Cryptowall, dns problem

cistern_eve · June 21, 2014

Hello,

I am attemping to clear off a windows 7 computer that was hit by something that bills itself as cryptowall. I've read the instructions here:

https://forums.malwa...?hl=+cryptowall

Everything looks as described in that post. However, running mbam-setup.exe , updating, and scanning does not result in any "threats" found.

Also, running offline/bootdisc AVG scans, GMER, and spybot result in no hits, either.

However, on boot the machine still brings up the cryptowall instructions, the dns seems fishy when you view ipconfig /dnsdisplay in DOS (many websites, IPs don't seem typical for the named sites when you use a WHOIS search, etc.), and when using a webbrowser, there are redirects. Also, when it reboots, there are occasionally windows updates (don't power off your computer until, etc.), even when the ethernet cable has been disconnected (there would be no opportunity to download an update from windows).

I note these instructions:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

However, I cannot reach this forum from the infected computer due to redirects, I don't want to put a flashdrive in the infected computer, and CD burning seems to fail, so pasting the output of Farbar is not as simple as suggested (I can download it to a different computer, burn it, and put it on, though). I could take some pictures of the text with my phone or retype it, but it's a lot of text to do in that fashion.

Any advice would be appreciated. Thank you to 1PW ( https://forums.malwarebytes.org/index.php?/user/17252-1pw/ ) for pointing me in the right direction vis a vis where to post this.

-CE

Note that I began this topic in the wrong forum. It was originally posted here:

https://forums.malwarebytes.org/index.php?/topic/151102-cryptowall-dns-problem/

kevinf80 · June 21, 2014

I assume you have a spare clean PC as you are posting successfully, on that PC download and install Panda USB Vaccine from this link: http://www.pandasecurity.com/uk/homeusers/downloads/usbvaccine/

When complete insert your USB flash drive, vaccination will be offered on prompt, The flash drive can now be used on the sick PC...

Next,

Download and save the following to the flash drive:

Download Farbar Recovery Scan Tool and save it to your Flash drive, transfer to desktop of sick PC.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

cistern_eve · June 21, 2014

Thank you, Kevinf80!

I have attached the files requested.

For some reason, the redirects were not happening today when I booted the computer, so I just posted from the computer itself, without the USB step that you included.

Thanks again,

-CE

Addition.txt

FRST.txt

kevinf80 · June 21, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

If the crypto screen shows at anytime select Alt and F4 keys together, if the option to close that screen is offered follow the prompts...

Next,

Open Malwarebytes 2.0, run a Threat Scan

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

Let me see those logs, also give an update on current status..

Kevin

fixlist.txt

cistern_eve · June 21, 2014

Dear kevinf80,

Thank you!

I ran FRST with the fixlist.txt and have attached Fixlog.txt. Then, I ran Malwarebytes. I have attached the log after the Malwarebytes scan as mbam_log. Malwarebytes found no threats.

When I attempted to download RogueKiller, the download was blocked by browser redirects. I will try downloading to a different machine and then installing this program from a CD.

The crypto screens did not appear on boot and were deleted by FRST. The browser problems have remained.

Thank you again,

-CE

Fixlog.txt

mbam_log.txt

kevinf80 · June 21, 2014

Thanks for the logs and the update, post the RogueKiller log if possible. If it will not work/run just skip that step and continue:

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Run Malwarebytes one more time as follows:

On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Let me see those logs, also give an update on any remaining issues or concerns...

Kevin

cistern_eve · June 22, 2014

Dear kevinf80,

Thanks!

I was not able to get RogueKiller to run, so I skipped that step. I have attached the logs for the three steps you requested in your post (adcleaner, JRT, and malwarebytes).

I am still getting redirects in webbrowsers. Specifically, pages such as google will have 302 Moved messages. If you look at the source code for the page within the browser, it is blank. Certain websites are blocked in this fashion-- I always get the 302 Moved message "the document has moved here"

Thank you again for your help,

-CE

AdwCleanerS0.txt

mbam_log2.txt

JRT.txt

kevinf80 · June 22, 2014

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save the zip file to your Desktop.

Double click zip file and extract to your Desktop:

you will now have 3 versions of the tool on the Desktop:

%7Boption%7D http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Capture.png[/img]

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

Copy and paste the following script from the code box and paste into the field.

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;iedefaults; FFdefaults;CHRdefaults;

Select the "Run Script" tab. The following window will open:

Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Post the produced log in your next reply, also let me know if the redirects cease....

Kevin

cistern_eve · June 23, 2014

Dear kevinf80,

Thank you!

I ran zoek.exe and no longer get redirects. For some reason, I cannot attach the log. I will keep trying, but I get an "internal server error" whenever I attempt to post it or post the pasted contents here.

Thank you very much,

CE

cistern_eve · June 23, 2014

The log zoek-results would not attach, so I pasted it belwo.

I have not encountered any redirects. Are there further steps?

Thank you so much for your help.

Regards,
CE

*********

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Administrator on Mon 06/23/2014 at 10:21:26.17.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jane_delgavio\Desktop\zoek\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

6/23/2014 10:22:58 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2990107124-1154940266-691022547-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2990107124-1154940266-691022547-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.1
AVG 2014
Creative Lettering Super Combo
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
HL-5450DN
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Publisher 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PVSonyDll
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
ShadowExplorer 0.9
Spybot - Search & Destroy
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Users\jane_delgavio\Desktop\zoek\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default\prefs.js:

Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com/");
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("keyword.URL", "http://isearch.avg.com/search?cid={23FDFCCA-3451-4469-A12D-CBC6ECC85656}&mid=1d1c52cb094647d6a5ddd1695e681824-e9207e168e288ad9e4a0a9107cbbf0a8057b8f44〈=en&ds=AVG&pr=fr&d=2012-10-03 09:25:49&pid=avg&sg=0&v=15.2.0.5&sap=ku&q=");

Added to C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140623_1034_.backup

ProfilePath: C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default

user.js not found
---- Lines isearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- FireFox user.js and prefs.js backups ----

prefs_20140623_1034_.backup

==== Deleting Files \ Folders ======================

C:\Users\Administrator\Searches deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8190 MB
CPU Info: AMD Athlon II X4 635 Processor
CPU Speed: 2964.3 MHz
Sound Card: Speakers (2- High Definition Au |
Digital Audio (S/PDIF) (2- High |
Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC | Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
CD / DVD Drives: 1x (F: | ) F: HL-DT-STDVDRAM GH22NS40
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 256.0GB | D: 127.9GB | E: 81.8GB | G: 232.8GB | Q: 0.0MB
Hard Disks - Free: C: 192.8GB | D: 127.8GB | E: 81.7GB | G: 218.7GB | Q: 0.0MB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 05/14/10 | GBT    - 42302e31
Time Zone: Eastern Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. GA-770T-USB3
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: AVG Internet Security 2014 disabled (Outdated)
Firewall: AVG Internet Security 2014 disabled
Default Browser: Firefox   15.0.1
Internet Explorer Version: 11.0.9600.17126
Mozilla Firefox version: 15.0.1 (x86 en-US)
Adobe Reader version: 9.5.1.283
Flash Player version: 13.0.0.214

