Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

programs running multiple times in processes [Solved]

Started by Mozeta , Mar 05 2015 11:32 PM

iexplore.exe svchost.exe

This topic is locked

#16
Mozeta

Posted 08 March 2015 - 07:20 AM

Member

Topic Starter
Member
33 posts

C:\$Recycle.Bin\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\CLEAN\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\CLEAN\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\REPORTS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\REPORTS\GIRDNAIL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\REPORTS\LATBRAC\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Database\REPORTS\SHOP1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\data\Reports\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\44638 hinge pate\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\44649 hing plate notes\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\Print no analysis\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\Print no analysis\ST-Test\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\Print no analysis\ST-Test\Noanal\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\Print no analysis\ST-Test\platezip\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\REGRESSION TESTS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\REGRESSION TESTS\SQA Run\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\REGRESSION TESTS\SQA Run\7811 Snap Truss IV\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\REGRESSION TESTS\SQA Run\7813 Snap Truss VI\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\Sample\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\top chord reaction limit\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\top chord reaction limit\Q1108309\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\jobs\top chord reaction limit\Q1108309\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\BMP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\BMP\hangers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\BMP\hangers\SIM\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\DOUBLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\canlsd\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\canlsd\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\canlsd\data\database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\help\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\help\OptiFrame\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\help\OptiFrame\graphics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\help\OptiFrame\OFV2_RELEASE_NOTES\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\help\OptiFrame\OFV2_RELEASE_NOTES\IMG\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\DOCS\help\OptiFrame\OFV2_RELEASE_NOTES\thmbnail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\EXTRAS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\eFrame\EXTRAS\SoloBug\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\FRAMIN32\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\MiTek\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\MiTek\Disk1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\MiTek\Disk1\_Graphics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\SINGLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\Disk1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\Disk1\DirectX9_200903\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\Disk1\OFSHelp\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\Disk1\Optiframe\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\Disk1\Optiframe\Shared\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R42TZVD\Programs\Structure\Disk1\Settings\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\CLEAN\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\CLEAN\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\REPORTS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\REPORTS\GIRDNAIL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\REPORTS\LATBRAC\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Database\REPORTS\SHOP1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\data\Reports\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\jobs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\jobs\44649 hing plate notes\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\DOUBLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\canlsd\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\canlsd\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\canlsd\data\database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\help\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\help\OptiFrame\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\help\OptiFrame\graphics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\help\OptiFrame\OFV2_RELEASE_NOTES\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\help\OptiFrame\OFV2_RELEASE_NOTES\IMG\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\DOCS\help\OptiFrame\OFV2_RELEASE_NOTES\thmbnail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\EXTRAS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\eFrame\EXTRAS\SoloBug\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Management\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\MiTek\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\MiTek\Disk1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\MiTek\Disk1\_Graphics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\SINGLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\Disk1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\Disk1\DirectX9_200903\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\Disk1\OFSHelp\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\Disk1\Optiframe\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\Disk1\Optiframe\Shared\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R4F24HL\Programs\Structure\Disk1\Settings\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\data\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\data\Database\CLEAN\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\data\Database\CLEAN\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\programs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\programs\DOUBLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\programs\Help\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R626Q8C\programs\SINGLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\DATABASE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\DATABASE\Clean\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\DATABASE\reports\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\DATABASE\reports\GIRDNAIL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\DATABASE\reports\LATBRAC\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\data\DATABASE\reports\SHOP1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\732\programs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\CLEAN\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\CLEAN\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\REPORTS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\REPORTS\GIRDNAIL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\REPORTS\LATBRAC\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Database\REPORTS\SHOP1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\data\Reports\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\jobs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\jobs\13627 analyze no plate\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\programs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\programs\DOUBLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R63ZH2E\programs\SINGLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$R811BNL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\CLEAN\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\CLEAN\Database\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\REPORTS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\REPORTS\GIRDNAIL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\REPORTS\LATBRAC\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Database\REPORTS\SHOP1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\data\Reports\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\13627 analyze no plate\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\39494 ETP output\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\41366 limited access load\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\41460 shs plates\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\41460 