Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast realtime shield constantly pops up infections when connected to internet


  • This topic is locked This topic is locked
18 replies to this topic

#1 bige75

bige75

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 December 2014 - 05:01 PM

Hello everyone,

 

LighthouseParty had been trying to help me with my problem and suggested that I would post here as he did everything he could to help. Here is our threat link to see what he tried - http://www.bleepingcomputer.com/forums/t/558159/computer-running-slowly-antivirus-constantly-scanning/#entry3555990

 

I have posted my DDS info below. Thanks for anyone who can help.

 

Eric

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by mark at 16:46:36 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4343 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Fore! Reservations\4MCServ.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\WUDFHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRYSTA~1.LNK - C:\windows\Installer\{5057D84D-0E68-4FB1-8F39-843F385FE13D}\CrystalLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{387ACC59-B6BF-455B-9166-C1503C599DDD} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{B887EEA2-F950-4B30-A0FE-1D77DEA694B5} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{B887EEA2-F950-4B30-A0FE-1D77DEA694B5}\25F626723702745756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{B887EEA2-F950-4B30-A0FE-1D77DEA694B5}\47F646460286F6573756 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{B887EEA2-F950-4B30-A0FE-1D77DEA694B5}\849454 : DHCPNameServer = 65.24.0.168 65.24.0.169
TCP: Interfaces\{B887EEA2-F950-4B30-A0FE-1D77DEA694B5}\84F4D454D224036423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B887EEA2-F950-4B30-A0FE-1D77DEA694B5}\D4453445E45445 : DHCPNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-8-22 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-8-22 267632]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2012-3-12 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2012-3-12 436624]
R2 4MCServe;Fore! Reservations PMS Remoting Server;C:\Program Files (x86)\Fore! Reservations\4MCServ.exe [2013-4-24 53952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-31 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-8-6 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-3-12 83280]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-2-12 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-30 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-31 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-20 1871160]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-8-19 1248256]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-1 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2655768]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-30 271752]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-30 4012248]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-1-31 176096]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-1 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-31 406632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-18 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-11-20 129752]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-9 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-1 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-11-4 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-11-9 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-11-9 1255736]
S4 POSPerformanceCounters;Point Of Service Performance Counters;C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [2008-2-29 42056]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-02 18:42:23    --------    d-----w-    C:\windows\ERUNT
2014-12-02 18:20:26    --------    d-----w-    C:\AdwCleaner
2014-11-30 19:30:59    43152    ----a-w-    C:\windows\avastSS.scr
2014-11-21 15:23:26    --------    d-----w-    C:\ProgramData\OagyUjitc
2014-11-21 15:23:07    --------    d-----w-    C:\ProgramData\HosoWinez
2014-11-20 15:01:07    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-20 15:00:54    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-11-20 15:00:54    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-11-20 15:00:54    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-11-18 22:18:31    --------    d-s---w-    C:\windows\SysWow64\Microsoft
2014-11-18 18:45:50    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F25B00B6-73BF-4649-8D74-534DE0B18B0B}\mpengine.dll
2014-11-18 18:25:11    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-11-18 18:25:10    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-11-18 18:25:09    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-11-18 18:25:09    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-11-18 18:25:08    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-11-18 18:25:08    241152    ----a-w-    C:\windows\System32\pku2u.dll
2014-11-18 18:25:08    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-11-18 18:25:08    186880    ----a-w-    C:\windows\SysWow64\pku2u.dll
2014-11-18 18:23:59    1016832    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-18 18:23:53    1882624    ----a-w-    C:\windows\System32\msxml3.dll
2014-11-18 18:23:52    2048    ----a-w-    C:\windows\SysWow64\msxml3r.dll
2014-11-18 18:23:52    2048    ----a-w-    C:\windows\System32\msxml3r.dll
2014-11-18 18:23:52    1237504    ----a-w-    C:\windows\SysWow64\msxml3.dll
2014-11-18 18:17:23    77824    ----a-w-    C:\windows\System32\packager.dll
2014-11-18 18:17:23    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-11-18 18:16:45    861696    ----a-w-    C:\windows\System32\oleaut32.dll
2014-11-18 18:16:44    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-11-18 00:43:25    --------    d-----w-    C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-18 00:42:23    --------    d-----w-    C:\ProgramData\NortonInstaller
2014-11-18 00:42:23    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2014-11-18 00:09:35    --------    d-----w-    C:\NPE
2014-11-18 00:06:30    --------    d-----w-    C:\Users\mark\AppData\Local\NPE
2014-11-18 00:06:30    --------    d-----w-    C:\ProgramData\Norton
2014-11-17 12:48:56    --------    d-----w-    C:\Users\mark\AppData\Local\SoftThinks
2014-11-16 03:07:39    --------    d-sh--w-    C:\Users\mark\AppData\Local\EmieBrowserModeList
2014-11-15 19:28:42    --------    d-----w-    C:\windows\SysWow64\vbox
2014-11-15 19:28:42    --------    d-----w-    C:\windows\System32\vbox
2014-11-15 17:45:16    --------    d-----w-    C:\Users\mark\AppData\Roaming\AppData
2014-11-14 23:40:23    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-11-14 23:40:23    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-14 23:40:05    --------    d-----w-    C:\Users\mark\AppData\Local\Programs
2014-11-14 22:52:46    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-11-04 13:43:24    2777088    ----a-w-    C:\windows\System32\msmpeg2vdec.dll
2014-11-04 13:43:24    2285056    ----a-w-    C:\windows\SysWow64\msmpeg2vdec.dll
2014-11-04 13:40:45    7168    ----a-w-    C:\windows\SysWow64\KBDYAK.DLL
2014-11-04 13:36:22    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-11-04 13:36:22    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M  ====================
.
2014-11-30 19:31:34    1050432    ----a-w-    C:\windows\System32\drivers\aswsnx.sys
2014-11-30 19:31:01    267632    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2014-11-30 19:31:01    116728    ----a-w-    C:\windows\System32\drivers\aswStm.sys
2014-11-30 19:31:00    93568    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2014-11-30 19:31:00    83280    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2014-11-30 19:31:00    65776    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2014-11-30 19:31:00    29208    ----a-w-    C:\windows\System32\drivers\aswHwid.sys
2014-11-06 04:04:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-04 19:30:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-09-29 00:58:48    3198976    ----a-w-    C:\windows\System32\win32k(142).sys
2014-09-25 02:08:38    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-09-19 01:41:55    2796032    ----a-w-    C:\windows\System32\iertutil(128).dll
2014-09-19 00:55:50    2187264    ----a-w-    C:\windows\SysWow64\iertutil(144).dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\windows\System32\wininet(143).dll
2014-09-19 00:14:19    1447936    ----a-w-    C:\windows\System32\urlmon(140).dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\windows\SysWow64\wininet(148).dll
2014-09-18 23:53:45    1190400    ----a-w-    C:\windows\SysWow64\urlmon(147).dll
2014-09-18 02:00:42    3241472    ----a-w-    C:\windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\windows\SysWow64\rastls.dll
.
============= FINISH: 16:47:32.98 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 06 December 2014 - 12:52 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 06 December 2014 - 01:20 PM

RPMcMurphy,

 

