start CreateRestorePoint: CloseProcesses: C:\System Volume Information\HELP_DECRYPT.HTML C:\System Volume Information\HELP_DECRYPT.TXT C:\System Volume Information\EfaData\HELP_DECRYPT.HTML C:\System Volume Information\EfaData\HELP_DECRYPT.TXT C:\Users\Dorothy01\AppData\Local\AMD\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\AMD\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\AMD\Fuel\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\AMD\Fuel\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Apple Computer\iTunes\iAd\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Apple Computer\iTunes\iAd\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Macromedia\Flash Player\FlashPlayerUpdateService.exe Win32/Agent.WSE trojan C:\Users\Dorothy01\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Microsoft\CLR_v4.0\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Microsoft\CLR_v4.0\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Microsoft\CLR_v4.0_32\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Microsoft\CLR_v4.0_32\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\LDE4QFIB\6F2HFX6I.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\LDE4QFIB\F80C8YK2.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\LDE4QFIB\ILESJKL3.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\LDE4QFIB\K0KQ6VJD.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\PI91BGI7\N6C9B6FT.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\PI91BGI7\PICRTI7N.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\PI91BGI7\TE1HBMFT.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\SISCQQIZ\G8HIT1UX.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\SISCQQIZ\MGN8REVU.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\SISCQQIZ\R1QO5JP1.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows\INetCache\IE\SISCQQIZ\YISNRMU8.htm C:\Users\Dorothy01\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Local\Temp\D163.tmp C:\Users\Dorothy01\AppData\Local\Temp\~009CE97E.tmp C:\Users\Dorothy01\AppData\Local\Temp\41c\AppData\Local\Microsoft\Windows\INetCache\IE\1C1SW3MG\82123fbcab77830f3af0dcbe5208a3d5[1].htm C:\Users\Dorothy01\AppData\Local\Temp\c4\AppData\Local\Microsoft\Windows\INetCache\IE\C7ZS5GJ0\a780b2c52f7951abae3fde16fd81989d[1].htm C:\Users\Dorothy01\AppData\Local\tmp11238\dag1631.exe C:\Users\Dorothy01\AppData\Local\tmp11238\dag1631tmp.exe C:\Users\Dorothy01\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\SystemCache\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\SystemCache\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Adobe\Flash Player\AssetCache\BAZ5TK72\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Adobe\Flash Player\AssetCache\BAZ5TK72\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Connected Remote\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Connected Remote\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Connected Remote\data\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Connected Remote\data\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Setup\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Setup\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\Music\iTunes\iTunes Media\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\Music\iTunes\iTunes Media\Music\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\Music\iTunes\iTunes Media\Music\Unknown Artist\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\Music\iTunes\iTunes Media\Music\Unknown Artist\DECRYPT_INSTRUCTION.TXT C:\Users\Dorothy01\Music\iTunes\iTunes Media\Music\Unknown Artist\Unknown Album\DECRYPT_INSTRUCTION.HTML C:\Users\Dorothy01\Music\iTunes\iTunes Media\Music\Unknown Artist\Unknown Album\DECRYPT_INSTRUCTION.TXT C:\Users\Public\DECRYPT_INSTRUCTION.HTML C:\Users\Public\DECRYPT_INSTRUCTION.TXT C:\Users\Public\CyberLink\DECRYPT_INSTRUCTION.HTML C:\Users\Public\CyberLink\DECRYPT_INSTRUCTION.TXT C:\Windows\Installer\dfb9a6.msi C:\Windows.old\DECRYPT_INSTRUCTION.HTML C:\Windows.old\DECRYPT_INSTRUCTION.TXT C:\Windows.old\Users\All Users\RogueKiller\Quarantine\0094F143FFE16510.reg C:\Windows.old\Users\All Users\RogueKiller\Quarantine\24E53487FEB8DA78.reg C:\Windows.old\Users\All Users\RogueKiller\Quarantine\7C9DEC56C370BF3C.reg C:\Windows.old\Users\All Users\RogueKiller\Quarantine\81438BB61F59B727.reg C:\Windows.old\Users\All Users\RogueKiller\Quarantine\BE8834083A072530.reg C:\Windows.old\Users\All Users\RogueKiller\Quarantine\D30EEB58F2B5284C.reg Reboot: end