shs plates\M18SHS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\43423 SR line\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\43645 Missing hangers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\43645 Missing hangers\B44157\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44323 substitutions\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44323 substitutions\zip\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44323 substitutions\zip\K14220.1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44323 substitutions\zip\K14220.1\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44323 substitutions\zip\K14220.1\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44638 hinge pate\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\44649 hing plate notes\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\global changes\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\Print no analysis\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\Print no analysis\ST-Test\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\Print no analysis\ST-Test\Noanal\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\Print no analysis\ST-Test\platezip\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\Sample\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\Basics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\Joint Blowups\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\Joint Blowups\Joint-b\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\PCL Files\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\PCL Files\PCL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\PCL Files\Test Space PCL\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\PCL Files III\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\PCL Files III\Cal Hip\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\saving with green check\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\Snap Truss\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\Snap Truss\Snap Truss\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\snap Truss IV\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\snap Truss IV\opensnaptruss\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\T-Brace\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\T-Brace\tbrace\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_Regression\truss members\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\analog\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\Batch plate change\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\Batch plate change\110325451\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\Batch plate change\110325451\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\bearing note\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\hangers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\L over D\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\L over D\K14220.1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\L over D\K14220.1\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\L over D\K14220.1\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\plating\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\plating\analyze\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\plating\analyze\Q1105005\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\plating\analyze\Q1105005\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\Solid blocking\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\Solid blocking\55732\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\Solid blocking\55732\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\jobs\_RESEARCH\TC bearing reaction\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\BMP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\BMP\hangers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\BMP\hangers\SIM\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\DOUBLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\FRAMIN32\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RIIF4G6\programs\SINGLE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036 - Copy\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036 - Copy\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036 - Copy\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0036 - Copy\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\00TF_Box_Gable\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\00TF_Box_Gable\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\00TF_Box_Gable\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0208070A\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0208070A\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0208070A\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0208070A - Copy\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0208070A - Copy\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\0208070A - Copy\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\06H05424\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\06H05424\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\06H05424\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\06H05424\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080012r\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080012r\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080012r\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080012r\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080130R\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080130R\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080130R\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\080130R\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\093707DE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\093707DE\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\093707DE\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\093707DE\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\11769\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\11769\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\11769\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\11769\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\14174\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\14174\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\14174\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\14174\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15634\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15634\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15634\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15634\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15941359\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15941359\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15941359\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\15941359\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\277681\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\277681\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\277681\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\277681\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\31343\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\31343\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\31343\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy (2)\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy (2)\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy (2)\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy (2)\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy - Copy\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy - Copy\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy - Copy\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50579 - Copy - Copy\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750\50750\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750\50750\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750\50750\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750 - Copy\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750 - Copy\50750\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750 - Copy\50750\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750 - Copy\50750\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50750 - Copy\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50881\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50881\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50881\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\50881\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7A04369\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7A04369\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7A04369\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7A04369\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7y05119\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7y05119\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7y05119\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\7y05119\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\807035\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\807035\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\807035\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\807035\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\8bg01427\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\8bg01427\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\8bg01427\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\8bg01427\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7010689\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7010689\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7010689\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7010689\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7030078\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7030078\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7030078\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7030078\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7061309\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7061309\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7061309\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\F7061309\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\FLOOR\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\FLOOR\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\FLOOR\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\FLOOR\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H8104491\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H8104491\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H8110359_Mign_244\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H8110359_Mign_244\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H8110359_Mign_244\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H8110359_Mign_244\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H9024052\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H9024052\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H9024052\ETP\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RJ4POXQ\H9024052\TRE\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RWK3327\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\$RWK3327\data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\dell\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\dell\drivers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\dell\drivers\R165804\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\dell\drivers\R165804\Eula\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\drivers\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\drivers\Win_XP2K\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\drivers\Win_XP2K\common\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\drivers\Win_XP2K\common\english\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\install\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\install\config\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\install\config\image\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\install\ENGLISH\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\install\licenses\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\pubs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\tools\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\tools\diagnostics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\drivers\printer\3300\tools\diagnostics\ENGLISH\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files\Ask.com\precache.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files\Ask.com\SaUpdate.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files\Ask.com\UpdateTask.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\ProgramData\df2020f20h.exe.xBAD   Win32/Spy.Shiz.NCP trojan
C:\FRST\Quarantine\C\ProgramData\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\PitiLxul\GodnUtewu.key   a variant of Win32/Kryptik.CYRP trojan
C:\FRST\Quarantine\C\ProgramData\PitiLxul\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\ProgramData\SaavvERAddonn\fGFwDbqskvAyAp.dll.xBAD   a variant of Win32/Adware.MultiPlug.EG application
C:\FRST\Quarantine\C\Users\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mitek\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mitek\AppData\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\mitek\AppData\Local\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\sthomas\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\sthomas\AppData\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\sthomas\AppData\Local\dsisetup2832998432.exe.xBAD   Win32/Adware.DsiLoad.A application
C:\FRST\Quarantine\C\Users\sthomas\AppData\Local\dsisetup7664272182.exe.xBAD   Win32/Adware.DsiLoad.A application
C:\FRST\Quarantine\C\Users\sthomas\AppData\Local\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Users\sthomas\AppData\Roaming\HELP_DECRYPT.HTML.xBAD   Win32/Filecoder.CR trojan
C:\FRST\Quarantine\C\Windows\FrameworkUpdate\Update.exe   Win32/Fleercivet.AA trojan
C:\installs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\installs\Engineering\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\installs\Engineering\_Graphics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Cisco\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Email Backup Optimization\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Email Backup Optimization\Data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Email Backup Optimization\Data\Mail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Email Backup Optimization\Data\Mail\archive_D796E8A8AB0DDCAF\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\GUI\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\images\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\images\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\Common Framework\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\Common Framework\Current\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\Common Framework\Current\TELECONT1000\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\Engine\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\Engine\0000\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\Windows NT\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\Windows NT\MSScan\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\ProgramData\PitiLxul\GodnUtewu.key   a variant of Win32/Kryptik.CYRP trojan
C:\SThomas\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Adobe\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Adobe\Updater5\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Adobe\Updater5\Data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Adobe\Updater6\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Adobe\Updater6\Data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Communicator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Outlook\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Local Folders\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Photo Gallery\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\LocalLow\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\LocalLow\WebEx\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Adobe\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Adobe\Flash Player\AssetCache\UXNK9PQW\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\Outlook\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\Signatures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\AppData\Roaming\Microsoft\Windows Photo Gallery\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\adopt a platoon\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\amortization schedules\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Homes\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Outlook\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\pay\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\running logs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Scott's Excel files\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Scott's word documents\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Scott's word documents\George W Bush\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\scotts