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\ADMINI~1\AppData\Local\Temp ====
2014-06-22 08:36:57   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-06-15 16:35:55   BB9BADED14F0963498855AC28446CED5   51200   ----a-w-   C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-15 16:35:55   7E27FB6AB8976897A530FB30F5FF7691   69632   ----a-w-   C:\Windows\SysWOW64\mshtmled.dll
2014-06-15 16:35:55   6D8E6A9A524FFAAFA4D2F6C8EF38D0BB   592896   ----a-w-   C:\Windows\SysWOW64\jscript9diag.dll
2014-06-15 16:35:54   D5ECBB3BFDC73A59440D9CA79AB3A342   17271296   ----a-w-   C:\Windows\SysWOW64\mshtml.dll
2014-06-15 16:35:54   C1F5812F355D0C9495C1B2E7165DA2AF   32256   ----a-w-   C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-15 16:35:54   8DF06ACA017949D37C38B6A0EF747D4E   526336   ----a-w-   C:\Windows\SysWOW64\msfeeds.dll
2014-06-15 16:35:54   0AFCE8EEF3751810FE2101FD608FB8B3   1143296   ----a-w-   C:\Windows\SysWOW64\urlmon.dll
2014-06-15 16:35:54   017B99D09904DCA35D5F66AD79084B5F   368128   ----a-w-   C:\Windows\SysWOW64\dxtmsft.dll
2014-06-15 16:35:53   E0EA58834CD19FDFCD1BC37B22E1D3D8   43008   ----a-w-   C:\Windows\SysWOW64\jsproxy.dll
2014-06-15 16:35:53   D9F5B424C307B195E16A9B0A21E53BCC   61952   ----a-w-   C:\Windows\SysWOW64\iesetup.dll
2014-06-15 16:35:53   D36574C287D0764C95AC777DFF367715   32768   ----a-w-   C:\Windows\SysWOW64\iernonce.dll
2014-06-15 16:35:53   C69FDD49AB9E8BCF2BAAC469CE0CC756   1964544   ----a-w-   C:\Windows\SysWOW64\inetcpl.cpl
2014-06-15 16:35:53   9EAAB4305536829D6B7D9C3A47E92861   2179072   ----a-w-   C:\Windows\SysWOW64\iertutil.dll
2014-06-15 16:35:53   814E0D53EF020BD93097F26B53B573F0   440832   ----a-w-   C:\Windows\SysWOW64\ieui.dll
2014-06-15 16:35:53   5B5815477A53ED92B89955FFE7EDCB2E   242688   ----a-w-   C:\Windows\SysWOW64\dxtrans.dll
2014-06-15 16:35:52   688227D38A6FF6403B293D0C50B454B9   11725312   ----a-w-   C:\Windows\SysWOW64\ieframe.dll
2014-06-15 16:35:52   4D3074AA172DCFD5D56BE764B671085A   2724864   ----a-w-   C:\Windows\SysWOW64\mshtml.tlb
2014-06-15 16:35:51   CC0077F9C7ACD7E97707DFC763A4EA99   112128   ----a-w-   C:\Windows\SysWOW64\ieUnatt.exe
2014-06-15 16:35:51   C58E97EEB1CB80CE91D5E7FD5E78794F   4244992   ----a-w-   C:\Windows\SysWOW64\jscript9.dll
2014-06-15 16:35:51   771CDBC3D62437D6DB070820BB1EDCCF   1790976   ----a-w-   C:\Windows\SysWOW64\wininet.dll
2014-06-15 16:35:51   22D7FFA4B94916F18EB1F1D107B86839   704512   ----a-w-   C:\Windows\SysWOW64\ieapfltr.dll
2014-06-15 16:35:51   0AC4E3C93D49E37D5B008ED99092115C   1068032   ----a-w-   C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-15 16:35:51   09771ABC896D2A88370F3AB8BADC242E   455168   ----a-w-   C:\Windows\SysWOW64\vbscript.dll
2014-06-15 16:35:50   EB960643DC62832C88272573204B6DBA   164864   ----a-w-   C:\Windows\SysWOW64\msrating.dll
2014-06-15 16:33:51   A5F833506BF6A1B5D693E1499DEE2444   626688   ----a-w-   C:\Windows\SysWOW64\usp10.dll
2014-06-15 16:33:46   E227B810296AA27E6C69307A7B6456E5   1389056   ----a-w-   C:\Windows\SysWOW64\msxml6.dll
2014-06-15 16:33:46   8B8D1CEF498678CAB9DF17145D34BC64   1237504   ----a-w-   C:\Windows\SysWOW64\msxml3.dll
2014-06-15 16:33:46   2E673E776136354ECFB57BFD62E7EC3D   2048   ----a-w-   C:\Windows\SysWOW64\msxml6r.dll
2014-06-15 16:33:46   0789F82BAE171323F74B8F175D406AB8   2048   ----a-w-   C:\Windows\SysWOW64\msxml3r.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-06-19 14:49:13   82446D358A9FB51CB9DA32A5C901D7A0   21040   ----a-w-   C:\Windows\Sysnative\sdnclean64.exe
2014-06-15 16:35:54   DA7AAB5D4E5F7160E906C0D2EB9A2B9F   38400   ----a-w-   C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-06-15 16:35:54   3ED5C9055F7A635399FC12892F565287   48640   ----a-w-   C:\Windows\Sysnative\ieetwproxystub.dll
2014-06-15 16:35:53   DFD834E89B819B5ECE8E251C56B5A3CE   4096   ----a-w-   C:\Windows\Sysnative\ieetwcollectorres.dll
2014-06-15 16:35:53   D5C446B14DC667B7B9FBB30EA1701D92   2724864   ----a-w-   C:\Windows\Sysnative\mshtml.tlb
2014-06-15 16:35:53   BFD3178735D97C858FFA467F8199700C   111616   ----a-w-   C:\Windows\Sysnative\ieetwcollector.exe
2014-06-15 16:35:53   867DD52B23D3B0390B88F3D7AD1E600C   631808   ----a-w-   C:\Windows\Sysnative\msfeeds.dll
2014-06-15 16:35:53   3A1AB9DE852F2BC1ECE6403BDD01B9F0   1398272   ----a-w-   C:\Windows\Sysnative\urlmon.dll
2014-06-15 16:35:53   12BA419E27DBC5DBF9262C8A885FA361   452096   ----a-w-   C:\Windows\Sysnative\dxtmsft.dll
2014-06-15 16:35:52   EAAA62F272858695814A1F42D5E59BD3   608768   ----a-w-   C:\Windows\Sysnative\ie4uinit.exe
2014-06-15 16:35:52   B34D3F303769E65CE7EFBD4E6FB62B25   66048   ----a-w-   C:\Windows\Sysnative\iesetup.dll
2014-06-15 16:35:51   3FC3828E8820D1C93DBFBAD4BE456D85   2040832   ----a-w-   C:\Windows\Sysnative\inetcpl.cpl
2014-06-15 16:35:51   063EF4239479F52DAF9F4849B0B304F1   2768384   ----a-w-   C:\Windows\Sysnative\iertutil.dll
2014-06-15 16:35:50   CE6109C73C3A04CC2B8C6110B0F0FEF9   33792   ----a-w-   C:\Windows\Sysnative\iernonce.dll
2014-06-15 16:35:50   CB8A91074AE1B5051E240B50A328DCF5   295424   ----a-w-   C:\Windows\Sysnative\dxtrans.dll
2014-06-15 16:35:50   B2C037F50A02D6C057B1E0791BBF41A5   574976   ----a-w-   C:\Windows\Sysnative\ieui.dll
2014-06-15 16:35:50   790FD40601502C5FE8213D4F335DA0BD   51200   ----a-w-   C:\Windows\Sysnative\jsproxy.dll
2014-06-15 16:35:50   2DBB9127794BC30BC31D26FA088F8BAB   13522944   ----a-w-   C:\Windows\Sysnative\ieframe.dll
2014-06-15 16:35:49   CC603EF96BA456D4BCD9FF849ED07A2A   85504   ----a-w-   C:\Windows\Sysnative\mshtmled.dll
2014-06-15 16:35:49   AB3FA3D9B1F1D0571CBC43D1487CCD6F   5782528   ----a-w-   C:\Windows\Sysnative\jscript9.dll
2014-06-15 16:35:49   A4A58E3171C03A1145D1C3EC488D1B4F   1249280   ----a-w-   C:\Windows\Sysnative\mshtmlmedia.dll
2014-06-15 16:35:49   9013D5BBE1B6D3A060F54B4B5BB2C3A3   846336   ----a-w-   C:\Windows\Sysnative\ieapfltr.dll
2014-06-15 16:35:49   770F067D833DC017CEB8A36A2A1EC942   139264   ----a-w-   C:\Windows\Sysnative\ieUnatt.exe
2014-06-15 16:35:49   6B9925F498D4E91FB57576CC3776D428   752640   ----a-w-   C:\Windows\Sysnative\jscript9diag.dll
2014-06-15 16:35:49   40BFD9D6EC8E174145F012246CA73CCD   2266112   ----a-w-   C:\Windows\Sysnative\wininet.dll
2014-06-15 16:35:49   2F474D40626B0C694400589F3FBB9AA9   548352   ----a-w-   C:\Windows\Sysnative\vbscript.dll
2014-06-15 16:35:48   F343ECB3C683EBD7E3990C03AD680855   940032   ----a-w-   C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-06-15 16:35:48   8E3C6008250A904C06943BCEA585E344   195584   ----a-w-   C:\Windows\Sysnative\msrating.dll
2014-06-15 16:35:48   56803B20D168C1B740D12CE0BE4588F5   23414784   ----a-w-   C:\Windows\Sysnative\mshtml.dll
2014-06-15 16:33:51   088CF6AFCD5CDD44E40C0ACDE3C1A5E0   801280   ----a-w-   C:\Windows\Sysnative\usp10.dll
2014-06-15 16:33:46   ECA6AC33BD9E441F7B47D173D715D268   1882112   ----a-w-   C:\Windows\Sysnative\msxml3.dll
2014-06-15 16:33:46   3408DD8081DC22858AE2E6ABD2594C02   2048   ----a-w-   C:\Windows\Sysnative\msxml6r.dll
2014-06-15 16:33:46   0E3A7EC2B9590EA7767BBB1823630DEA   2002432   ----a-w-   C:\Windows\Sysnative\msxml6.dll
2014-06-15 16:33:46   0465A8CFDDB4FFDB569802A70B9443D5   2048   ----a-w-   C:\Windows\Sysnative\msxml3r.dll
2014-06-15 16:28:39   84A13AB118F433898B5ABA36E8D7CA91   424448   ----a-w-   C:\Windows\Sysnative\aeinv.dll
2014-06-15 16:28:39   2C053C9B2A8249F1F9B38ED1AE455771   506368   ----a-w-   C:\Windows\Sysnative\aepdu.dll
====== C:\Windows\Sysnative\drivers =====
2014-06-19 13:26:24   8A50D5304E6AE48664CF5838EC32F647   122584   ----a-w-   C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-06-19 13:26:11   F92B0E478C0FAA6D6661E6E977247E60   25816   ----a-w-   C:\Windows\Sysnative\drivers\mbam.sys
2014-06-19 13:26:11   9D9ED48F841EA37AA5310D54B9E5D3C7   91352   ----a-w-   C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-06-19 13:26:11   15E8ABC06843672955CE26A009533BAD   63704   ----a-w-   C:\Windows\Sysnative\drivers\mwac.sys
2014-06-15 16:33:50   17F685B67C74B8F7BFED4308790B71DE   288192   ----a-w-   C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-06-15 16:33:50   04ADD18EE5CC9FBEDAEC1DD1CD0CB45E   1903552   ----a-w-   C:\Windows\Sysnative\drivers\tcpip.sys
====== C:\Windows\Tasks ======
2014-06-19 14:49:22   --------   d-----w-   C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-06-19 02:20:48   --------   d-----w-   C:\PROGRA~2\ShadowExplorer
======= =====
====== C:\Users\Administrator\AppData\Roaming ======
2014-06-20 15:13:35   --------   d-----w-   C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-06-19 13:25:38   --------   d-----w-   C:\Users\Administrator\AppData\Local\Programs
2014-06-19 02:21:11   --------   d-----w-   C:\Users\jane_delgavio\AppData\Roaming\www.shadowexplorer.com
====== C:\Users\Administrator ======
2014-06-22 08:33:50   CA630DBADEB5B6101531F986ADFE46C9   1016261   ----a-w-   C:\Users\jane_delgavio\Downloads\JRT.exe
2014-06-22 08:19:27   42F24559E8C472F6FF745BB7C5465FB2   1333465   ----a-w-   C:\Users\jane_delgavio\Downloads\AdwCleaner.exe
2014-06-21 14:56:04   87E1CC81E9497B23CA40DAA7F8ACCFB6   1070592   ----a-w-   C:\Users\jane_delgavio\Downloads\FRST.exe
2014-06-21 14:55:32   6FD62863663B5DAF6C30657A2D4688E2   2083328   ----a-w-   C:\Users\jane_delgavio\Downloads\FRST64.exe
2014-06-19 02:20:50   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-06-18 18:20:28   C5824694D02D0149B0E92784BF0AE0E4   516424   ----a-w-   C:\Users\jane_delgavio\Desktop\sbav_10_sfx.exe
2014-06-18 18:20:14   5AB2EB3CA32416D1C0ADF696579E6924   969845   ----a-w-   C:\Users\jane_delgavio\Desktop\ShadowExplorer-0.9-setup.exe
2014-06-18 18:20:11   9A8336796A7C71E9F33DE848B8320ED3   380416   ----a-w-   C:\Users\jane_delgavio\Desktop\y9gyj6tq.exe