Thanks for taking a look at my problem and helping me fix it.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by mark (administrator) on MARKLAPTOP on 06-12-2014 13:11:05
Running from C:\Users\mark\Desktop
Loaded Profile: mark (Available profiles: mark & Gracie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Fore! Reservations Technology, LLC) C:\Program Files (x86)\Fore! Reservations\4MCServ.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-30] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\MountPoints2: {3150260c-efe9-11e3-8d57-4ceb42177626} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\MountPoints2: {48dc843c-9821-11e3-a402-4ceb42177626} - E:\LaunchU3.exe
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\MountPoints2: {7e191074-7c70-11e3-b6cf-4ceb42177626} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\MountPoints2: {b55048ce-ca3d-11e3-b8d1-4ceb42177626} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-960464898-619390684-407403647-1000\...\MountPoints2: {daf7a732-3b1d-11e3-84ee-4ceb42177626} - E:\ToolLauncher-Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Crystal Reports Loader.lnk
ShortcutTarget: Crystal Reports Loader.lnk -> C:\Windows\Installer\{5057D84D-0E68-4FB1-8F39-843F385FE13D}\CrystalLoader.exe (Fore! Reservations Technology, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-960464898-619390684-407403647-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-12]
FF HKU\S-1-5-21-960464898-619390684-407403647-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.ask.com/?l=dis&o=15119cr
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-20]
CHR Extension: (YouTube) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-12]
CHR Extension: (Google Search) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-12]
CHR Extension: (Avast Online Security) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 4MCServe; C:\Program Files (x86)\Fore! Reservations\4MCServ.exe [53952 2013-04-24] (Fore! Reservations Technology, LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\mark\AppData\Local\Temp\7zS29F4\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 POSPerformanceCounters; C:\Program Files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [42056 2008-02-29] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-12-21] (MCCI Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-30] (Avast Software)
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S3 cleanhlp; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 13:11 - 2014-12-06 13:11 - 00020814 _____ () C:\Users\mark\Desktop\FRST.txt
2014-12-06 13:10 - 2014-12-06 13:11 - 00000000 ____D () C:\FRST
2014-12-06 13:06 - 2014-12-06 13:05 - 02119168 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe
2014-12-06 13:05 - 2014-12-06 13:05 - 00000197 _____ () C:\windows\system32\2014-12-06-18-05-08.061-AvastVBoxSVC.exe-2216.log
2014-12-05 23:52 - 2014-12-05 23:52 - 00000197 _____ () C:\windows\system32\2014-12-06-04-52-05.023-AvastVBoxSVC.exe-1980.log
2014-12-05 23:36 - 2014-12-05 23:36 - 00000197 _____ () C:\windows\system32\2014-12-06-04-36-22.069-AvastVBoxSVC.exe-3260.log
2014-12-05 22:58 - 2014-12-05 22:58 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-05 22:26 - 2014-12-05 23:47 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:26 - 233663808 _____ (Emsisoft GmbH ) C:\Users\mark\Downloads\EmsisoftAntiMalwareSetup.exe
2014-12-05 21:46 - 2014-12-05 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-05 21:45 - 2014-12-05 22:00 - 00000000 ____D () C:\Users\mark\Desktop\mbar
2014-12-05 21:41 - 2014-12-05 21:44 - 16448208 _____ (Malwarebytes Corp.) C:\Users\mark\Downloads\mbar-1.08.2.1001.exe
2014-12-04 21:22 - 2014-12-04 21:22 - 00000197 _____ () C:\windows\system32\2014-12-05-02-22-04.019-AvastVBoxSVC.exe-3520.log
2014-12-03 22:06 - 2014-12-03 22:06 - 00000197 _____ () C:\windows\system32\2014-12-04-03-06-05.027-AvastVBoxSVC.exe-2472.log
2014-12-03 13:14 - 2014-12-03 13:14 - 00000197 _____ () C:\windows\system32\2014-12-03-18-14-19.031-AvastVBoxSVC.exe-3852.log
2014-12-03 08:50 - 2014-12-03 08:50 - 00000197 _____ () C:\windows\system32\2014-12-03-13-50-05.086-AvastVBoxSVC.exe-4224.log
2014-12-02 22:49 - 2014-12-02 22:49 - 00000197 _____ () C:\windows\system32\2014-12-03-03-49-41.091-AvastVBoxSVC.exe-4108.log
2014-12-02 16:38 - 2014-12-02 16:38 - 00688992 ____R (Swearware) C:\Users\mark\Desktop\dds.com
2014-12-02 16:07 - 2014-12-02 16:07 - 00025414 _____ () C:\Users\mark\Desktop\advastscan.txt
2014-12-02 14:43 - 2014-12-02 14:43 - 00000197 _____ () C:\windows\system32\2014-12-02-19-43-50.046-AvastVBoxSVC.exe-3164.log
2014-12-02 14:01 - 2014-12-02 14:01 - 00000910 _____ () C:\Users\mark\Desktop\JRT.txt
2014-12-02 13:42 - 2014-12-02 13:42 - 00000000 ____D () C:\windows\ERUNT
2014-12-02 13:35 - 2014-12-02 13:35 - 00000197 _____ () C:\windows\system32\2014-12-02-18-35-39.022-AvastVBoxSVC.exe-3656.log
2014-12-02 13:20 - 2014-12-02 13:27 - 00000000 ____D () C:\AdwCleaner
2014-12-02 13:18 - 2014-12-02 13:18 - 00000000 ____D () C:\Users\mark\Desktop\JavaRa-2.6
2014-12-02 13:11 - 2014-12-02 13:11 - 02154496 _____ () C:\Users\mark\Desktop\adwcleaner_4.103.exe
2014-12-02 13:11 - 2014-12-02 13:11 - 01707646 _____ (Thisisu) C:\Users\mark\Desktop\JRT.exe
2014-12-02 13:09 - 2014-12-02 13:09 - 00159578 _____ () C:\Users\mark\Desktop\JavaRa-2.6.zip
2014-12-02 12:56 - 2014-12-02 12:56 - 00000197 _____ () C:\windows\system32\2014-12-02-17-56-12.017-AvastVBoxSVC.exe-3952.log
2014-12-01 19:10 - 2014-12-01 19:10 - 00000247 _____ () C:\windows\system32\2014-12-02-00-10-02.046-aswFe.exe-2956.log
2014-12-01 19:05 - 2014-12-01 19:09 - 00000247 _____ () C:\windows\system32\2014-12-02-00-05-21.025-aswFe.exe-6008.log
2014-12-01 19:05 - 2014-12-01 19:05 - 00000197 _____ () C:\windows\system32\2014-12-02-00-05-14.031-AvastVBoxSVC.exe-3824.log
2014-12-01 18:05 - 2014-12-01 18:05 - 00020036 _____ () C:\Users\mark\Desktop\Result.txt
2014-12-01 18:04 - 2014-12-01 17:52 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\mark\Desktop\mbam-setup-2.0.3.1025.exe
2014-12-01 18:04 - 2014-12-01 17:52 - 00852487 _____ () C:\Users\mark\Desktop\SecurityCheck.exe
2014-12-01 18:04 - 2014-12-01 17:50 - 00401920 _____ (Farbar) C:\Users\mark\Desktop\MiniToolBox.exe
2014-11-30 14:31 - 2014-12-06 13:03 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-30 14:31 - 2014-12-05 22:51 - 00002164 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-30 14:31 - 2014-11-30 14:31 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-30 14:30 - 2014-11-30 14:30 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-20 10:01 - 2014-12-05 22:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 10:00 - 2014-12-05 21:45 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-20 10:00 - 2014-12-01 18:06 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 10:00 - 2014-12-01 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 10:00 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-20 10:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-18 13:25 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 13:25 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 13:25 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-18 13:25 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 13:25 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-18 13:25 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-18 13:25 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-18 13:25 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-18 13:24 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-18 13:24 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-18 13:24 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-18 13:24 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-18 13:24 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-18 13:24 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-18 13:24 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-18 13:24 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-18 13:24 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-18 13:24 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-18 13:24 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-18 13:24 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-18 13:24 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-18 13:24 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-18 13:24 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-18 13:24 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-18 13:24 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-18 13:24 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-18 13:24 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-18 13:24 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-18 13:24 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-18 13:24 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-18 13:24 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-18 13:24 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-18 13:24 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-18 13:24 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-18 13:24 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-18 13:24 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-18 13:24 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-18 13:24 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-18 13:24 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-18 13:24 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-18 13:24 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-18 13:24 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-18 13:24 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-18 13:24 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-18 13:24 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-18 13:24 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-18 13:24 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-18 13:24 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-18 13:24 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-18 13:24 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-18 13:24 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-18 13:24 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-18 13:24 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-18 13:24 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-18 13:24 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-18 13:24 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-18 13:24 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-18 13:24 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-18 13:24 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-18 13:24 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-18 13:24 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-18 13:24 