files\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Songs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Documents\Songs\lyrics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\draft trends\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2008\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2008\DraftDominator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2008\ProjectionsDominator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2009\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2010\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2010\FBG\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2010\FBG\DD\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2010\FBG\DD\VBD Revisited_files\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2010\FBG\LineupDominator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2011\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2011\DraftDominator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2011\DraftDominator\DraftDominator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\2011\Phil\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\MiTek FF 2010\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Fantasy Football\FBG\titles\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Favorites\Guffins.exe   Win32/AdInstaller potentially unwanted application
C:\SThomas\Favorites\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\License Backup\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Chronicles 2\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Greatest Hits\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Moving Pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Rush in Rio Disc 3\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Rush-All The World's A Stage\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Rush-Moving Pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Signals\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Snakes & Arrows\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\Rush\Test_For_Echo\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\ZZ Top\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Music\ZZ Top\Rhythmeen\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\funnies\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\good baby pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\house\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\inspirational pics\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\kids\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\kids\Rebecca\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\kids\Rebecca Scott Thomas\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\kids\Rebecca Scott Thomas\cutting grass\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\Pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\Pictures\cicadas\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Pictures\SASAS\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\SThomas\Videos\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Cisco\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Cisco\Cisco AnyConnect VPN Client\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Email Backup Optimization\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Email Backup Optimization\Data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Email Backup Optimization\Data\Mail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Email Backup Optimization\Data\Mail\archive_D796E8A8AB0DDCAF\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Bin\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\GUI\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\images\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\images\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\Common Framework\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\Common Framework\Current\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\Common Framework\Current\TELECONT1000\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\Engine\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\Engine\0000\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\Windows NT\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\Windows NT\MSScan\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\All Users\PitiLxul\GodnUtewu.key   a variant of Win32/Kryptik.CYRP trojan
C:\Users\mitek\AppData\Local\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\mitek\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Communicator\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Communicator\[email protected]\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Mozilla\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\xrce37me.default\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\xrce37me.default\OfflineCache\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Roblox\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Roblox\logs\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Roblox\logs\archive\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Local\Temp\1EAD.tmp   Win32/Fleercivet.AA trojan
C:\Users\sthomas\AppData\Local\Temp\C344.tmp   Win32/Fleercivet.AA trojan
C:\Users\sthomas\AppData\Local\Temp\vxqgyf.dat   a variant of Win32/Kryptik.CYHW trojan
C:\Users\sthomas\AppData\Local\Temp\wwzmtg.dat   a variant of Win32/Kryptik.CYRP trojan
C:\Users\sthomas\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\sthomas\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe   Win32/Bundled.Toolbar.Ask.H potentially unsafe application
C:\Users\sthomas\AppData\LocalLow\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Adobe\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\AssetCache\7TFDVHB9\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\McAfee\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\McTray\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\McTray\PluginHistory\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft\Outlook\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic0\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic1\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic10\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic11\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic12\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic13\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic14\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic15\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic16\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic17\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic18\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic19\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic2\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic20\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic21\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic22\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic23\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic3\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic4\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic5\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic6\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic7\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic8\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic9\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\default\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\chrome\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\chrome\idb\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\moz-safe-about+home\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\moz-safe-about+home\idb\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Documents\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Documents\Optimizer Pro\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Favorites\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Favorites\Links\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Favorites\Nicole\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Music\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Music\Taylor Swift\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Music\Taylor Swift\Taylor Swift\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Users\sthomas\Desktop\Pictures\HELP_DECRYPT.HTML   Win32/Filecoder.CR trojan
C:\Windows\Installer\283d6f1f.msi   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Temp\2BD9.tmp   Win32/Spy.Shiz.NCP trojan
Operating memory   a variant of Win32/PSW.Papras.DR trojan