====== C: exe-files ==
2014-06-22 08:36:57   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-06-22 08:33:50   CA630DBADEB5B6101531F986ADFE46C9   1016261   ----a-w-   C:\Users\jane_delgavio\Downloads\JRT.exe
2014-06-22 08:19:27   42F24559E8C472F6FF745BB7C5465FB2   1333465   ----a-w-   C:\Users\jane_delgavio\Downloads\AdwCleaner.exe
2014-06-21 14:56:04   87E1CC81E9497B23CA40DAA7F8ACCFB6   1070592   ----a-w-   C:\Users\jane_delgavio\Downloads\FRST.exe
2014-06-21 14:55:32   6FD62863663B5DAF6C30657A2D4688E2   2083328   ----a-w-   C:\Users\jane_delgavio\Downloads\FRST64.exe
2014-06-19 14:49:13   82446D358A9FB51CB9DA32A5C901D7A0   21040   ----a-w-   C:\Windows\System32\sdnclean64.exe
2014-06-19 02:20:50   D9A4EA4D6F3C3B619AB008B146168543   884224   ----a-w-   C:\Program Files (x86)\ShadowExplorer\ShadowExplorer.exe
2014-06-19 02:20:48   48C3BA4FCF8C3521C85F4560B59EBD05   961370   ----a-w-   C:\Program Files (x86)\ShadowExplorer\unins000.exe
2014-06-19 02:20:48   02DED435FCAA1C02959051AF636E154A   9216   ----a-w-   C:\Program Files (x86)\ShadowExplorer\sesvc.exe
2014-06-18 18:20:28   C5824694D02D0149B0E92784BF0AE0E4   516424   ----a-w-   C:\Users\jane_delgavio\Desktop\sbav_10_sfx.exe
2014-06-18 18:20:14   5AB2EB3CA32416D1C0ADF696579E6924   969845   ----a-w-   C:\Users\jane_delgavio\Desktop\ShadowExplorer-0.9-setup.exe
2014-06-18 18:20:11   9A8336796A7C71E9F33DE848B8320ED3   380416   ----a-w-   C:\Users\jane_delgavio\Desktop\y9gyj6tq.exe
=== C: other files ==
2014-06-22 08:36:57   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\TDL4.bat
2014-06-22 08:36:57   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\medfos.bat
2014-06-22 08:36:57   A87CD1BAC46CAC0EEEDB571F07077032   8104   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\modules.bat
2014-06-22 08:36:57   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\searchlnk.bat
2014-06-22 08:36:57   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\firefox.bat
2014-06-22 08:36:57   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\ev_clear.bat
2014-06-22 08:36:57   7D8282EB94B5D639B7378811C1924A8F   9516   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\runvalues.bat
2014-06-22 08:36:57   654E9FE74B930A454EE5BDE165794B65   85   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\delorphans.bat
2014-06-22 08:36:57   5B92615B0CEA08D6BA1217C08CBB1443   15919   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\get.bat
2014-06-22 08:36:57   5B71358F97544D9DE58A9A0893079506   39458   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\prelim.bat
2014-06-22 08:36:57   53B191266B30D57F2F835ABBF54C68C5   13963   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\chrome.bat
2014-06-22 08:36:57   3BC04DEBBE9027060D51901133F60101   154678   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\misc.bat
2014-06-22 08:36:57   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\ask.bat
2014-06-22 08:36:57   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\iexplore.bat
2014-06-22 08:36:57   2F80D807DB405C8F6E0F3706B9FED710   10161   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\JRT.bat
2014-06-22 08:36:57   0D08FBD2E6F6C6AC6A504712C4CE6CE3   1226   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\FWPolicy.bat
2014-06-22 08:36:57   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\Administrator\AppData\Local\Temp\jrt\delfolders.bat
2014-06-19 13:26:24   8A50D5304E6AE48664CF5838EC32F647   122584   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-19 13:26:11   F92B0E478C0FAA6D6661E6E977247E60   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-06-19 13:26:11   9D9ED48F841EA37AA5310D54B9E5D3C7   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-19 13:26:11   15E8ABC06843672955CE26A009533BAD   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2990107124-1154940266-691022547-500\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_JUNE2013_TB"="C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe /PROMPT /CMPID=JUNE2013_TB"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACSTRAY"="C:\WINACS\ACSTRAY.EXE"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_JUNE2013_TB"="C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe /PROMPT /CMPID=JUNE2013_TB"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}"
"MSPQM"="rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}"
"MSKSSRV"="rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}"
"MSTEE.CxTransform"="rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install"
"MSTEE.Splitter"="rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install"
"WDM_DRMKAUD"="rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install"
"*WerKernelReporting"="%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq"

==== Startup Folders ======================

2011-12-06 14:16:21   1279   ----a-w-   C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Village Advent Calendar.lnk
2012-03-20 14:05:02   1292   ----a-w-   C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/14/2014 10:47 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default
- Undetermined - C:\ProgramData\AVG Secure Search\12.2.5.32
- Undetermined - C:\ProgramData\AVG Secure Search\12.2.5.34\

