Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

searching.com malware


  • Please log in to reply
8 replies to this topic

#1 shoride

shoride

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 April 2015 - 05:22 AM

Hi folks,

First time posting in this forum. I have cleaned many an infected computer of malware/viruses/ Trojans etc. But this one has me baffled at this point.
I have used all the usual programs to clean this machine out, BTW It was terribly infected. It seems I have everything cleaned at this point except one thing. I cannot get the start page in Chrome or IE to change
from www-searching.com. I have run Malwarebytes, Hijackthis, HitmanPro, FRST and a full scan of Avast. These have all cleaned out the machine of infections. I have run all of them in both Safe mode and normal. I have reset IE settings as well. I have changed the home page to google but when I restart the browser up comes searching.com. If I click on the Home button it will go to google, but just will not start normally.
I am left scratching my head on this one. confused.gif

Any ideas what I may be missing here?

Thanks in advance!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:59 PM

Posted 15 April 2015 - 07:30 AM

Use the programs below to find and remove the adware. If those don't solve the problem then you can do a clean uninstall of Google Chrome using Revo.

You can save your bookmarks before uninstalling. Suggest you save them either to an external medium or email to prevent them being deleted while using Revo.

Download Revo Uninstaller Freeware Use Revo in Advanced mode. A clean uninstall means removing your Chrome Profile, too.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  •  
  •  
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 shoride

shoride
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 April 2015 - 05:13 PM

Will do. I will update you soon!



#4 shoride

shoride
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 April 2015 - 09:12 PM

This is the result of the three scans.......

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.5 (04.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by useer on Wed 04/15/2015 at 18:51:08.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/15/2015 at 18:55:27.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