#17
dbreeze

Posted 08 March 2015 - 12:05 PM

Trusted Helper

Malware Removal
2,216 posts

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by right clicking on the FRST.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Attached Files

Fixlist.txt 21.3KB 501 downloads

#18
Mozeta

Posted 08 March 2015 - 11:23 PM

Member

Topic Starter
Member
33 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 03
Ran by SThomas at 2015-03-08 20:37:50 Run:2
Running from C:\Users\sthomas\Desktop\Desktop
Loaded Profiles: SThomas (Available profiles: SThomas & mitek)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\$Recycle.Bin\HELP_DECRYPT.HTML
C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\HELP_DECRYPT.HTML
C:\dell\HELP_DECRYPT.HTML
C:\dell\drivers\HELP_DECRYPT.HTML
C:\dell\drivers\R165804\HELP_DECRYPT.HTML
C:\dell\drivers\R165804\Eula\HELP_DECRYPT.HTML
C:\drivers\HELP_DECRYPT.HTML
C:\drivers\printer\HELP_DECRYPT.HTML
C:\drivers\printer\3300\HELP_DECRYPT.HTML
C:\drivers\printer\3300\drivers\HELP_DECRYPT.HTML
C:\drivers\printer\3300\drivers\Win_XP2K\HELP_DECRYPT.HTML
C:\drivers\printer\3300\drivers\Win_XP2K\common\HELP_DECRYPT.HTML
C:\drivers\printer\3300\drivers\Win_XP2K\common\english\HELP_DECRYPT.HTML
C:\drivers\printer\3300\install\HELP_DECRYPT.HTML
C:\drivers\printer\3300\install\config\HELP_DECRYPT.HTML
C:\drivers\printer\3300\install\config\image\HELP_DECRYPT.HTML
C:\drivers\printer\3300\install\ENGLISH\HELP_DECRYPT.HTML
C:\drivers\printer\3300\install\licenses\HELP_DECRYPT.HTML
C:\drivers\printer\3300\pubs\HELP_DECRYPT.HTML
C:\drivers\printer\3300\tools\HELP_DECRYPT.HTML
C:\drivers\printer\3300\tools\diagnostics\HELP_DECRYPT.HTML
C:\drivers\printer\3300\tools\diagnostics\ENGLISH\HELP_DECRYPT.HTML
C:\installs\HELP_DECRYPT.HTML
C:\installs\Engineering\HELP_DECRYPT.HTML
C:\installs\Engineering\_Graphics\HELP_DECRYPT.HTML
C:\ProgramData\Cisco\HELP_DECRYPT.HTML
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\HELP_DECRYPT.HTML
C:\ProgramData\Email Backup Optimization\HELP_DECRYPT.HTML
C:\ProgramData\Email Backup Optimization\Data\HELP_DECRYPT.HTML
C:\ProgramData\Email Backup Optimization\Data\Mail\HELP_DECRYPT.HTML
C:\ProgramData\Email Backup Optimization\Data\Mail\archive_D796E8A8AB0DDCAF\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\GUI\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\images\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\HELP_DECRYPT.HTML
C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\images\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\Common Framework\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\Common Framework\Current\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\Common Framework\Current\TELECONT1000\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\Engine\HELP_DECRYPT.HTML
C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\Engine\0000\HELP_DECRYPT.HTML
C:\ProgramData\Microsoft\HELP_DECRYPT.HTML
C:\ProgramData\Microsoft\Windows NT\HELP_DECRYPT.HTML
C:\ProgramData\Microsoft\Windows NT\MSScan\HELP_DECRYPT.HTML
C:\SThomas\HELP_DECRYPT.HTML
C:\SThomas\AppData\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Adobe\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Adobe\Updater5\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Adobe\Updater5\Data\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Adobe\Updater6\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Adobe\Updater6\Data\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Communicator\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Outlook\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Local Folders\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Photo Gallery\HELP_DECRYPT.HTML
C:\SThomas\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\HELP_DECRYPT.HTML
C:\SThomas\AppData\LocalLow\HELP_DECRYPT.HTML
C:\SThomas\AppData\LocalLow\WebEx\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Adobe\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Adobe\Flash Player\AssetCache\UXNK9PQW\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\Outlook\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\Signatures\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML
C:\SThomas\AppData\Roaming\Microsoft\Windows Photo Gallery\HELP_DECRYPT.HTML
C:\SThomas\Documents\HELP_DECRYPT.HTML
C:\SThomas\Documents\adopt a platoon\HELP_DECRYPT.HTML
C:\SThomas\Documents\amortization schedules\HELP_DECRYPT.HTML
C:\SThomas\Documents\Homes\HELP_DECRYPT.HTML
C:\SThomas\Documents\Outlook\HELP_DECRYPT.HTML
C:\SThomas\Documents\pay\HELP_DECRYPT.HTML
C:\SThomas\Documents\running logs\HELP_DECRYPT.HTML
C:\SThomas\Documents\Scott's Excel files\HELP_DECRYPT.HTML
C:\SThomas\Documents\Scott's word documents\HELP_DECRYPT.HTML
C:\SThomas\Documents\Scott's word documents\George W Bush\HELP_DECRYPT.HTML
C:\SThomas\Documents\scotts files\HELP_DECRYPT.HTML
C:\SThomas\Documents\Songs\HELP_DECRYPT.HTML
C:\SThomas\Documents\Songs\lyrics\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\draft trends\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2008\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2008\DraftDominator\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2008\ProjectionsDominator\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2009\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2010\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2010\FBG\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2010\FBG\DD\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2010\FBG\DD\VBD Revisited_files\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2010\FBG\LineupDominator\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2011\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2011\DraftDominator\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2011\DraftDominator\DraftDominator\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\2011\Phil\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\MiTek FF 2010\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\pictures\HELP_DECRYPT.HTML
C:\SThomas\Fantasy Football\FBG\titles\HELP_DECRYPT.HTML
C:\SThomas\Favorites\Guffins.exe
C:\SThomas\Favorites\HELP_DECRYPT.HTML
C:\SThomas\Music\HELP_DECRYPT.HTML