ProfilePath: C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default
- Ghostery - C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\extensions\firefox@ghostery.com
- Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL
- Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL
- Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL
- Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\extensions\firefox@ghostery.com deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== HijackThis Entries ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [ACSTRAY] C:\WINACS\ACSTRAY.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - S-1-5-21-2990107124-1154940266-691022547-1001 Startup: Jacquie Lawson Village Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe (User 'jane_delgavio')
O4 - S-1-5-21-2990107124-1154940266-691022547-1001 Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'jane_delgavio')
O4 - S-1-5-21-2990107124-1154940266-691022547-1001 User Startup: Jacquie Lawson Village Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe (User 'jane_delgavio')
O4 - S-1-5-21-2990107124-1154940266-691022547-1001 User Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'jane_delgavio')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files (x86)\ShadowExplorer\sesvc.exe
O23 - Service: Application Virtualization Client (sftlist) - Unknown owner - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
O23 - Service: Application Virtualization Service Agent (sftvsa) - Unknown owner - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Services
   AdobeFlashPlayerUpdateSvc
     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     13.0.0.214
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     4/24/2014 10:24 PM
   AVG Security Toolbar Service
     C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
     AVG Security Toolbar
     7.7.26.1
     c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe
     7/26/2011 3:57 AM
   avgfws
     "C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
     AVG Firewall Service
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgfws.exe
     5/13/2014 8:19 AM
   AVGIDSAgent
     "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
     Provides Identity Protection Against Cyber Crime.
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgidsagent.exe
     5/13/2014 8:22 AM
   avgwd
     "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
     AVG Watchdog Service
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgwdsvc.exe
     5/13/2014 8:15 AM
   BrYNSvc
     "C:\Program Files (x86)\Browny02\BrYNSvc.exe"
     BrYNCSvc
     Brother Industries, Ltd.
     1.2.3.0
     c:\program files (x86)\browny02\brynsvc.exe
     5/11/2011 7:33 PM
   MBAMScheduler
     "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
     Malwarebytes Anti-Malware scheduler
     Malwarebytes Corporation
     3.0.2.0
     c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
     3/31/2014 4:23 PM
   MBAMService
     "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
     Malwarebytes Anti-Malware service
     Malwarebytes Corporation
     3.0.2.0
     c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
     3/6/2014 3:58 PM
   MozillaMaintenance
     C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
     The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
     Mozilla Foundation
     15.0.1.4631
     c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
     9/5/2012 8:05 PM
   nvsvc
     "C:\Windows\system32\nvvsvc.exe"
     Provides system and desktop level support to the NVIDIA display driver
     NVIDIA Corporation
     8.17.13.1106
     c:\windows\system32\nvvsvc.exe
     1/18/2013 10:37 AM
   nvUpdatusService
     "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
     NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server.
     NVIDIA Corporation
     1.11.3.0
     c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
     1/18/2013 9:00 AM
   SDScannerService
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
     Offers malware scanning services to Spybot-S&D modules
     Safer-Networking Ltd.
     2.3.39.217
     c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
     4/25/2014 8:12 AM
   SDUpdateService
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
     Downloads Spybot updates and installs them.
     Safer-Networking Ltd.
     2.3.39.77
     c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe
     4/25/2014 8:12 AM
   SDWSCService
     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
     Integrates Spybot into the Windows Security Center.
     Safer-Networking Ltd.
     2.3.39.2
     c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
     4/25/2014 8:12 AM
   sesvc
     "C:\Program Files (x86)\ShadowExplorer\sesvc.exe"
     Provides access to vssadmin.
     www.shadowexplorer.com
     0.9.462.0
     c:\program files (x86)\shadowexplorer\sesvc.exe
     1/2/2013 12:49 PM
   sftlist
     "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
     Streams and manages applications.
     c:\program files (x86)\microsoft application virtualization client\sftlist.exe
     4/24/2010 1:10 AM
   sftvsa
     "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
     Monitors global service events and launches virtual services.
     c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
     4/24/2010 1:10 AM
   Stereo Service
     "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
     Provides system support for NVIDIA Stereoscopic 3D driver
     NVIDIA Corporation
     7.17.13.1106
     c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
     1/18/2013 9:51 AM