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-18 13:24 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-18 13:24 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-18 13:24 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-18 13:24 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-18 13:24 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-18 13:24 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-18 13:24 - 2014-08-29 21:10 - 06583296 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-18 13:24 - 2014-08-29 20:50 - 05702656 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-18 13:24 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-18 13:24 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-18 13:23 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-18 13:23 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-18 13:23 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-18 13:23 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-18 13:23 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-18 13:20 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-18 13:20 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-18 13:20 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-18 13:20 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-18 13:20 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-18 13:20 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-18 13:20 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-18 13:20 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-18 13:20 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-18 13:20 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-18 13:20 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-18 13:20 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-18 13:20 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-18 13:20 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-18 13:20 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-18 13:20 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-18 13:20 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-18 13:20 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-18 13:20 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-18 13:20 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-18 13:17 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-18 13:17 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-18 13:16 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-18 13:16 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-17 19:43 - 2014-11-18 02:10 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-17 19:25 - 2014-11-18 00:46 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-11-17 19:25 - 2014-11-17 19:25 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-11-17 19:09 - 2014-11-17 19:10 - 00000000 ____D () C:\NPE
2014-11-17 19:06 - 2014-11-18 02:10 - 00000000 ____D () C:\ProgramData\Norton
2014-11-17 19:06 - 2014-11-17 19:24 - 00000000 ____D () C:\Users\mark\AppData\Local\NPE
2014-11-17 09:56 - 2014-11-17 09:56 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-17 09:56 - 2014-11-17 09:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-17 07:48 - 2014-12-06 13:03 - 00000000 ____D () C:\Users\mark\AppData\Local\SoftThinks
2014-11-15 22:07 - 2014-11-15 22:07 - 00000000 __SHD () C:\Users\mark\AppData\Local\EmieBrowserModeList
2014-11-15 14:28 - 2014-12-01 18:14 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-11-15 14:28 - 2014-12-01 18:14 - 00000000 ____D () C:\windows\system32\vbox
2014-11-14 18:52 - 2014-11-14 18:52 - 00008528 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:52 - 2014-11-14 18:52 - 00004208 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:51 - 2014-11-14 18:51 - 00008528 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:51 - 2014-11-14 18:51 - 00004208 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:49 - 2014-11-14 18:49 - 00008528 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:49 - 2014-11-14 18:49 - 00004208 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:40 - 2014-12-01 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-14 18:40 - 2014-11-14 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 17:52 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-14 17:44 - 2014-11-14 17:44 - 00008528 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:44 - 2014-11-14 17:44 - 00004208 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:43 - 2014-11-14 17:43 - 00008528 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:43 - 2014-11-14 17:43 - 00004208 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:51 - 2014-11-14 13:51 - 00008528 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:51 - 2014-11-14 13:51 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-10 14:32 - 2014-11-10 14:32 - 00007597 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 13:08 - 2012-01-31 23:33 - 01326638 _____ () C:\windows\WindowsUpdate.log
2014-12-06 13:05 - 2012-03-12 14:53 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-06 13:04 - 2012-03-12 14:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 13:04 - 2009-07-13 23:51 - 00083902 _____ () C:\windows\setupact.log
2014-12-06 13:01 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-05 23:52 - 2009-07-13 23:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 23:52 - 2009-07-13 23:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 23:47 - 2010-11-20 22:47 - 00321166 _____ () C:\windows\PFRO.log
2014-12-04 22:48 - 2012-03-12 18:15 - 00000000 ____D () C:\Users\mark\AppData\Local\Microsoft Games
2014-12-04 21:38 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-03 22:24 - 2012-02-01 00:17 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-02 14:37 - 2012-03-12 15:48 - 00000000 ____D () C:\Users\mark\AppData\Local\Adobe
2014-12-02 14:36 - 2012-02-01 00:12 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-02 14:17 - 2012-03-12 14:56 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-02 13:06 - 2013-05-22 10:53 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-12-01 18:38 - 2009-07-13 22:20 - 00000000 __RSD () C:\windows\Media
2014-11-30 14:31 - 2014-08-06 09:44 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-30 14:31 - 2014-02-12 16:53 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-11-30 14:31 - 2013-08-22 17:28 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-30 14:31 - 2013-08-22 17:28 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-30 14:31 - 2012-03-12 14:53 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-30 14:31 - 2012-03-12 14:53 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-11-30 14:31 - 2012-03-12 14:53 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-30 14:31 - 2012-03-12 14:53 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-21 10:23 - 2014-10-29 17:54 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-19 12:37 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-11-19 09:41 - 2013-03-16 08:48 - 00000000 ____D () C:\windows\pss
2014-11-19 01:24 - 2013-11-09 12:51 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-11-19 01:21 - 2014-01-22 10:45 - 00000000 ____D () C:\Users\mark\Documents\Daily reports 2014
2014-11-19 01:21 - 2012-07-21 04:06 - 00000000 ____D () C:\Users\mark\Documents\StarCraft II
2014-11-19 01:21 - 2012-07-20 14:41 - 00000000 ____D () C:\Users\mark\Documents\RCT3
2014-11-19 01:20 - 2014-02-15 13:35 - 00000000 ____D () C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists
2014-11-19 01:20 - 2012-09-08 15:30 - 00000000 ____D () C:\Users\mark\Desktop\Gracie Pics
2014-11-19 01:20 - 2012-03-12 13:12 - 00000000 ____D () C:\Users\mark
2014-11-19 01:19 - 2013-01-30 13:18 - 00000000 ____D () C:\Users\mark\AppData\Roaming\HP
2014-11-19 01:19 - 2012-03-12 15:04 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Apple Computer
2014-11-19 01:19 - 2012-03-12 13:48 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Skype
2014-11-19 01:19 - 2012-03-12 13:37 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Adobe
2014-11-19 01:19 - 2012-03-12 13:16 - 00000000 ____D () C:\Users\mark\AppData\Roaming\Dell
2014-11-18 22:36 - 2012-03-31 04:24 - 00000000 ____D () C:\Users\mark\AppData\Local\Nero
2014-11-18 22:31 - 2012-03-12 14:53 - 00000000 ____D () C:\Users\mark\AppData\Local\Google
2014-11-18 22:30 - 2014-01-07 21:01 - 00000000 ____D () C:\Users\mark\AppData\Local\HP
2014-11-18 22:30 - 2012-03-12 15:04 - 00000000 ____D () C:\Users\mark\AppData\Local\Apple Computer
2014-11-18 22:30 - 2012-03-12 13:16 - 00000000 ____D () C:\Users\mark\AppData\Local\Dell
2014-11-18 22:27 - 2013-11-09 12:51 - 00000000 ____D () C:\ProgramData\Intuit
2014-11-18 22:26 - 2013-12-30 14:25 - 00000000 ____D () C:\ProgramData\Fore! Reservations
2014-11-18 22:26 - 2013-01-30 12:54 - 00000000 ____D () C:\ProgramData\HP
2014-11-18 13:43 - 2013-10-22 08:25 - 00000000 ____D () C:\windows\system32\MRT
2014-11-18 13:29 - 2013-02-12 15:55 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-18 02:32 - 2009-07-13 23:45 - 00429504 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-18 02:20 - 2012-03-12 18:36 - 00000000 ____D () C:\Users\Gracie
2014-11-18 02:20 - 2012-02-01 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-18 02:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\L2Schemas
2014-11-18 02:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-11-18 02:10 - 2012-03-12 14:05 - 00000000 ____D () C:\Users\mark\AppData\Local\Microsoft Help
2014-11-18 02:10 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-18 02:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-18 00:45 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-11-17 23:12 - 2012-08-04 02:19 - 00000000 ____D () C:\ProgramData\Battle.net
2014-11-15 22:50 - 2011-02-23 08:08 - 00000000 ____D () C:\windows\Panther
2014-11-14 12:59 - 2012-03-12 14:53 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 12:59 - 2012-03-12 14:53 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
ZeroAccess:
C:\Users\mark\AppData\Local\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Gracie\AppData\Local\Temp\candyUpdate.exe
C:\Users\mark\AppData\Local\Temp\cdo1797609406.dll
C:\Users\mark\AppData\Local\Temp\cdo2082072865.dll
C:\Users\mark\AppData\Local\Temp\fx-runtime.exe
C:\Users\mark\AppData\Local\Temp\HPInstaller.exe
C:\Users\mark\AppData\Local\Temp\InstallAX.exe
C:\Users\mark\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\mark\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\MSNA8E.exe
C:\Users\mark\AppData\Local\Temp\ose00000.exe
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll
C:\Users\mark\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\mark\AppData\Local\Temp\wcdinst.exe
C:\Users\mark\AppData\Local\Temp\{B23A0ED7-19D9-4198-A283-14C97088BBA0}-39.0.2171.65_38.0.2125.111_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 03:14