C:\SThomas\Music\License Backup\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Chronicles 2\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Greatest Hits\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Moving Pictures\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Rush in Rio Disc 3\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Rush-All The World's A Stage\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Rush-Moving Pictures\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Signals\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Snakes & Arrows\HELP_DECRYPT.HTML
C:\SThomas\Music\Rush\Test_For_Echo\HELP_DECRYPT.HTML
C:\SThomas\Music\ZZ Top\HELP_DECRYPT.HTML
C:\SThomas\Music\ZZ Top\Rhythmeen\HELP_DECRYPT.HTML
C:\SThomas\Pictures\HELP_DECRYPT.HTML
C:\SThomas\Pictures\funnies\HELP_DECRYPT.HTML
C:\SThomas\Pictures\good baby pictures\HELP_DECRYPT.HTML
C:\SThomas\Pictures\house\HELP_DECRYPT.HTML
C:\SThomas\Pictures\inspirational pics\HELP_DECRYPT.HTML
C:\SThomas\Pictures\kids\HELP_DECRYPT.HTML
C:\SThomas\Pictures\kids\Rebecca\HELP_DECRYPT.HTML
C:\SThomas\Pictures\kids\Rebecca Scott Thomas\HELP_DECRYPT.HTML
C:\SThomas\Pictures\kids\Rebecca Scott Thomas\cutting grass\HELP_DECRYPT.HTML
C:\SThomas\Pictures\Pictures\HELP_DECRYPT.HTML
C:\SThomas\Pictures\Pictures\cicadas\HELP_DECRYPT.HTML
C:\SThomas\Pictures\SASAS\HELP_DECRYPT.HTML
C:\SThomas\Videos\HELP_DECRYPT.HTML
C:\Users\All Users\Cisco\HELP_DECRYPT.HTML
C:\Users\All Users\Cisco\Cisco AnyConnect VPN Client\HELP_DECRYPT.HTML
C:\Users\All Users\Email Backup Optimization\HELP_DECRYPT.HTML
C:\Users\All Users\Email Backup Optimization\Data\HELP_DECRYPT.HTML
C:\Users\All Users\Email Backup Optimization\Data\Mail\HELP_DECRYPT.HTML
C:\Users\All Users\Email Backup Optimization\Data\Mail\archive_D796E8A8AB0DDCAF\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Bin\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\GUI\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\images\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\HELP_DECRYPT.HTML
C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\images\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\Common Framework\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\Common Framework\Current\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\Common Framework\Current\TELECONT1000\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\Engine\HELP_DECRYPT.HTML
C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\Engine\0000\HELP_DECRYPT.HTML
C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML
C:\Users\All Users\Microsoft\Windows NT\HELP_DECRYPT.HTML
C:\Users\All Users\Microsoft\Windows NT\MSScan\HELP_DECRYPT.HTML
C:\Users\All Users\PitiLxul\GodnUtewu.key a variant of Win32/Kryptik.CYRP trojan
C:\Users\mitek\AppData\Local\Microsoft\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML
C:\Users\mitek\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Communicator\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Communicator\[email protected]\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Mozilla\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\xrce37me.default\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\xrce37me.default\OfflineCache\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Roblox\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Roblox\logs\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Roblox\logs\archive\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Local\Temp\1EAD.tmp
C:\Users\sthomas\AppData\Local\Temp\C344.tmp
C:\Users\sthomas\AppData\Local\Temp\vxqgyf.dat
C:\Users\sthomas\AppData\Local\Temp\wwzmtg.dat
C:\Users\sthomas\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
C:\Users\sthomas\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
C:\Users\sthomas\AppData\LocalLow\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Adobe\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\AssetCache\7TFDVHB9\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\McAfee\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\McTray\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\McTray\PluginHistory\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft\Outlook\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic0\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic1\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic10\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic11\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic12\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic13\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic14\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic15\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic16\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic17\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic18\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic19\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic2\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic20\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic21\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic22\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic23\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic3\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic4\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic5\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic6\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic7\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic8\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic9\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\default\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\chrome\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\chrome\idb\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\moz-safe-about+home\HELP_DECRYPT.HTML
C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\moz-safe-about+home\idb\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Documents\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Documents\Optimizer Pro\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Favorites\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Favorites\Links\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Favorites\Nicole\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Music\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Music\Taylor Swift\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Music\Taylor Swift\Taylor Swift\HELP_DECRYPT.HTML