HKLM\System\CurrentControlSet\Services
   adp94xx
     \SystemRoot\system32\DRIVERS\adp94xx.sys
     Adaptec Windows SAS/SATA Storport Driver
     Adaptec, Inc.
     1.6.6.4
     c:\windows\system32\drivers\adp94xx.sys
     12/5/2008 7:54 PM
   adpahci
     \SystemRoot\system32\DRIVERS\adpahci.sys
     Adaptec Windows SATA Storport Driver
     Adaptec, Inc.
     1.6.6.1
     c:\windows\system32\drivers\adpahci.sys
     5/1/2007 1:30 PM
   adpu320
     \SystemRoot\system32\DRIVERS\adpu320.sys
     Adaptec StorPort Ultra320 SCSI Driver (X64)
     Adaptec, Inc.
     7.2.0.0
     c:\windows\system32\drivers\adpu320.sys
     2/27/2007 8:04 PM
   aliide
     \SystemRoot\system32\drivers\aliide.sys
     ALi mini IDE Driver
     Acer Laboratories Inc.
     1.2.0.0
     c:\windows\system32\drivers\aliide.sys
     7/13/2009 7:19 PM
   amdsata
     \SystemRoot\system32\drivers\amdsata.sys
     AHCI 1.2 Device Driver
     Advanced Micro Devices
     1.1.2.5
     c:\windows\system32\drivers\amdsata.sys
     3/18/2010 8:45 PM
   amdsbs
     \SystemRoot\system32\DRIVERS\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
     AMD Technologies Inc.
     3.6.1540.127
     c:\windows\system32\drivers\amdsbs.sys
     3/20/2009 2:36 PM
   amdxata
     system32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.2.5
     c:\windows\system32\drivers\amdxata.sys
     3/19/2010 12:18 PM
   arc
     \SystemRoot\system32\DRIVERS\arc.sys
     Adaptec RAID Storport Driver
     Adaptec, Inc.
     5.2.0.10384
     c:\windows\system32\drivers\arc.sys
     5/24/2007 5:27 PM
   arcsas
     \SystemRoot\system32\DRIVERS\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     Adaptec, Inc.
     5.2.0.16119
     c:\windows\system32\drivers\arcsas.sys
     1/14/2009 3:27 PM
   Avgdiska
     system32\DRIVERS\avgdiska.sys
     AVG File Vault Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgdiska.sys
     5/13/2014 8:05 AM
   Avgfwfd
     system32\DRIVERS\avgfwd6a.sys
     AVG network filter driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4143
     c:\windows\system32\drivers\avgfwd6a.sys
     9/26/2013 3:44 AM
   AVGIDSDriver
     system32\DRIVERS\avgidsdrivera.sys
     AVG Technologies IDS Application Activity Monitor Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgidsdrivera.sys
     5/13/2014 8:04 AM
   AVGIDSHA
     system32\DRIVERS\avgidsha.sys
     AVG Technologies IDS Application Activity Monitor Helper Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgidsha.sys
     5/13/2014 8:05 AM
   Avgldx64
     system32\DRIVERS\avgldx64.sys
     AVG AVI Loader Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgldx64.sys
     5/13/2014 8:20 AM
   Avgloga
     system32\DRIVERS\avgloga.sys
     AVG Logging Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgloga.sys
     5/13/2014 8:06 AM
   Avgmfx64
     system32\DRIVERS\avgmfx64.sys
     AVG Resident Shield Minifilter Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgmfx64.sys
     5/13/2014 8:05 AM
   Avgrkx64
     system32\DRIVERS\avgrkx64.sys
     AVG Anti-Rootkit Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgrkx64.sys
     5/13/2014 8:04 AM
   Avgtdia
     system32\DRIVERS\avgtdia.sys
     AVG Network connection watcher
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\windows\system32\drivers\avgtdia.sys
     5/13/2014 8:20 AM
   avgtp
     \??\C:\Windows\system32\drivers\avgtpx64.sys
     AVG Technologies
     18.0.5.3
     c:\windows\system32\drivers\avgtpx64.sys
     3/12/2014 6:48 AM
   b06bdrv
     \SystemRoot\system32\DRIVERS\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     4.8.2.0
     c:\windows\system32\drivers\bxvbda.sys
     2/13/2009 6:18 PM
   b57nd60a
     system32\DRIVERS\b57nd60a.sys
     Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
     Broadcom Corporation
     10.100.4.0
     c:\windows\system32\drivers\b57nd60a.sys
     4/26/2009 7:14 AM
   BrFiltLo
     \SystemRoot\system32\DRIVERS\BrFiltLo.sys
     Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
     Brother Industries, Ltd.
     1.10.0.2
     c:\windows\system32\drivers\brfiltlo.sys
     8/6/2006 9:51 PM
   BrFiltUp
     \SystemRoot\system32\DRIVERS\BrFiltUp.sys
     Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
     Brother Industries, Ltd.
     1.4.0.1
     c:\windows\system32\drivers\brfiltup.sys
     8/6/2006 9:51 PM
   Brserid
     \SystemRoot\System32\Drivers\Brserid.sys
     Brotehr Serial I/F Driver (WDM)
     Brother Industries Ltd.
     1.0.1.6
     c:\windows\system32\drivers\brserid.sys
     8/6/2006 9:51 PM
   BrSerWdm
     \SystemRoot\System32\Drivers\BrSerWdm.sys
     Brother Serial driver (WDM version)
     Brother Industries Ltd.
     1.0.0.20
     c:\windows\system32\drivers\brserwdm.sys
     8/6/2006 9:51 PM
   BrUsbMdm
     \SystemRoot\System32\Drivers\BrUsbMdm.sys
     Brother USB MDM Driver
     Brother Industries Ltd.
     1.0.0.12
     c:\windows\system32\drivers\brusbmdm.sys
     8/6/2006 9:51 PM
   BrUsbSer
     \SystemRoot\System32\Drivers\BrUsbSer.sys
     Brother USB Serial Driver
     Brother Industries Ltd.
     1.0.1.3
     c:\windows\system32\drivers\brusbser.sys
     8/9/2006 8:11 AM
   cmdide
     \SystemRoot\system32\drivers\cmdide.sys
     CMD PCI IDE Bus Driver
     CMD Technology, Inc.
     2.0.7.0
     c:\windows\system32\drivers\cmdide.sys
     7/13/2009 7:19 PM
   ebdrv
     \SystemRoot\system32\DRIVERS\evbda.sys
     Broadcom NetXtreme II 10 GigE VBD
     Broadcom Corporation
     4.8.13.0
     c:\windows\system32\drivers\evbda.sys
     12/31/2008 12:29 PM
   elxstor
     \SystemRoot\system32\DRIVERS\elxstor.sys
     Storport Miniport Driver for LightPulse HBAs
     Emulex
     7.2.10.211
     c:\windows\system32\drivers\elxstor.sys
     2/3/2009 6:52 PM
   hcw85cir
     \SystemRoot\system32\drivers\hcw85cir.sys
     Hauppauge WinTV 885 Consumer IR Driver for eHome
     Hauppauge Computer Works, Inc.
     1.31.27127.0
     c:\windows\system32\drivers\hcw85cir.sys
     5/11/2009 4:26 AM
   HpSAMD
     \SystemRoot\system32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     6.12.6.64
     c:\windows\system32\drivers\hpsamd.sys
     4/20/2010 2:32 PM
   iaStorV
     \SystemRoot\system32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - x64
     Intel Corporation
     8.6.2.1014
     c:\windows\system32\drivers\iastorv.sys
     6/10/2010 8:46 PM
   iirsp
     \SystemRoot\system32\DRIVERS\iirsp.sys
     Intel/ICP Raid Storport Driver
     Intel Corp./ICP vortex GmbH
     5.4.22.0
     c:\windows\system32\drivers\iirsp.sys
     12/13/2005 5:47 PM
   LSI_FC
     \SystemRoot\system32\DRIVERS\lsi_fc.sys
     LSI Fusion-MPT FC Driver (StorPort)
     LSI Corporation
     1.28.3.52
     c:\windows\system32\drivers\lsi_fc.sys
     12/9/2008 6:46 PM
   LSI_SAS
     \SystemRoot\system32\DRIVERS\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.28.3.52
     c:\windows\system32\drivers\lsi_sas.sys
     5/18/2009 8:20 PM
   LSI_SAS2
     \SystemRoot\system32\DRIVERS\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.2.71
     c:\windows\system32\drivers\lsi_sas2.sys
     5/18/2009 8:31 PM
   LSI_SCSI
     \SystemRoot\system32\DRIVERS\lsi_scsi.sys
     LSI Fusion-MPT SCSI Driver (StorPort)
     LSI Corporation
     1.28.3.67
     c:\windows\system32\drivers\lsi_scsi.sys
     4/16/2009 6:13 PM
   MBAMProtector
     \??\C:\Windows\system32\drivers\mbam.sys
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     0.1.13.0
     c:\windows\system32\drivers\mbam.sys
     10/30/2013 12:11 PM
   MBAMSwissArmy
     \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     0.1.7.0
     c:\windows\system32\drivers\mbamswissarmy.sys
     3/20/2014 6:12 PM
   MBAMWebAccessControl
     \??\C:\Windows\system32\drivers\mwac.sys
     Malwarebytes Web Access Control
     Malwarebytes Corporation
     1.0.1.0
     c:\windows\system32\drivers\mwac.sys
     3/4/2014 5:47 PM
   megasas
     \SystemRoot\system32\DRIVERS\megasas.sys
     MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64
     LSI Corporation
     4.5.1.64
     c:\windows\system32\drivers\megasas.sys
     5/18/2009 9:09 PM
   MegaSR
     \SystemRoot\system32\DRIVERS\MegaSR.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     13.5.409.2009
     c:\windows\system32\drivers\megasr.sys
     5/18/2009 9:25 PM
   nfrd960
     \SystemRoot\system32\DRIVERS\nfrd960.sys
     IBM ServeRAID Controller Driver
     IBM Corporation
     7.10.0.0
     c:\windows\system32\drivers\nfrd960.sys
     6/6/2006 5:11 PM
   nvlddmkm
     system32\DRIVERS\nvlddmkm.sys
     NVIDIA Windows Kernel Mode Driver, Version 311.06
     NVIDIA Corporation
     9.18.13.1106
     c:\windows\system32\drivers\nvlddmkm.sys
     1/18/2013 9:22 AM
   nvraid
     \SystemRoot\system32\drivers\nvraid.sys
     NVIDIAr nForce RAID Driver
     NVIDIA Corporation
     10.6.0.18
     c:\windows\system32\drivers\nvraid.sys
     3/19/2010 4:59 PM
   nvstor
     \SystemRoot\system32\drivers\nvstor.sys
     NVIDIAr nForce Sata Performance Driver
     NVIDIA Corporation
     10.6.0.18
     c:\windows\system32\drivers\nvstor.sys
     3/19/2010 4:45 PM
   ql2300
     \SystemRoot\system32\DRIVERS\ql2300.sys
     QLogic Fibre Channel Stor Miniport Driver
     QLogic Corporation
     9.1.8.6
     c:\windows\system32\drivers\ql2300.sys
     1/22/2009 7:05 PM
   ql40xx
     \SystemRoot\system32\DRIVERS\ql40xx.sys
     QLogic iSCSI Storport Miniport Driver
     QLogic Corporation
     2.1.3.20
     c:\windows\system32\drivers\ql40xx.sys
     5/18/2009 9:18 PM
   RTL8023x64
     system32\DRIVERS\Rtnic64.sys
     Realtek 10/100 X64 Driver
     Realtek Semiconductor Corporation
     6.109.530.2008
     c:\windows\system32\drivers\rtnic64.sys
     5/30/2008 11:12 AM
   RTL8167
     system32\DRIVERS\Rt64win7.sys
     Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver
     Realtek Corporation
     7.2.1125.2008
     c:\windows\system32\drivers\rt64win7.sys
     2/26/2009 5:04 AM
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     9/13/2006 9:18 AM
   SiSRaid2
     \SystemRoot\system32\DRIVERS\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     9/24/2008 2:28 PM
   SiSRaid4
     \SystemRoot\system32\DRIVERS\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     10/1/2008 5:56 PM
   stexstor
     \SystemRoot\system32\DRIVERS\stexstor.sys
     Promise SuperTrak EX Series Driver for Windows
     Promise Technology
     5.0.1.1
     c:\windows\system32\drivers\stexstor.sys
     2/17/2009 7:03 PM
   viaide
     \SystemRoot\system32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     7/13/2009 7:19 PM
   vsmraid
     \SystemRoot\system32\DRIVERS\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     6.0.6000.6210
     c:\windows\system32\drivers\vsmraid.sys
     1/30/2009 9:18 PM

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   RICOH Language Monitor2
     rc4mon64.dll
     RICOH BIDI Language Monitor
     RICOH CO.,Ltd.
     4.0.5.1
     c:\windows\system32\rc4mon64.dll
     5/10/2007 9:43 PM

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
   ACSTRAY
     C:\WINACS\ACSTRAY.EXE
     10.0.0.1
     c:\winacs\acstray.exe
     6/19/1992 6:22 PM
   Adobe Reader Speed Launcher
     "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
     Adobe Acrobat SpeedLauncher
     Adobe Systems Incorporated
     9.5.1.283
     c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
     3/27/2012 8:40 AM
   Adobe ARM
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
     Adobe Reader and Acrobat Manager
     Adobe Systems Incorporated
     1.5.7.0
     c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
     1/3/2012 3:36 AM
   BrStsMon00
     C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
     Status Monitor Application
     Brother Industries, Ltd.
     1.2.25.0
     c:\program files (x86)\browny02\brother\brstmonw.exe
     10/17/2011 8:01 PM
   AVG_UI
     "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
     AVG User Interface
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgui.exe
     5/13/2014 8:17 AM
   SDTray
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
     Spybot - Search & Destroy tray access
     Safer-Networking Ltd.
     2.3.39.129
     c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
     4/25/2014 8:14 AM

HKLM\SOFTWARE\Classes\Protocols\Handler
   linkscanner
     HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
     File not found: C:\Program Files (x86)\AVG\AVG2012\avgppa.dll


HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
   Internet Explorer
     C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
     File not found: C:\Windows\system32\ie4uinit.exe


HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   AVG-Secure-Search-Update_JUNE2013_TB
     "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
     File not found: C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe


Task Scheduler
   \Adobe Flash Player Updater
     "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
     Adober Flashr Player Update Service 13.0 r0
     Adobe Systems Incorporated
     13.0.0.214
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     4/24/2014 10:24 PM
   \Microsoft\Windows\NetTrace\GatherNetworkInfo
     "%windir%\system32\gatherNetworkInfo.vbs"
     c:\windows\system32\gathernetworkinfo.vbs
     6/10/2009 4:36 PM
   \Safer-Networking\Spybot - Search and Destroy\Check for updates
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background
     Update
     Safer-Networking Ltd.
     2.3.39.94
     c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
     4/25/2014 8:14 AM
   \Safer-Networking\Spybot - Search and Destroy\Refresh immunization
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose
     Pro-active browser protection
     Safer-Networking Ltd.
     2.3.39.130
     c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe
     4/25/2014 8:13 AM
   \Safer-Networking\Spybot - Search and Destroy\Scan the system
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose
     Malware Scanner
     Safer-Networking Ltd.
     2.3.39.181
     c:\program files (x86)\spybot - search & destroy 2\sdscan.exe
     4/25/2014 8:13 AM

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Link Helper
     HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     9.5.1.283
     c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
     3/26/2012 11:38 AM

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Link Helper
     HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     9.5.1.283
     c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
     3/26/2012 11:38 AM

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgsea.dll
     5/13/2014 8:20 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     12/31/1969 8:00 PM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     12/31/1969 8:00 PM

HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgse.dll
     5/13/2014 8:13 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.114
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     4/25/2014 8:11 AM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.114
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     4/25/2014 8:11 AM

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   NvCplDesktopContext
     HKCR\CLSID\{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
     NVIDIA Display Shell Extension
     NVIDIA Corporation
     1.2.0.1
     c:\windows\system32\nvshext.dll
     1/18/2013 10:38 AM

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     9.5.1.283
     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
     3/26/2012 11:52 AM

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgsea.dll
     5/13/2014 8:20 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     12/31/1969 8:00 PM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     12/31/1969 8:00 PM

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4592
     c:\program files (x86)\avg\avg2014\avgse.dll
     5/13/2014 8:13 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.114
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     4/25/2014 8:11 AM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.3.39.114
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     4/25/2014 8:11 AM

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     7/13/2009 9:28 PM

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\SysWOW64\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\syswow64\l3codeca.acm
     7/13/2009 9:06 PM
   vidc.cvid
     iccvid.dll
     Cinepakr Codec
     Radius Inc.
     1.10.0.13
     c:\windows\syswow64\iccvid.dll
     11/20/2010 7:59 AM

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\jane_delgavio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\a9velr47.default\Cache emptied successfully
C:\Users\jane_delgavio\AppData\Local\Mozilla\Firefox\Profiles\wf3nqhm9.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=485 folders=54 3808111 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jane_delgavio\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

kevinf80 · June 23, 2014

Couple of steps still to run to make sure we`ve got rid of the nuisance....

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats" is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

Copy and paste the report in next reply.

Next,

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:regfindcryptowall*cryptowall*

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Let me see those two logs, also give an update on any remaining issues or concerns....

Kevin

cistern_eve · June 24, 2014

Dear kevinf80,

I'll keep trying, but so far the eset online scanner has not been running: after I accept the add on, the popup window seems to have trouble loading anything after that. After I I ran systemlook, and the log is pasted below.

Thank you again for your help! I'll make another reply after seeing if I can get the eset scanner to work again.

Regards,

CE

****

SystemLook 30.07.11 by jpshortstuff
Log created at 06:36 on 24/06/2014 by Administrator
Administrator - Elevation successful

========== regfind ==========

Searching for "cryptowall"
No data found.

Searching for "*cryptowall*"
No data found.

-= EOF =-

kevinf80 · June 24, 2014

Thanks for the update, if ESET fails run the following instead.....

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

The file will be randomly named
Reboot to safe mode
Run Dr Web
Tick the I agree box and select continue
Click select objects for scanning
Tick all boxes as shown
Click the wrench and select automatically apply actions to threats
Press start scan
The scan will now commence
Once the scan has finished click open report
A notepad will open
Select File > Save as..
Save it to your desktop

This log will be excessive, Attach it to your next reply…

Thanks,

Kevin

cistern_eve · June 24, 2014

Dear kevinf80,

Thank you again!

I was able to run ESET and it found threats. I have pasted the log file that it generated below.

Regards,

CE

**

C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\locale\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\locale\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\locale\en-US\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\locale\en-US\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\af\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\af\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\cs\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\cs\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\da\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\da\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\de\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\de\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\el\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\el\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\en\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\en\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\es\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\es\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\es-es\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\es-es\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\fi\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\fi\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\fr\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\fr\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\hi\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\hi\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\hu\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\hu\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\id\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\id\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\it\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\it\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ja\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ja\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ko\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ko\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ms\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ms\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\nb\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\nb\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\nl\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\nl\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\pl\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\pl\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\pt\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\pt\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\pt-br\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\pt-br\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ro\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ro\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ru\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\ru\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\sk\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\sk\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\sr\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\sr\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\sv\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\sv\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\th\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\th\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\tr\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\tr\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\zh-cn\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\zh-cn\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\zh-tw\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443\modules\locale\zh-tw\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\jane_delgavio\AppData\Local\AVG Secure Search\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\jane_delgavio\AppData\Local\AVG Secure Search\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\jane_delgavio\AppData\Local\AVG Secure Search\SiteSafety\DECRYPT_INSTRUCTION.HTML.vir   Win32/Filecoder.CR trojan
C:\AdwCleaner\Quarantine\C\Users\jane_delgavio\AppData\Local\AVG Secure Search\SiteSafety\DECRYPT_INSTRUCTION.TXT.vir   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\Local\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\Local\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\Roaming\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\Roaming\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\Desktop\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\Desktop\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\Desktop\Documents\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\Desktop\Documents\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\Downloads\DECRYPT_INSTRUCTION.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\jane_delgavio\Downloads\DECRYPT_INSTRUCTION.TXT.xBAD   Win32/Filecoder.CR trojan
C:\scan\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\scan\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Adobe\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Adobe\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Adobe\Updater6\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Adobe\Updater6\Data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\OIS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\OIS\thumbnails\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Photo Acquisition\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows Media\12.0\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\FreeCell\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\FreeCell\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Mahjong Titans\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Mahjong Titans\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Minesweeper\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Minesweeper\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Purble Place\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Purble Place\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Spider Solitaire\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Local\Microsoft Games\Spider Solitaire\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\Flash Player\AssetCache\JFDZJB77\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Adobe\Flash Player\AssetCache\JFDZJB77\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Excel\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Excel\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Excel\WEE%20ATTENDANCE%20RECORD%202012-13302459703576081017\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Excel\WEE%20ATTENDANCE%20RECORD%202012-13302459703576081017\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Templates\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Crash Reports\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Crash Reports\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Crash Reports\submitted\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Crash Reports\submitted\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\extensions\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\extensions\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\ghostery\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\ghostery\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Downloads\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Downloads\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\My Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\My Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Scanned Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Scanned Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Summer Daze\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Summer Daze\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Temp Jeanne\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Desktop\Documents\Temp Jeanne\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Music\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Music\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Music\From Internet\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Music\From Internet\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\2012-09-24\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\2012-09-24\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\2012-09-27 blue room\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\2012-09-27 blue room\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\math lessons_files\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\math lessons_files\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\Microsoft Clip Organizer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\Users\jane_delgavio\Pictures\Microsoft Clip Organizer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\content\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\content\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\de-DE\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\de-DE\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\en-US\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\en-US\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\es-ES\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\es-ES\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\fr-FR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\fr-FR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ja-JP\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ja-JP\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ru-RU\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ru-RU\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\font\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_jane_delgavio_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\font\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\content\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\content\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\de-DE\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\de-DE\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\en-US\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\en-US\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\es-ES\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\es-ES\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\fr-FR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\fr-FR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ja-JP\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ja-JP\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ru-RU\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\chrome\locale\ru-RU\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\font\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
C:\zoek_backup\C_Users_JANE_D~1_AppData_Roaming_Mozilla_Firefox_Profiles_wf3nqhm9.default_extensions_firefox@ghostery.com\resource\font\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
D:\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
D:\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
E:\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
E:\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\Downloads\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\Downloads\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\My Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\My Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\Scanned Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Documents\Scanned Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Music\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Music\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Music\From Internet\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Music\From Internet\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Pictures\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Pictures\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Pictures\Pictures\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Pictures\Pictures\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Pictures\Pictures\Microsoft Clip Organizer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Pictures\Pictures\Microsoft Clip Organizer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Aqua\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan

cistern_eve · June 24, 2014

(log continued-- it was too long to post)