C:\AdwCleaner\Quarantine\C\Users\useer\AppData\Local\Browser Extensions\HELP_DECRYPT.HTML.vir Win32/Filecoder.CR trojan 
C:\AdwCleaner\Quarantine\C\Users\useer\AppData\Local\Browser Extensions\HELP_DECRYPT.TXT.vir Win32/Filecoder.CR trojan 
C:\OutputFolder\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\OutputFolder\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\audio\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\audio\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application 
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application 
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application 
C:\ProgramData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Malwarebytes\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Malwarebytes\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\eHome\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\eHome\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\NortonInstaller\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\NortonInstaller\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\NortonInstaller\Logs\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\NortonInstaller\Logs\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\NortonInstaller\Logs\09-28-2012-12h01m48s\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\NortonInstaller\Logs\09-28-2012-12h01m48s\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\FaceLib\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\FaceLib\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\FaceLib\LIB\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\FaceLib\LIB\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\black mirror\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\black mirror\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\classic\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\classic\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\cx2\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\cx2\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\default\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\default\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\imagewall\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\imagewall\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\minimal\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\minimal\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\no menu\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\no menu\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\thriller\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\thriller\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\Blue\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\Blue\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\clear\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\clear\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\green\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\green\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\magenta\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\magenta\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\metal\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\VSO\ConvertXtoDVD\5\Templates\vso glossy\metal\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\Zuma\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\Zuma\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\Zuma\cached\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\Zuma\cached\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\Zuma\cached\sounds\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\ProgramData\WildTangent\Zuma\cached\sounds\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Qoobox\Quarantine\C\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe.vir a variant of Win32/Adware.PicColor.AA application 
C:\Qoobox\Quarantine\C\Users\useer\AppData\Roaming\BtvStack.dll.vir a variant of Win32/Kryptik.DENX trojan 
C:\Users\All Users\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Malwarebytes\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Malwarebytes\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\eHome\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\eHome\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\NortonInstaller\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\NortonInstaller\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\NortonInstaller\Logs\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\NortonInstaller\Logs\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\NortonInstaller\Logs\09-28-2012-12h01m48s\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\NortonInstaller\Logs\09-28-2012-12h01m48s\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\FaceLib\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\FaceLib\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\FaceLib\LIB\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\FaceLib\LIB\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\black mirror\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\black mirror\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\classic\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\classic\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\cx2\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\cx2\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\default\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\default\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\imagewall\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\imagewall\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\minimal\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\minimal\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\no menu\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\no menu\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\thriller\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\thriller\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\Blue\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\Blue\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\clear\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\clear\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\green\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\green\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\magenta\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\magenta\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\metal\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\VSO\ConvertXtoDVD\5\Templates\vso glossy\metal\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\Zuma\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\Zuma\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\Zuma\cached\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\Zuma\cached\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\Zuma\cached\sounds\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\All Users\WildTangent\Zuma\cached\sounds\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\Public\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\Public\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\Public\Pictures\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\Public\Pictures\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Adobe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Adobe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Adobe\Updater6\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Adobe\Updater6\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Adobe\Updater6\Data\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Adobe\Updater6\Data\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\.thumbnails\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\.thumbnails\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\.thumbnails\fail\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\.thumbnails\fail\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\Nero Home\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Ahead\Nero Home\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Big Fish\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Big Fish\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Big Fish\Game Manager\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Big Fish\Game Manager\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\audio\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\audio\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Messenger\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Messenger\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\DBStore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\DBStore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\DBStore\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\DBStore\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\DBStore\Backup\new\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{441cd671-585c-4cbe-8173-e99c0dd6aa3a}\DBStore\Backup\new\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\DBStore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\DBStore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\DBStore\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\DBStore\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\DBStore\Backup\new\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{687aa7b0-fc86-4cb2-a17b-8adec7a10188}\DBStore\Backup\new\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\DBStore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\DBStore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\DBStore\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\DBStore\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\DBStore\Backup\new\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Contacts\{bda1b5e6-66a6-48f0-8eef-e0bc96831605}\DBStore\Backup\new\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\Backup\new\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\Backup\new\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\Sentinel\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Live Mail\Sentinel\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\FreeCell\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\FreeCell\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Hearts\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Hearts\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Mahjong Titans\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Mahjong Titans\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Minesweeper\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Minesweeper\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Purble Place\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Purble Place\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Solitaire\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Solitaire\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Spider Solitaire\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Microsoft Games\Spider Solitaire\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\Apps\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\Apps\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\Apps\login\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\Apps\login\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\Apps\login\images\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Local\Skype\Apps\login\images\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Microsoft\Silverlight\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Microsoft\Silverlight\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\Flash Player\AssetCache\XZWHPXMW\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Adobe\Flash Player\AssetCache\XZWHPXMW\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Ahead\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Ahead\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Ahead\NeroVision\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Ahead\NeroVision\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\apps\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\apps\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\apps\753D5AABD2E1B7FFA4EB2E610E2CB5F95FC03BC3\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\apps\753D5AABD2E1B7FFA4EB2E610E2CB5F95FC03BC3\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\BitTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\ConverterLite\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\ConverterLite\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Malwarebytes\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Malwarebytes\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\emo_cache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\emo_cache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\emo_cache\asyncdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\emo_cache\asyncdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\media_cache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\media_cache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\media_cache\asyncdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\media_cache\asyncdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\storage_db\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\storage_db\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\storage_db\asyncdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\media_messaging\storage_db\asyncdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\qikdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\facebook#3alynnsplude\qikdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\shared_dynco\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\shared_dynco\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\shared_httpfe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\AppData\Roaming\Skype\shared_httpfe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\Desktop\nes emulator\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\Desktop\nes emulator\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\Desktop\nes emulator\cygne\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\Desktop\nes emulator\cygne\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\Desktop\nes emulator\rocknes5b3\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan 
C:\Users\useer\Desktop\nes emulator\rocknes5b3\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan 
C:\Users\useer\Downloads\WinZip Pro 17.0 Build 10381 x86x64+Key - Lz0\WinZip Pro 17.0 Build 10381 (x64)\winzip170-64.msi a variant of Win32/Systweak.L potentially unwanted application 
C:\Users\useer\Downloads\WinZip Pro 17.0 Build 10381 x86x64+Key - Lz0\WinZip Pro 17.0 Build 10381 (x86)\winzip170-32.msi a variant of Win32/Systweak.L potentially unwanted application 
C:\Windows\Installer\13207e.msi a variant of Win32/Systweak.L potentially unwanted application 

 