==================== End Of Log ============================

 

Thanks,

 

Eric

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 06 December 2014 - 07:32 PM

Your logs show evidence of the CryptoWall virus, thus many of your files may be encrypted or corrupted.  At this time there isn't a fix for this.  Hopefully you have backups of any important data. 

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

GroupPolicyUsers\S-1-5-21-960464898-619390684-407403647-1003\User: Group Policy restriction detected <======= ATTENTION
2014-11-14 18:52 - 2014-11-14 18:52 - 00008528 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:52 - 2014-11-14 18:52 - 00004208 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:51 - 2014-11-14 18:51 - 00008528 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:51 - 2014-11-14 18:51 - 00004208 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:49 - 2014-11-14 18:49 - 00008528 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:49 - 2014-11-14 18:49 - 00004208 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:44 - 2014-11-14 17:44 - 00008528 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:44 - 2014-11-14 17:44 - 00004208 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:43 - 2014-11-14 17:43 - 00008528 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:43 - 2014-11-14 17:43 - 00004208 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:51 - 2014-11-14 13:51 - 00008528 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:51 - 2014-11-14 13:51 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\Users\mark\AppData\Local\Google\Desktop\Install
C:\Users\mark\AppData\Local\Temp\cdo1797609406.dll
C:\Users\mark\AppData\Local\Temp\cdo2082072865.dll
C:\Users\mark\AppData\Local\Temp\MSNA8E.exe
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 07 December 2014 - 02:11 PM

RPMcMurphy,

 

I have posted the log below from the FRST tool, but the tool is still running and has been running for over an hour. It still says fixing is in progress, please wait. I am not sure if this is the completed log or not but I am going to let the FRST window remain open and run. I will tell you if it ever closes.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by mark at 2014-12-07 13:22:53 Run:1
Running from C:\Users\mark\Desktop
Loaded Profile: mark (Available profiles: mark & Gracie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-960464898-619390684-407403647-1003\User: Group Policy restriction detected <======= ATTENTION
2014-11-14 18:52 - 2014-11-14 18:52 - 00008528 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:52 - 2014-11-14 18:52 - 00004208 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:51 - 2014-11-14 18:51 - 00008528 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:51 - 2014-11-14 18:51 - 00004208 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:49 - 2014-11-14 18:49 - 00008528 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:49 - 2014-11-14 18:49 - 00004208 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:44 - 2014-11-14 17:44 - 00008528 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:44 - 2014-11-14 17:44 - 00004208 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:43 - 2014-11-14 17:43 - 00008528 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:43 - 2014-11-14 17:43 - 00004208 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:51 - 2014-11-14 13:51 - 00008528 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:51 - 2014-11-14 13:51 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\Users\mark\AppData\Local\Google\Desktop\Install
C:\Users\mark\AppData\Local\Temp\cdo1797609406.dll
C:\Users\mark\AppData\Local\Temp\cdo2082072865.dll
C:\Users\mark\AppData\Local\Temp\MSNA8E.exe
EmptyTemp:
*****************

C:\windows\system32\GroupPolicyUsers\S-1-5-21-960464898-619390684-407403647-1003\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\mark\AppData\Local\Temp\cdo1797609406.dll => Moved successfully.
C:\Users\mark\AppData\Local\Temp\cdo2082072865.dll => Moved successfully.
C:\Users\mark\AppData\Local\Temp\MSNA8E.exe => Moved successfully.
 



#6 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 07 December 2014 - 03:40 PM

UPDATE  - The FRST tool finally closed and I rebooted the system as it instructed. I have posted the new log below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by mark at 2014-12-07 13:22:53 Run:1
Running from C:\Users\mark\Desktop
Loaded Profile: mark (Available profiles: mark & Gracie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-960464898-619390684-407403647-1003\User: Group Policy restriction detected <======= ATTENTION
2014-11-14 18:52 - 2014-11-14 18:52 - 00008528 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:52 - 2014-11-14 18:52 - 00004208 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:51 - 2014-11-14 18:51 - 00008528 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:51 - 2014-11-14 18:51 - 00004208 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 18:49 - 2014-11-14 18:49 - 00008528 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.HTML
2014-11-14 18:49 - 2014-11-14 18:49 - 00004208 _____ () C:\Users\mark\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:44 - 2014-11-14 17:44 - 00008528 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:44 - 2014-11-14 17:44 - 00004208 _____ () C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-14 17:43 - 2014-11-14 17:43 - 00008528 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-14 17:43 - 2014-11-14 17:43 - 00004208 _____ () C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00008528 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:55 - 2014-11-14 13:55 - 00004208 _____ () C:\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-14 13:51 - 2014-11-14 13:51 - 00008528 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-14 13:51 - 2014-11-14 13:51 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\Users\mark\AppData\Local\Google\Desktop\Install
C:\Users\mark\AppData\Local\Temp\cdo1797609406.dll
C:\Users\mark\AppData\Local\Temp\cdo2082072865.dll
C:\Users\mark\AppData\Local\Temp\MSNA8E.exe
EmptyTemp:
*****************

C:\windows\system32\GroupPolicyUsers\S-1-5-21-960464898-619390684-407403647-1003\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\mark\AppData\Local\Temp\cdo1797609406.dll => Moved successfully.
C:\Users\mark\AppData\Local\Temp\cdo2082072865.dll => Moved successfully.
C:\Users\mark\AppData\Local\Temp\MSNA8E.exe => Moved successfully.
EmptyTemp: => Removed 16.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 07 December 2014 - 07:24 PM

