11-16 13:57 - 00000000 ___DC C:\Marie
2016-04-18 16:11 - 2010-04-08 13:22 - 00000000 ___DC C:\Hartley Construction Inc
2016-04-18 16:09 - 2009-07-01 14:00 - 00000000 ___DC C:\MA Lindquist
2016-04-18 15:51 - 2013-04-10 11:44 - 00000000 ___DC C:\Desert Olive Nursery
2016-04-18 15:47 - 2007-10-04 11:53 - 00000000 ___DC C:\Lindsay
2016-04-18 15:40 - 2012-02-14 23:10 - 00000000 ___DC C:\John
2016-04-18 15:39 - 2010-11-04 10:03 - 00000000 ___DC C:\IRS
2016-04-18 15:37 - 2011-05-31 15:22 - 00000000 ___DC C:\Insurance
2016-04-18 15:16 - 2013-10-24 12:26 - 02221411 ___HC C:\Users\Lindsay\Documents\PP11Thumbs.ptn
2016-04-18 15:10 - 2013-10-24 12:29 - 00002236 ___HC C:\Users\Lindsay\Documents\PP11Thumbs.ptn2
2016-04-18 13:59 - 2013-09-16 13:58 - 00000000 ___DC C:\California Flight Academy
2016-04-18 13:59 - 2012-10-16 14:11 - 00000000 ___DC C:\Blog
2016-04-18 13:59 - 2008-11-04 16:25 - 00000000 ___DC C:\CSLB
2016-04-18 13:59 - 2008-08-08 11:16 - 00000000 ___DC C:\Corporate
2016-04-18 13:57 - 2008-05-07 12:19 - 00000000 ___DC C:\Bank
2016-04-18 13:53 - 2008-08-08 10:50 - 00000000 ___DC C:\Accounting
2016-04-18 13:49 - 2015-01-12 12:51 - 00000000 ___DC C:\2015 Projects
2016-04-18 13:46 - 2013-03-20 15:18 - 00000000 ___DC C:\2013
2016-04-18 13:39 - 2012-07-03 18:10 - 00000000 ___DC C:\2012 Projects
2016-04-18 13:37 - 2013-12-06 11:47 - 00000000 ___DC C:\2011 Projects
2016-04-18 13:34 - 2010-05-21 16:47 - 00000000 ___DC C:\2010 Projects
2016-04-18 13:18 - 2008-05-06 10:53 - 00000000 ___DC C:\1701 energy
2016-04-08 15:13 - 2012-11-12 11:45 - 00001983 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 14:04 - 2012-04-26 15:55 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-07 14:04 - 2011-05-31 10:15 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-06 17:15 - 2007-09-08 03:49 - 00000000 ___DC C:\Users\Lindsay\AppData\Local\ApplicationHistory
2016-03-28 10:40 - 2013-11-08 16:48 - 00000000 ___DC C:\ProgramData\Oracle
2016-03-28 10:37 - 2014-11-06 16:59 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-28 10:37 - 2007-04-19 12:43 - 00000000 ___DC C:\Program Files\Java
2016-03-28 10:35 - 2015-10-06 11:25 - 00000000 ___DC C:\Users\Lindsay\.oracle_jre_usage
2016-03-28 10:34 - 2014-11-06 16:59 - 00095808 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
 
==================== Files in the root of some directories =======
 
2007-11-30 12:26 - 2011-07-25 12:04 - 0025493 ____C () C:\Users\Lindsay\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-02-16 23:39 - 2010-12-13 14:45 - 0012951 ____C () C:\Users\Lindsay\AppData\Roaming\Comma Separated Values (Windows).CAL
2008-12-30 18:15 - 2008-12-30 18:33 - 0002528 ____C () C:\Users\Lindsay\AppData\Roaming\mindhabits.dat
2009-05-13 09:29 - 2011-03-31 08:58 - 0000066 ____C () C:\Users\Lindsay\AppData\Roaming\wklnhst.dat
2007-09-07 08:14 - 2007-09-07 08:14 - 0000000 ____C () C:\Users\Lindsay\AppData\Local\AtStart.txt
2016-03-15 10:22 - 2016-03-15 10:22 - 0000000 ___HC () C:\Users\Lindsay\AppData\Local\BIT59AC.tmp
2007-09-07 08:38 - 2015-03-06 14:53 - 0053760 ____C () C:\Users\Lindsay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-07 08:14 - 2007-09-07 08:14 - 0000000 ____C () C:\Users\Lindsay\AppData\Local\DSwitch.txt
2007-09-11 00:19 - 2007-09-11 00:19 - 0000095 ____C () C:\Users\Lindsay\AppData\Local\fusioncache.dat
2007-09-07 08:14 - 2007-09-07 08:14 - 0000000 ____C () C:\Users\Lindsay\AppData\Local\QSwitch.txt
2009-02-14 17:28 - 2009-02-16 22:07 - 0029290 ____C () C:\Users\Lindsay\AppData\Local\slot1.mm1
2009-10-19 12:00 - 2009-10-19 12:00 - 0000059 ____C () C:\Users\Lindsay\AppData\Local\Tempdir
2015-03-20 14:58 - 2015-03-20 14:58 - 0000057 ____C () C:\ProgramData\Ament.ini
2008-09-07 09:48 - 2008-09-07 09:48 - 0000056 ___HC () C:\ProgramData\ezsidmv.dat
2007-04-19 12:04 - 2012-11-03 09:40 - 0015051 ____C () C:\ProgramData\hpzinstall.log
2016-03-01 13:34 - 2016-03-01 14:17 - 0000301 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-11-07 20:33 - 2012-11-07 20:33 - 0007265 ____C () C:\ProgramData\N360BUOptions.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-20 15:19
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 20 April 2016 - 10:26 PM

Duplicate.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 20 April 2016 - 10:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users