# AdwCleaner v4.201 - Logfile created 15/04/2015 at 18:45:06
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : useer - USEER-PC
# Running from : C:\Users\useer\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Winferno
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno
Folder Deleted : C:\Program Files (x86)\converter free online
Folder Deleted : C:\Program Files (x86)\Winferno
Folder Deleted : C:\Program Files (x86)\system app
Folder Deleted : C:\Program Files (x86)\Priceless
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
Folder Deleted : C:\Users\useer\AppData\Local\Browser Extensions
Folder Deleted : C:\Users\useer\AppData\Local\DeskBar
Folder Deleted : C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
File Deleted : C:\windows\SysWOW64\WinCMR.dll
File Deleted : C:\Users\useer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winferno Registry Power Cleaner.lnk

***** [ Scheduled tasks ] *****

Task Deleted : ConsumerInputUpdateTaskMachineCore
Task Deleted : ConsumerInputUpdateTaskMachineUA
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : Smp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\useer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\useer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\useer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\useer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\useer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Shortcut Disinfected : C:\Users\useer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggebenakhmhfdkmkemdmllecchcldgec
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\7a8b1bbe-e411-438c-99cf-a6887dbea4a8
Key Deleted : HKLM\SOFTWARE\ec232b72-d113-4dfc-aa3b-25268f9f665c
Key Deleted : HKLM\SOFTWARE\f2e66d33-7ac1-9423-d9ee-acb9a456a1f7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\Winferno
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Converter Free Online_is1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Google Chrome v41.0.2272.118

[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M45B771D6-FB92-4EC2-A7CC-52253468DC9F&SearchSource=58&CUI=&UM=8&UP=SP257F1B53-C2D1-4A8D-8440-5B41B3AD2A24&q={searchTerms}&SSPV=
[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ggebenakhmhfdkmkemdmllecchcldgec
[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eefhnbpnnaaokmclnihgajdnlgljajjg
[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fcfenmboojpjinhpgggodefccipikbpd
[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Users\useer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M45B771D6-FB92-4EC2-A7CC-52253468DC9F&SearchSource=58&CUI=&UM=8&UP=SP257F1B53-C2D1-4A8D-8440-5B41B3AD2A24&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [6942 bytes] - [15/04/2015 18:42:37]
AdwCleaner[S0].txt - [6790 bytes] - [15/04/2015 18:45:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6849  bytes] ##########

 

 

 



#5 buddy215

buddy215

  • Moderator
  • 13,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:59 PM

Posted 15 April 2015 - 09:22 PM

It seems that all of your files have been encrypted.

Do not take any further action for now.


Edited by buddy215, 15 April 2015 - 09:35 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 16 April 2015 - 04:33 AM

You have been infected with CryptoWall 3.0 ransomware. It leaves files named HELP_DECRYPT.TXT, HELP_DECRYPT.HTML, HELP_DECRYPT.URL, and HELP_DECRYPT.PNG. Some of those files were detected by AdwCleaner and other security tools, renamed with a .vir extension and placed into quarantine.

A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0 & CryptoWall 3.0 is provided by Grinler (aka Lawrence Abrams), in this topic: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall (including versions 2.0 & 3.0) does and provide information for how to deal with it.

If your data files were encrypted, be aware that Cryptowall typically deletes all Shadow Volume Copies with vssadmin.exe so that you cannot restore your files via System Restore or using a program like Shadow Explorer...but it never hurts to try. At this time there is no fix tool and Decryption of any CryptoWall Files...is impossible since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom.

There are also lengthy ongoing discussion in these topics:It would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 shoride

shoride
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 16 April 2015 - 07:20 AM

Thanks for all your help. This is a relatives computer, I believe at this time I am going to recommend a format and reinstall. Seems to me to be the best option. She does not really have many important files in the laptop anyway.

Thanks again!!



#8 buddy215

buddy215

  • Moderator
  • 13,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:59 PM

Posted 16 April 2015 - 08:17 AM

Any external medium...flash drive...disk drive...attached while that malware was active would have encrypted files, too. I agree that a reformat and

reinstall is the best solution.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 16 April 2015 - 06:52 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users