Thanks. Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 08 December 2014 - 11:35 AM

RPMcMurphy,

 

Here is the log from ComboFix:

 

ComboFix 14-12-07.01 - mark 12/08/2014  11:26:27.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4249 [GMT -5:00]
Running from: c:\users\mark\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\mark\AppData\Roaming\appdata
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-08 to 2014-12-08  )))))))))))))))))))))))))))))))
.
.
2014-12-08 16:32 . 2014-12-08 16:32    --------    d-----w-    c:\users\Gracie\AppData\Local\temp
2014-12-08 16:32 . 2014-12-08 16:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-12-06 18:18 . 2014-12-06 18:18    --------    d-----w-    c:\users\mark\AppData\Roaming\PCDr
2014-12-06 18:17 . 2014-12-06 18:17    --------    d-----w-    c:\programdata\PCDr
2014-12-06 18:10 . 2014-12-07 20:34    --------    d-----w-    C:\FRST
2014-12-06 03:58 . 2014-12-06 03:58    --------    d-----w-    c:\programdata\Emsisoft
2014-12-06 03:26 . 2014-12-06 04:47    --------    d-----w-    c:\program files (x86)\Emsisoft Anti-Malware
2014-12-06 02:46 . 2014-12-06 03:04    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-02 18:42 . 2014-12-02 18:42    --------    d-----w-    c:\windows\ERUNT
2014-12-02 18:20 . 2014-12-02 18:27    --------    d-----w-    C:\AdwCleaner
2014-11-30 19:31 . 2014-11-30 19:31    364512    ----a-w-    c:\windows\system32\aswBoot.exe
2014-11-30 19:30 . 2014-11-30 19:30    43152    ----a-w-    c:\windows\avastSS.scr
2014-11-20 15:01 . 2014-12-06 03:50    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-20 15:00 . 2014-12-06 02:45    96472    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-20 15:00 . 2014-10-01 16:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-20 15:00 . 2014-10-01 16:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-18 22:18 . 2014-11-18 22:18    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2014-11-18 18:45 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F25B00B6-73BF-4649-8D74-534DE0B18B0B}\mpengine.dll
2014-11-18 18:25 . 2014-10-14 02:12    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-11-18 18:25 . 2014-11-11 03:08    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-18 18:25 . 2014-11-11 02:44    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-18 18:25 . 2014-10-14 02:16    155064    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-11-18 18:25 . 2014-11-11 03:08    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-18 18:25 . 2014-11-11 02:44    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-18 18:25 . 2014-10-14 01:50    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-11-18 18:25 . 2014-10-14 01:49    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-11-18 18:23 . 2014-11-06 03:00    1016832    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-18 18:23 . 2014-11-06 04:03    25110016    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-18 18:23 . 2014-08-21 06:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2014-11-18 18:23 . 2014-08-21 06:40    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-11-18 18:23 . 2014-08-21 06:26    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-11-18 18:23 . 2014-08-21 06:23    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-11-18 18:17 . 2014-10-25 01:57    77824    ----a-w-    c:\windows\system32\packager.dll
2014-11-18 18:17 . 2014-10-25 01:32    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-11-18 18:16 . 2014-10-18 02:05    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2014-11-18 18:16 . 2014-10-18 01:33    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2014-11-18 00:43 . 2014-11-18 07:10    --------    d-----w-    c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-18 00:42 . 2014-11-18 00:42    --------    d-----w-    c:\program files (x86)\NortonInstaller
2014-11-18 00:09 . 2014-11-18 00:10    --------    d-----w-    C:\NPE
2014-11-18 00:06 . 2014-11-18 07:10    --------    d-----w-    c:\programdata\Norton
2014-11-18 00:06 . 2014-11-18 00:24    --------    d-----w-    c:\users\mark\AppData\Local\NPE
2014-11-17 14:56 . 2014-11-17 14:56    --------    d-----w-    c:\users\Default\AppData\Local\SoftThinks
2014-11-17 12:48 . 2014-12-08 14:25    --------    d-----w-    c:\users\mark\AppData\Local\SoftThinks
2014-11-16 03:07 . 2014-11-16 03:07    --------    d-sh--w-    c:\users\mark\AppData\Local\EmieBrowserModeList
2014-11-15 19:28 . 2014-12-01 23:14    --------    d-----w-    c:\windows\SysWow64\vbox
2014-11-15 19:28 . 2014-12-01 23:14    --------    d-----w-    c:\windows\system32\vbox
2014-11-14 23:40 . 2014-12-01 23:06    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-14 23:40 . 2014-11-14 23:40    --------    d-----w-    c:\programdata\Malwarebytes
2014-11-14 23:40 . 2014-11-14 23:40    --------    d-----w-    c:\users\mark\AppData\Local\Programs
2014-11-14 22:52 . 2014-10-10 00:57    3198976    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-30 19:31 . 2012-03-12 19:53    1050432    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-11-30 19:31 . 2014-02-12 21:53    116728    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-11-30 19:31 . 2013-08-22 22:28    267632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-11-30 19:31 . 2012-03-12 19:53    436624    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-11-30 19:31 . 2014-08-06 14:44    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-11-30 19:31 . 2013-08-22 22:28    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-11-30 19:31 . 2012-03-12 19:53    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-11-30 19:31 . 2012-03-12 19:53    83280    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-11-18 18:29 . 2013-02-12 20:55    103374192    ----a-w-    c:\windows\system32\MRT.exe
2014-11-04 19:30 . 2010-11-21 03:27    275080    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-29 00:58 . 2014-10-27 18:52    3198976    ----a-w-    c:\windows\system32\win32k(142).sys
2014-09-25 02:08 . 2014-11-04 13:40    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-11-04 13:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-19 01:41 . 2014-10-27 18:52    2796032    ----a-w-    c:\windows\system32\iertutil(128).dll
2014-09-19 00:55 . 2014-10-27 18:53    2187264    ----a-w-    c:\windows\SysWow64\iertutil(144).dll
2014-09-19 00:33 . 2014-10-27 18:52    2309632    ----a-w-    c:\windows\system32\wininet(143).dll
2014-09-19 00:14 . 2014-10-27 18:53    1447936    ----a-w-    c:\windows\system32\urlmon(140).dll
2014-09-18 23:59 . 2014-10-27 18:52    1810944    ----a-w-    c:\windows\SysWow64\wininet(148).dll
2014-09-18 23:53 . 2014-10-27 18:53    1190400    ----a-w-    c:\windows\SysWow64\urlmon(147).dll
2014-09-18 02:00 . 2014-11-04 13:41    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-09-18 01:32 . 2014-11-04 13:41    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-09-09 22:11 . 2014-11-04 13:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-11-04 13:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-02-27 3775800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-30 5226600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Crystal Reports Loader.lnk - c:\windows\Installer\{5057D84D-0E68-4FB1-8F39-843F385FE13D}\CrystalLoader.exe [2013-12-30 50912]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-6-5 6306104]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-6-26 1129288]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2014\QBW32.EXE -silent [2014-6-26 1215816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\EMSISOFT ANTI-MALWARE\cleanhlp64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\cleanhlp64.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 POSPerformanceCounters;Point Of Service Performance Counters;c:\program files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe;c:\program files (x86)\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 4MCServe;Fore! Reservations PMS Remoting Server;c:\program files (x86)\Fore! Reservations\4MCServ.exe;c:\program files (x86)\Fore! Reservations\4MCServ.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-02 19:14    1087304    ----a-w-    c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 10:52]
.
2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 10:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-30 19:31    860984    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-mbamchameleon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-08  11:35:13
ComboFix-quarantined-files.txt  2014-12-08 16:35
.
Pre-Run: 317,655,400,448 bytes free
Post-Run: 316,773,244,928 bytes free
.
- - End Of File - - 20FB176AD92C75D32D702C0F8777120F
 



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 08 December 2014 - 05:04 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
[/list]
Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 December 2014 - 09:50 AM

RPMcMurphy,

 

I ran the AdwCleaner once and it stayed on the pending screen for a while, I assume it was done so I have that report.