G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Aqua\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Berry Red\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Berry Red\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Black\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Black\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Blue\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Blue\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Brick\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Brick\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Brown\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Brown\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Cool Blue\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Cool Blue\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Emerald Green\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Emerald Green\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Green\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Green\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Kraft\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Kraft\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Lime\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Lime\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Magenta\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Magenta\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Navy Blue\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Navy Blue\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Orange\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Orange\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Purple\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Purple\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Raspberry\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Raspberry\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Red\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Red\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Sage\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Sage\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Sand\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Sand\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Sunflower\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Sunflower\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Tangerine\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Tangerine\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Yellow\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\General\Yellow\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Bark\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Bark\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Camouflage\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Camouflage\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Fizzy Water\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Fizzy Water\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Flannel Blue\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Flannel Blue\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Flannel Red\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Flannel Red\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Fur Bear\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Fur Bear\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Fur Deer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Fur Deer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Herringbone\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Herringbone\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Hunter's Orange\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Hunter's Orange\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Mud\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Mud\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Tire Tread\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Tire Tread\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Turf\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Turf\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Wood\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Wood\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Wood Grain\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Outdoors\Wood Grain\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Blocks\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Blocks\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Dusty Rose\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Dusty Rose\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Blue\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Blue\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Green\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Green\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Purple\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Purple\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Yellow\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pastel Yellow\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Peach\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Peach\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Periwinkle\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Periwinkle\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pink\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Pink\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Slate\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Pastels\Slate\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Denim\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Denim\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Fire\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Fire\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Granite\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Granite\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Green Apple\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Green Apple\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Leaves\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Leaves\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Rainbow\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Rainbow\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\VioletBlue\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\VioletBlue\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Wood\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Specialty\Wood\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Basketball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Basketball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Court\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Court\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Dimples\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Dimples\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Football\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Football\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Pinstripes\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Pinstripes\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Referee\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Referee\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Rugby Horizontal\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Rugby Horizontal\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Rugby Vertical\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Rugby Vertical\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Tennis\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Fills\Sports\Tennis\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Help\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Help\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Help\help\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Help\help\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Help\help\images\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Help\help\images\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Clipart\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Clipart\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Clipart\Color\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Clipart\Color\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Clipart\Color\Glyphs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Clipart\Color\Glyphs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bamboo\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bamboo\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bamboo\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bamboo\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Barbed Wire\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Barbed Wire\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Barbed Wire\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Barbed Wire\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Beachcomber\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Beachcomber\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Beachcomber\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Beachcomber\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Beachcomber\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Beachcomber\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bigboy\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bigboy\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bigboy\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Bigboy\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Black Tie\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Black Tie\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Black Tie\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Black Tie\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Black Tie\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Black Tie\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Blockhead\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Blockhead\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Blockhead\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Blockhead\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Breeze\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Breeze\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Breeze\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Breeze\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Butterfly\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Butterfly\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Butterfly\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Butterfly\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Butterfly\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Butterfly\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Camp\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Camp\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Camp\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Camp\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Camp\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Camp\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Candles\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Candles\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Candles\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Candles\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Candles\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Candles\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Cats & Dogs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Cats & Dogs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Cats & Dogs\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Cats & Dogs\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Christmas Berries\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Christmas Berries\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Christmas Berries\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Christmas Berries\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Christmas Berries\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Christmas Berries\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fan Club\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fan Club\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fan Club\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fan Club\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fan Club\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fan Club\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fish Bones\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fish Bones\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fish Bones\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fish Bones\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fish Bones\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fish Bones\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fishing Pole\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fishing Pole\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fishing Pole\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fishing Pole\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Freedom\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Freedom\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Freedom\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Freedom\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fun Boxes\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fun Boxes\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fun Boxes\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fun Boxes\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fun Boxes\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Fun Boxes\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Funkie Fun\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Funkie Fun\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Funkie Fun\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Funkie Fun\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Game Night\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Game Night\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Game Night\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Game Night\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Gifts\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Gifts\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Gifts\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Gifts\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Gifts\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Gifts\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Glyphs Alpha\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Glyphs Alpha\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Glyphs Alpha\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Glyphs Alpha\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Glyphs Alpha\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Glyphs Alpha\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Happy Camper\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Happy Camper\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Happy Camper\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Happy Camper\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Hunting\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Hunting\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Hunting\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Hunting\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Hunting\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Hunting\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\June Bugs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\June Bugs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\June Bugs\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\June Bugs\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\June Bugs\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\June Bugs\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Long & Lanky\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Long & Lanky\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Long & Lanky\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Long & Lanky\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Long & Lanky\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Long & Lanky\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Off Road\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Off Road\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Off Road\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Off Road\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Off Road\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Off Road\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ouch\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ouch\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ouch\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ouch\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ouch\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ouch\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Peeking Posies\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Peeking Posies\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Peeking Posies\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Peeking Posies\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Peeking Posies\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Peeking Posies\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Picket Fence\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Picket Fence\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Picket Fence\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Picket Fence\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Pillow\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Pillow\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Pillow\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Pillow\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Pillow\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Pillow\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Play Ball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Play Ball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Play Ball\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Play Ball\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Play Ball\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Play Ball\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ransom\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ransom\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ransom\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Ransom\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Shear Madness\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Shear Madness\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Shear Madness\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Shear Madness\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Shear Madness\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Shear Madness\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sink Or Swim\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sink Or Swim\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sink Or Swim\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sink Or Swim\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sink Or Swim\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sink Or Swim\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Slime\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Slime\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Slime\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Slime\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Smooth Rock\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Smooth Rock\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Smooth Rock\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Smooth Rock\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Baseball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Baseball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Baseball\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Baseball\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Basketball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Basketball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Basketball\mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Basketball\mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Bowling\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Bowling\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Bowling\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Bowling\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Football\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Football\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Football\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Football\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Golf\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Golf\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Golf\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Golf\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Hockey\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Hockey\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Hockey\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Hockey\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Plain\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Plain\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Plain\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Plain\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Soccer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Soccer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Soccer\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Soccer\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Tennis\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Tennis\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Tennis\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Tennis\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Volleyball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Volleyball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Volleyball\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sp Volleyball\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Spirit\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Spirit\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Spirit\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Spirit\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Spirit\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Spirit\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Stalk\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Stalk\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Stalk\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Stalk\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Stalk\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Stalk\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sweet Bows\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sweet Bows\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sweet Bows\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sweet Bows\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sweet Bows\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Sweet Bows\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Tags\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Tags\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Tags\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Tags\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Take a Hike\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Take a Hike\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Take a Hike\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Take a Hike\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Take a Hike\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Take a Hike\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Timeless\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Timeless\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Timeless\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Timeless\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wrangler\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wrangler\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wrangler\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wrangler\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wreaths\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wreaths\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wreaths\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wreaths\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wreaths\Mask 2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Color\Wreaths\Mask 2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Bamboo\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Bamboo\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Bamboo Stalk\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Bamboo Stalk\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Barbed Wire\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Barbed Wire\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan

cistern_eve · June 24, 2014

(log continued 2nd time-- it was too long to post)