 

On the Malwarebytes, you mentioned to tick the box "scan for rootkits". I unchecked the use advanced heuristics and scan within archives boxes and then ran the scan. If you need me to rerun that scan, let me know.

 

# AdwCleaner v4.105 - Report created 09/12/2014 at 09:22:35
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mark - MARKLAPTOP
# Running from : C:\Users\mark\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v39.0.2171.71

[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3769 octets] - [02/12/2014 13:20:29]
AdwCleaner[R1].txt - [1154 octets] - [09/12/2014 08:59:55]
AdwCleaner[R2].txt - [1015 octets] - [09/12/2014 09:22:35]
AdwCleaner[S0].txt - [3757 octets] - [02/12/2014 13:26:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1135 octets] ##########
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/9/2014
Scan Time: 9:34:22 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.09.05
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387389
Time Elapsed: 8 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Thanks,

 

Eric



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 09 December 2014 - 11:50 AM

How is your computer running now?Please do this next (Just so you know, it's likely to turn up quite a few more of those DECRYPT_INSTRUCTION files):

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • ESET log
  • How is the computer running now?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 December 2014 - 07:26 PM

RPMcMurphy,

 

Here is the log from the ESET scan. I have not used the computer other than from what we have been doing. The one thing I can tell you as of now, the Avast realtime webshield is no longer going crazy and popping up every second. Before, once I connected to my router and went online, it wouldn't take but 10 seconds before something within my machine automatically accessed different bogus IP addresses and websites. So, it looks ok right now. I will start to use it more and see what happens.

 

From the scan below, it looks like most of the entries are the DECRYPT.INSTRUCTION files like you said. The only two that were different, were these two entries:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
 
 I don't know if that means anything or not. Here are the rest.

 

C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\pcdr\DECRYPT_INSTRUCTION.HTML.vir Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\pcdr\DECRYPT_INSTRUCTION.TXT.vir Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\pcdr\Installer\DECRYPT_INSTRUCTION.HTML.vir Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\pcdr\Installer\DECRYPT_INSTRUCTION.TXT.vir Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\pcdr\Installer\Logs\DECRYPT_INSTRUCTION.HTML.vir Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\pcdr\Installer\Logs\DECRYPT_INSTRUCTION.TXT.vir Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\AppData\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\AppData\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\AppData\Local\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\AppData\Roaming\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\Downloads\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mark\Downloads\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Public\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Public\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\Battle.net\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Agent\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Agent\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Fore! Reservations\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Fore! Reservations\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Fore! Reservations\Other\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Fore! Reservations\Other\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\HP\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\HP\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Agent\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Agent\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Fore! Reservations\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Fore! Reservations\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Fore! Reservations\Other\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Fore! Reservations\Other\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\HP\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\HP\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\1002\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\1002\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\library\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\library\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\library\1002\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStage\library\1002\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\1001\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\1001\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\Digital Imaging\cache2\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\Digital Imaging\cache2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\Digital Imaging\db2\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\HP\Digital Imaging\db2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\fail\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\fail\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\normal\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\normal\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\f\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\f\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\S7438QSK\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\S7438QSK\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{BE6DA2AD-D572-4B45-8B64-50D51885117E}\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{BE6DA2AD-D572-4B45-8B64-50D51885117E}\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\0\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\0\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\1\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\1\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\10\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\10\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\11\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\11\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\12\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\12\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\13\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\13\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\14\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\14\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\15\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\15\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\16\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\16\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\17\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\17\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\2\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\3\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\4\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\4\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\5\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\6\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\6\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\7\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\7\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\8\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\9\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\9\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\HP\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\HP\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\careyagracierobs\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\careyagracierobs\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\mcag.todd\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\mcag.todd\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\ozzyrobs\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\ozzyrobs\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\Pictures\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\Pictures\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Adams\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Adams\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Callaway\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Callaway\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Clicgear\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Clicgear\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Cobra\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Cobra\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Footjoy\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Footjoy\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Ping\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Ping\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Taylormade\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Taylormade\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Titleist\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Titleist\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Wilson\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Wilson\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\Gracie Pics\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Desktop\Gracie Pics\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\Daily reports 2014\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\Daily reports 2014\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\RCT3\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\RCT3\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\RCT3\Campaigns\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\RCT3\Campaigns\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\Screenshots\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\Screenshots\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-07-26 04.47.17 MARKLAPTOP B22418 Error\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-07-26 04.47.17 MARKLAPTOP B22418 Error\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.17.30 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.17.30 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.20.18 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.20.18 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.23.46 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.23.46 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Screenshots\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\Screenshots\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Back in the Saddle\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Back in the Saddle\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Harvest of Screams\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Harvest of Screams\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Heart of the Swarm\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Heart of the Swarm\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Kaldir\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Kaldir\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Lab Rat\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Lab Rat\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Rendezvous\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Documents\StarCraft II\UserLogs\Rendezvous\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\21\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\21\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\Doo-Wops & Hooligans (Deluxe Version)\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\Doo-Wops & Hooligans (Deluxe Version)\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\bleep You - Deluxe Single\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\bleep You - Deluxe Single\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream - The Complete Confection\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream - The Complete Confection\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Animal\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Animal\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Cannibal\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Cannibal\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\We R Who We R - Single\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\We R Who We R - Single\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\Hemingway's Whiskey (Deluxe Edition)\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\Hemingway's Whiskey (Deluxe Edition)\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Lady Antebellum\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Lady Antebellum\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Need You Now\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Need You Now\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\The Fame\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\The Fame\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\LIVING THINGS\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\LIVING THINGS\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\Party In the U.S.A. - Single\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\Party In the U.S.A. - Single\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\Hannah Montana_ The Movie (Original Moti\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\Hannah Montana_ The Movie (Original Moti\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\Loud\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\Loud\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\The Incredible Machine (Deluxe Edition)\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\The Incredible Machine (Deluxe Edition)\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\Rokstarr\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\Rokstarr\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\Red\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\Red\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\The E.N.D. (The Energy Never Dies)\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\The E.N.D. (The Energy Never Dies)\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\Hey, Soul Sister - Single\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\Hey, Soul Sister - Single\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DJ Got Us Fallin' In Love (feat. Pitbull\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DJ Got Us Fallin' In Love (feat. Pitbull\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\Season 5\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\Season 5\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\Season 2\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\Season 2\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\2012-03-31 fall 2011-spring 2012\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\2012-03-31 fall 2011-spring 2012\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\2014-07 (Jul)\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\2014-07 (Jul)\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\2014-09-24\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\2014-09-24\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\Dell WebCam Central\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\mark\Pictures\Dell WebCam Central\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Collection Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Collection Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Customer Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Customer Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Collection Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Collection Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Customer Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Customer Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Employee Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Employee Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Estimate Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Estimate Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Invoice Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Invoice Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Other Names Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Other Names Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Vendor Letters\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Vendor Letters\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Music\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Music\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Music\Entropy\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Music\Entropy\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Music\Finds You In Love\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Music\Finds You In Love\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Music\On the Sleeve\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Music\On the Sleeve\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Music\The Street Lights Have Been Turned Down\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Music\The Street Lights Have Been Turned Down\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Pictures\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Pictures\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Pictures\PhotoStage\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Pictures\PhotoStage\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Videos\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Videos\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\Public\Videos\Dell\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\Public\Videos\Dell\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Windows\pss\DECRYPT_INSTRUCTION.HTML.Startup Win32/Filecoder.CR trojan
C:\Windows\pss\DECRYPT_INSTRUCTION.TXT.Startup Win32/Filecoder.CR trojan
 
Thanks,
 
Eric


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 10 December 2014 - 10:03 AM

Please do this next:

icon11.gif   Download and save the attached fixlist.txt file in the same location as FRST (usually your desktop)

Attached File  fixlist.txt   51.46KB   1 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.

  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

 


Edited by RPMcMurphy, 10 December 2014 - 10:04 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 10 December 2014 - 10:30 AM

RPMcMurphy,

 

Here are the results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014 01
Ran by mark at 2014-12-10 10:28:16 Run:2
Running from C:\Users\mark\Desktop
Loaded Profile: mark (Available profiles: mark & Gracie)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\ProgramData\Battle.net\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Battle.net\Agent\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\Agent\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Battle.net\Client\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\Client\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Fore! Reservations\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Fore! Reservations\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Fore! Reservations\Other\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Fore! Reservations\Other\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\HP\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\HP\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.TXT 
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML 
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\Agent\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\Agent\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\Client\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\Client\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Fore! Reservations\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Fore! Reservations\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Fore! Reservations\Other\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Fore! Reservations\Other\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\HP\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\HP\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.TXT 
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML 
C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStage\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStage\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\1002\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\1002\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStage\library\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStage\library\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStage\library\1002\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStage\library\1002\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\1001\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\1001\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\HP\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\HP\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\HP\Digital Imaging\cache2\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\HP\Digital Imaging\cache2\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\HP\Digital Imaging\db2\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\HP\Digital Imaging\db2\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Nero\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Nero\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Nero\Nero 10\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Nero\Nero 10\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\fail\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\fail\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\normal\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\normal\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\f\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\f\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\S7438QSK\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\S7438QSK\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Apple Computer\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Apple Computer\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{BE6DA2AD-D572-4B45-8B64-50D51885117E}\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{BE6DA2AD-D572-4B45-8B64-50D51885117E}\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\0\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\0\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\1\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\1\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\10\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\10\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\11\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\11\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\12\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\12\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\13\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\13\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\14\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\14\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\15\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\15\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\16\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\16\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\17\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\17\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\2\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\2\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\3\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\3\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\4\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\4\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\5\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\5\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\6\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\6\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\7\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\7\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\8\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\8\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\9\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\9\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\HP\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\HP\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\careyagracierobs\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\careyagracierobs\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\mcag.todd\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\mcag.todd\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\ozzyrobs\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\ozzyrobs\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\Pictures\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\Pictures\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Adams\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Adams\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Callaway\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Callaway\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Clicgear\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Clicgear\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Cobra\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Cobra\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Footjoy\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Footjoy\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Ping\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Ping\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Taylormade\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Taylormade\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Titleist\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Titleist\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Wilson\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Wilson\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Desktop\Gracie Pics\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Desktop\Gracie Pics\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\Daily reports 2014\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\Daily reports 2014\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\RCT3\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\RCT3\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\RCT3\Campaigns\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\RCT3\Campaigns\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\Accounts\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\Accounts\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\Screenshots\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\Screenshots\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\GameLogs\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\GameLogs\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-07-26 04.47.17 MARKLAPTOP B22418 Error\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-07-26 04.47.17 MARKLAPTOP B22418 Error\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.17.30 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.17.30 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.20.18 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.20.18 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.23.46 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.23.46 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\Screenshots\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\Screenshots\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\Back in the Saddle\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\Back in the Saddle\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\Harvest of Screams\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\Harvest of Screams\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\Heart of the Swarm\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\Heart of the Swarm\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\Kaldir\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\Kaldir\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\Lab Rat\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\Lab Rat\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Documents\StarCraft II\UserLogs\Rendezvous\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Documents\StarCraft II\UserLogs\Rendezvous\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\21\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\21\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\Doo-Wops & Hooligans (Deluxe Version)\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\Doo-Wops & Hooligans (Deluxe Version)\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\bleep You - Deluxe Single\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\bleep You - Deluxe Single\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream - The Complete Confection\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream - The Complete Confection\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Animal\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Animal\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Cannibal\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Cannibal\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\We R Who We R - Single\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\We R Who We R - Single\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\Hemingway's Whiskey (Deluxe Edition)\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\Hemingway's Whiskey (Deluxe Edition)\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Lady Antebellum\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Lady Antebellum\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Need You Now\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Need You Now\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\The Fame\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\The Fame\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\LIVING THINGS\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\LIVING THINGS\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\Party In the U.S.A. - Single\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\Party In the U.S.A. - Single\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\Hannah Montana_ The Movie (Original Moti\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\Hannah Montana_ The Movie (Original Moti\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\Loud\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\Loud\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\The Incredible Machine (Deluxe Edition)\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\The Incredible Machine (Deluxe Edition)\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\Rokstarr\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\Rokstarr\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\Red\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\Red\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\The E.N.D. (The Energy Never Dies)\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\The E.N.D. (The Energy Never Dies)\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\Hey, Soul Sister - Single\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\Hey, Soul Sister - Single\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DJ Got Us Fallin' In Love (feat. Pitbull\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DJ Got Us Fallin' In Love (feat. Pitbull\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\Season 5\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\Season 5\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\Season 2\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\Season 2\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Pictures\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Pictures\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Pictures\2012-03-31 fall 2011-spring 2012\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Pictures\2012-03-31 fall 2011-spring 2012\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Pictures\2014-07 (Jul)\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Pictures\2014-07 (Jul)\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Pictures\2014-09-24\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Pictures\2014-09-24\DECRYPT_INSTRUCTION.TXT 
C:\Users\mark\Pictures\Dell WebCam Central\DECRYPT_INSTRUCTION.HTML 
C:\Users\mark\Pictures\Dell WebCam Central\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Collection Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Collection Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Customer Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Customer Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Collection Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Collection Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Customer Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Customer Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Employee Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Employee Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Estimate Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Estimate Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Invoice Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Invoice Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Other Names Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Other Names Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Vendor Letters\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Vendor Letters\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Music\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Music\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Music\Entropy\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Music\Entropy\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Music\Finds You In Love\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Music\Finds You In Love\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Music\On the Sleeve\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Music\On the Sleeve\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Music\The Street Lights Have Been Turned Down\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Music\The Street Lights Have Been Turned Down\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Pictures\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Pictures\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Pictures\PhotoStage\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Pictures\PhotoStage\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Videos\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Videos\DECRYPT_INSTRUCTION.TXT 
C:\Users\Public\Videos\Dell\DECRYPT_INSTRUCTION.HTML 
C:\Users\Public\Videos\Dell\DECRYPT_INSTRUCTION.TXT 
C:\Windows\pss\DECRYPT_INSTRUCTION.HTML 
C:\Windows\pss\DECRYPT_INSTRUCTION.TXT
 