G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Beachcomber\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Beachcomber\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Bigboy\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Bigboy\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Black Tie\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Black Tie\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Blockhead\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Blockhead\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Breeze\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Breeze\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Butterfly\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Butterfly\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Camp\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Camp\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Candles\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Candles\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Cats & Dogs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Cats & Dogs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Christmas Berries\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Christmas Berries\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fall\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fall\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Family\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Family\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fan Club\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fan Club\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fish Bones\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fish Bones\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fishing Pole\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Fishing Pole\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Freedom\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Freedom\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Funkie Fun\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Funkie Fun\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Game Night\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Game Night\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Gifts\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Gifts\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Glyphs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Glyphs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Happy Camper\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Happy Camper\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Hunting\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Hunting\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\June Bugs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\June Bugs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Long & Lanky\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Long & Lanky\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Off Road\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Off Road\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Ouch\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Ouch\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Party\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Party\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Peeking Posies\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Peeking Posies\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Picket Fence\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Picket Fence\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Pillow\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Pillow\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Play Ball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Play Ball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Ransom\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Ransom\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Romance\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Romance\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Shear Madness\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Shear Madness\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sink or Swim\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sink or Swim\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Slime\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Slime\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Smooth Rock\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Smooth Rock\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Baseball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Baseball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Basketball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Basketball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Bowling\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Bowling\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Football\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Football\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Golf\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Golf\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Hockey\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Hockey\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Plain\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Plain\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Soccer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Soccer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Tennis\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Tennis\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Volleyball\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sp Volleyball\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Spirit\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Spirit\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Spring\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Spring\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Summer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Summer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sweet Bows\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Sweet Bows\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Tags\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Tags\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Take a Hike\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Take a Hike\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Timeless\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Timeless\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Winter\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Winter\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Wrangler\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Wrangler\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Wreaths\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Images\Samples\Wreaths\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Patterns\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Patterns\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\Winters\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\Winters\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\Winters\Winter\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\Winters\Winter\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\Winters\Winter\Mask 1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\Color\Winters\Winter\Mask 1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\graphics\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Res\graphics\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Character Spacing\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Character Spacing\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Character Spacing\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Character Spacing\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Character Spacing\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Character Spacing\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Journalettes\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Journalettes\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Journalettes\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Journalettes\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Journalettes\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Journalettes\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Mirror\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Mirror\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Mirror\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Mirror\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Mirror\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Mirror\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Moving_Sizing\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Moving_Sizing\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Moving_Sizing\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Moving_Sizing\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Moving_Sizing\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Moving_Sizing\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Print Vertical\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Print Vertical\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Print Vertical\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Print Vertical\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Print Vertical\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Print Vertical\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Text Box\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Text Box\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Text Box\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Text Box\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Text Box\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Text Box\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Mixers\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Mixers\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Mixers\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Mixers\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Mixers\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Mixers\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Twisters\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Twisters\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Twisters\TourImages\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Twisters\TourImages\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Twisters\TourText\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\CKBrowser\Tutorials\Using Twisters\TourText\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\scan\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\scan\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\WINACS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\WINACS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\WINACS\ACSFORM\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\WINACS\ACSFORM\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\WINACS\Multimedia\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Local Disc\Local Disk\WINACS\Multimedia\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\vb\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\vb\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WP51\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WP51\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\FILES\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\FILES\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\DOCS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\DOCS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\D5W31\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\D5W31\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\DJ100\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\DJ100\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\FONTS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\DRIVERS\FONTS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WORD2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WORD2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WORKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WORKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WORKS\WPS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WORKS\WPS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\SAMPLES\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\SAMPLES\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\MSWORKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\MSWORKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\WKSTMPL\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\WKSTMPL\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\MSWORKS.CBT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\MSWORKS.CBT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\CLIPART\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\ZIPBACK\MSWORKS\CLIPART\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Newsletters\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Newsletters\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\janehp\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\janehp\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\janehp\mydocuments\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\janehp\mydocuments\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WINWORD\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\WINWORD\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Field Trips\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Field Trips\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\a_data_002\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\a_data_002\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\a_data_004\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\a_data_004\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\a_data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Hurricane Backup 2011\Wee Dietrich\wee (Dietrich)\Gmail - the letter - jane.wbc.eec@gmail.com_files\a_data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\KOR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\KOR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\JPN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\JPN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\ITA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\ITA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\FRA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\FRA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\ESN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\ESN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\ENG\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\ENG\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\DEU\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\DEU\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\CHT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\CHT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\CHS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\EULA\CHS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\KOR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\KOR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\JPN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\JPN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\ITA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\ITA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\FRA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\FRA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\ESN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\ESN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\ENG\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\ENG\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\DEU\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\DEU\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\CHT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\CHT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\CHS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD_Windows_Tools\Documentation\CHS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\TUR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\TUR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\SWE\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\SWE\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\SLO\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\SLO\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\RUS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\RUS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\POR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\POR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\POL\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\POL\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\NOR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\NOR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\NLD\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\NLD\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\KOR\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\KOR\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\JPN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\JPN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\ITA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\ITA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\GRE\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\GRE\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\FRA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\FRA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\FIN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\FIN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\ESN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\ESN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\ENG\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\ENG\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\DEU\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\DEU\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\DAN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\DAN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\CZE\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\CZE\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\CHT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\CHT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\CHS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\CHS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Documentation\ARA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Documentation\ARA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD Sync Data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD Sync Data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD Sync Data\My Stuff\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD Sync Data\My Stuff\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD Sync Data\My Stuff\Data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD Sync Data\My Stuff\Data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD Sync Data\WeeBackup\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD Sync Data\WeeBackup\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\WD Sync Data\WeeBackup\Data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\WD Sync Data\WeeBackup\Data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Templates\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Templates\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\My Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\My Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\My Documents\My Pictures\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\My Documents\My Pictures\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\My Documents\My Music\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\My Documents\My Music\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Application Data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Application Data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Application Data\Microsoft\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Application Data\Microsoft\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Application Data\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De1.old\Application Data\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De4\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De4\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De4\All Users\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De4\All Users\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De4\All Users\DRM\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De4\All Users\DRM\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\WeatherBug\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\WeatherBug\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\Firefox\Profiles\fmb14rdz.default\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Mozilla\Firefox\Profiles\fmb14rdz.default\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Microsoft\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Microsoft\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Recycled\De6.WOODOMAIN2\Application Data\Microsoft\Outlook\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Pictures\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Pictures\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Pictures\Microsoft Clip Organizer\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Pictures\Microsoft Clip Organizer\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Music\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Music\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Music\From Internet\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Music\From Internet\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Documents\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\My Documents\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\Downloads\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Janes docs\My Documents\Downloads\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\FONTS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\FONTS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\DJ100\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\DJ100\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\D5W31\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\D5W31\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\DOCS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\DRIVERS\DOCS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\Field Trips\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\Field Trips\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\FILES\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\FILES\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\janehp\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\janehp\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\janehp\mydocuments\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\janehp\mydocuments\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\Newsletters\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\Newsletters\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\vb\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\vb\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\WINWORD\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\WINWORD\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\WORD2\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\WORD2\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\WORKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\WORKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\WORKS\WPS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\WORKS\WPS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\WP51\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\WP51\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\CLIPART\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\CLIPART\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\MSWORKS.CBT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\MSWORKS.CBT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\WKSTMPL\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\WKSTMPL\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\MSWORKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\MSWORKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\SAMPLES\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\Dietrich docs\ZIPBACK\MSWORKS\SAMPLES\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\DOCS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\DOCS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\RHONDAG\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\RHONDAG\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\SAUSTIN\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\SAUSTIN\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\SAV_TBL\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSDATA\SAV_TBL\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSFDAT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSFDAT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSFDAT\CHECKS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNET\ACSFDAT\CHECKS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\DOCS\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\DOCS\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\tim\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\tim\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\greg\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\greg\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\jane\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\jane\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\SAV_TBL\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\SAV_TBL\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\bobby\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\bobby\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\rhondag\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\rhondag\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\srice\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\srice\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\steve\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\steve\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\lcbolin\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\lcbolin\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\saustin\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\saustin\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\marylynn\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\marylynn\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\phyllis\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSDATA\phyllis\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSFDAT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSFDAT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSFDAT\Checks\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSFDAT\Checks\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSFDAT\DATA1\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSFDAT\DATA1\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSPICT\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\ACSPICT\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\BACKUP\DECRYPT_INSTRUCTION.TXT   Win32/Filecoder.CR trojan
G:\steven_acs_backup912010\ACSNETold\BACKUP\DECRYPT_INSTRUCTION.HTML   Win32/Filecoder.CR trojan

(end of log)

kevinf80 · June 24, 2014

Wow that is a log and some, the only way to deal with all of those entries is to run ESET again. This time Make sure that the option "Remove found threats" is ticked....

Let me know the status of the system when ESET completes, issues, concerns etc etc.....

cistern_eve · June 24, 2014

Dear kevinf80,

I ran ESET again and removed the threats that were detected. I cannot find any obvious symptoms of a problem. Do you suggest further steps?

Thank you so much!

Regards,

CE

kevinf80 · June 24, 2014

Yes please, run the two following scans:

Open Malwarebytes 2.0, run a Threat Scan

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those two logs, let me know if there are any remaining issues or concerns, if none tell me that....

Thank you,

Kevin

cistern_eve · June 25, 2014

Dear Kevin,

Thank you very much!

I have attached the malwarebytes log, and I pasted the screen317 log below.

I don't find any evidence of the virus, but I haven't for a bit, while the scans were still catching things.

Thank you for all of your help with this.

Regards,

CE

****

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

mbam3.txt

cistern_eve · June 25, 2014

Dear Kevin,

Is there any reason that these scans would have affected the system restore points? I was waiting to recover the files until after the virus was removed-- I had recovered some of them, but now when I try to restore previous versions, it does not find find any previous versions.

Thank you for your help!

Regards,

CE

cistern_eve · June 25, 2014

Dear Kevin,

Is there any reason that the scans would have removed system restore points?

I was planning on recovering the files via "previous versions" (the backup flash drive happened to be attached the computer when this software struck and those are encrypted, also), which was working earlier in this process, but I thought that I would wait to do the recovery so that logs would show the activity of the virus, and if it struck again, I wouldn't need to do it twice. However, now it cannot find system restore points when I look at properties --> previous versions on files.

Thank you for all of your help with this.

Regards,

CE

kevinf80 · June 25, 2014

If you recall the logs created by FRST did show that System Restore had been effected, more than likely the infection will be responsible for that..

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

That was an issue I did intend to go into when the system is deemed clean.... do the following for now:

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Let me see those logs, also give an update on any remaining issues or concerns...

Kevin

cistern_eve · June 25, 2014

Dear Kevin,

I updated the adobe reader and the update of flash failed. Whenever I try to run it, it hangs. Should I uninstall Flash and reinstall it?

I have pasted the log from FSS below.

Thank you for your help!

Regards,

CE

****

Farbar Service Scanner Version: 10-06-2014
Ran by jane_delgavio (ATTENTION: The logged in user is not administrator) on 25-06-2014 at 14:24:04
Running from "C:\Users\jane_delgavio\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

kevinf80 · June 25, 2014

Can you log in as an Administrator, FSS log shows you do not have that status. When you are logged in with Administrator status do the following:

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

Next,

Rerun FSS and post a fresh log....

Cryptowall, dns problem

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information