*****************
 
C:\ProgramData\Battle.net\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Battle.net\Agent\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\Agent\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Battle.net\Client\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\Client\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Fore! Reservations\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Fore! Reservations\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Fore! Reservations\Other\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Fore! Reservations\Other\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\HP\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\HP\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
"C:\Users\All Users\Battle.net\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Battle.net\Agent\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\Agent\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1815\Support\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1974\Support\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Dell\Dell Datasafe Online\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Fore! Reservations\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Fore! Reservations\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Fore! Reservations\Documents\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Fore! Reservations\Other\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Fore! Reservations\Other\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\HP\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\HP\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\HP\LGT 2.0\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\HP\LGT 2.0\data\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\HP\LGT 2.0\data\sessions\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\Entitlement Client\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\Entitlement Client\v8\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QBWebConnector\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QBWebConnector\log\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks\ReportCenter\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DataProtect\OCD\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\DownloadQB24\Patch\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\branding\filist\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\OLB\workflow\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Intuit\QuickBooks 2014\Components\PDFDownload\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\PublishedData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
C:\Users\mark\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\1002\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\CinemaNow\1002\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\library\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\library\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\library\1002\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStage\library\1002\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\1001\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Dell\VideoStageTransaction\1001\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\HP\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\HP\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\HP\Digital Imaging\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\HP\Digital Imaging\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\HP\Digital Imaging\cache2\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\HP\Digital Imaging\cache2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\HP\Digital Imaging\db2\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\HP\Digital Imaging\db2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Backup\new\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Nero\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Nero\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\fail\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\fail\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\normal\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Local\Nero\Nero 10\.thumbnails\normal\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Adobe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Adobe\Acrobat\10.0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\f\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\f1y5fc5hqqlhff3t0trzpvbii1juus5hlrtjnzsilocgr21hepaaaeda\f\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Microsoft\Silverlight\is\kpqyvoj0.vmy\3bqtrsoj.izv\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\S7438QSK\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Adobe\Flash Player\AssetCache\S7438QSK\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{BE6DA2AD-D572-4B45-8B64-50D51885117E}\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{BE6DA2AD-D572-4B45-8B64-50D51885117E}\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\0\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\0\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\1\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\10\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\10\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\11\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\11\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\12\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\12\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\13\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\13\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\14\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\14\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\15\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\15\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\16\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\16\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\17\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\17\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\2\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\3\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\3\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\4\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\4\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\5\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\5\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\6\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\6\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\7\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\7\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\8\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\8\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\9\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Dell\Dell Stage\{E232F207-9E77-4f1f-9535-85C9C8522079}\Media\9\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\HP\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\HP\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\HP\WebRegLogs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\Document Building Blocks\1033\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\careyagracierobs\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\careyagracierobs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\mcag.todd\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\mcag.todd\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\ozzyrobs\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\ozzyrobs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\Pictures\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\Pictures\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\shared_dynco\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\AppData\Roaming\Skype\shared_httpfe\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Adams\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Adams\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Callaway\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Callaway\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Clicgear\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Clicgear\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Cobra\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Cobra\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Footjoy\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Footjoy\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Ping\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Ping\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Taylormade\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Taylormade\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Titleist\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Titleist\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Wilson\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\2014 Company Catalogs and Price Lists\Wilson\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Desktop\Gracie Pics\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Desktop\Gracie Pics\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\Daily reports 2014\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\Daily reports 2014\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\RCT3\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\RCT3\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\RCT3\Campaigns\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\RCT3\Campaigns\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\Screenshots\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Accounts\55670559\1-S2-1-427219\Screenshots\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-07-26 04.47.17 MARKLAPTOP B22418 Error\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-07-26 04.47.17 MARKLAPTOP B22418 Error\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.17.30 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.17.30 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.20.18 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.20.18 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.23.46 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\GameLogs\2012-08-08 23.23.46 MARKLAPTOP B22763 Desync\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Screenshots\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\Screenshots\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Back in the Saddle\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Back in the Saddle\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Harvest of Screams\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Harvest of Screams\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Heart of the Swarm\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Heart of the Swarm\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Kaldir\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Kaldir\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Lab Rat\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Lab Rat\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Rendezvous\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Documents\StarCraft II\UserLogs\Rendezvous\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\21\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\ADELE\21\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\Doo-Wops & Hooligans (Deluxe Version)\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Bruno Mars\Doo-Wops & Hooligans (Deluxe Version)\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\DECRYPT_INSTRUCTION.TXT => Moved successfully.
"C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\bleep You - Deluxe Single\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\mark\Music\iTunes\iTunes Media\Music\Cee Lo Green\bleep You - Deluxe Single\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream - The Complete Confection\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Katy Perry\Teenage Dream - The Complete Confection\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Animal\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Animal\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Cannibal\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\Cannibal\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\We R Who We R - Single\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Ke$ha\We R Who We R - Single\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\Hemingway's Whiskey (Deluxe Edition)\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Kenny Chesney\Hemingway's Whiskey (Deluxe Edition)\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Lady Antebellum\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Lady Antebellum\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Need You Now\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady Antebellum\Need You Now\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\The Fame\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Lady GaGa\The Fame\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\LIVING THINGS\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Linkin Park\LIVING THINGS\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\Party In the U.S.A. - Single\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus\Party In the U.S.A. - Single\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\Hannah Montana_ The Movie (Original Moti\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Miley Cyrus & Hannah Montana\Hannah Montana_ The Movie (Original Moti\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\Loud\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Rihanna\Loud\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\The Incredible Machine (Deluxe Edition)\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Sugarland\The Incredible Machine (Deluxe Edition)\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\Rokstarr\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taio Cruz\Rokstarr\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\Red\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Taylor Swift\Red\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\The E.N.D. (The Energy Never Dies)\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\The Black Eyed Peas\The E.N.D. (The Energy Never Dies)\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\Hey, Soul Sister - Single\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Train\Hey, Soul Sister - Single\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DJ Got Us Fallin' In Love (feat. Pitbull\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\Music\Usher\DJ Got Us Fallin' In Love (feat. Pitbull\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\Season 5\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\24\Season 5\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\Season 2\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Music\iTunes\iTunes Media\TV Shows\Covert Affairs\Season 2\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Pictures\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Pictures\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Pictures\2012-03-31 fall 2011-spring 2012\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Pictures\2012-03-31 fall 2011-spring 2012\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Pictures\2014-07 (Jul)\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Pictures\2014-07 (Jul)\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Pictures\2014-09-24\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Pictures\2014-09-24\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\mark\Pictures\Dell WebCam Central\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\mark\Pictures\Dell WebCam Central\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Collection Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Collection Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Customer Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Customer Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Collection Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Collection Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Customer Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Customer Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Employee Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Employee Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Estimate Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Estimate Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Invoice Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Invoice Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Other Names Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Other Names Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Vendor Letters\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Documents\Intuit\QuickBooks\Sample Company Files\QuickBooks 2014\Restored_Sample M & E Golf Inc._Files\Letters_Templates\Vendor Letters\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Music\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Music\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Music\Entropy\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Music\Entropy\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Music\Finds You In Love\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Music\Finds You In Love\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Music\On the Sleeve\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Music\On the Sleeve\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Music\The Street Lights Have Been Turned Down\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Music\The Street Lights Have Been Turned Down\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Pictures\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Pictures\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Pictures\PhotoStage\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Pictures\PhotoStage\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Videos\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Videos\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\Videos\Dell\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Public\Videos\Dell\DECRYPT_INSTRUCTION.TXT => Moved successfully.
"C:\Windows\pss\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Windows\pss\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
 
==== End of Fixlog ====


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 11 December 2014 - 10:17 PM

Sorry for the delay.  That is going to be about all I can do for you. I've identified and removed all the malware I could locate, but as I told you earlier, that CryptoWall virus causes issues that there is no fix for.  All I have left for you is some important cleanup:

icon11.gif  Your Adobe reader needs to be updated.  Please visit Adobe's site and grab the newest version.  Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users