C:\Users\sthomas\Desktop\Pictures\HELP_DECRYPT.HTML
C:\Windows\Installer\283d6f1f.msi
C:\Windows\Temp\2BD9.tmp
C:\ProgramData\PitiLxul\GodnUtewu.key
C:\ProgramData\PitiLxul
EmptyTemp:
Reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"C:\$Recycle.Bin\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-21-1796364693-351357432-1853364824-1728\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\dell\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\dell\drivers\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\dell\drivers\R165804\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\dell\drivers\R165804\Eula\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\drivers\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\drivers\Win_XP2K\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\drivers\Win_XP2K\common\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\drivers\Win_XP2K\common\english\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\install\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\install\config\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\install\config\image\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\install\ENGLISH\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\install\licenses\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\pubs\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\tools\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\tools\diagnostics\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\drivers\printer\3300\tools\diagnostics\ENGLISH\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\installs\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\installs\Engineering\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\installs\Engineering\_Graphics\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Cisco\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Email Backup Optimization\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Email Backup Optimization\Data\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Email Backup Optimization\Data\Mail\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Email Backup Optimization\Data\Mail\archive_D796E8A8AB0DDCAF\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\GUI\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\images\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\images\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\Common Framework\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\Common Framework\Current\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\Common Framework\Current\TELECONT1000\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\Engine\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\McAfee\Common Framework\Current\VSCANENG1000\Engine\0000\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Microsoft\Windows NT\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\ProgramData\Microsoft\Windows NT\MSScan\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Adobe\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Adobe\Updater5\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Adobe\Updater5\Data\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Adobe\Updater6\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Adobe\Updater6\Data\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Communicator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Outlook\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Mail\Local Folders\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Photo Gallery\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\LocalLow\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\LocalLow\WebEx\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Adobe\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Adobe\Flash Player\AssetCache\UXNK9PQW\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\Outlook\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\Signatures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\AppData\Roaming\Microsoft\Windows Photo Gallery\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\adopt a platoon\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\amortization schedules\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Homes\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Outlook\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\pay\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\running logs\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Scott's Excel files\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Scott's word documents\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Scott's word documents\George W Bush\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\scotts files\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Songs\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Documents\Songs\lyrics\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\draft trends\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2008\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2008\DraftDominator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2008\ProjectionsDominator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2009\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2010\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2010\FBG\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2010\FBG\DD\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2010\FBG\DD\VBD Revisited_files\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2010\FBG\LineupDominator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2011\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2011\DraftDominator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2011\DraftDominator\DraftDominator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\2011\Phil\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\MiTek FF 2010\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\pictures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Fantasy Football\FBG\titles\HELP_DECRYPT.HTML " => File/Directory not found.
C:\SThomas\Favorites\Guffins.exe => Moved successfully.
"C:\SThomas\Favorites\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\License Backup\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Chronicles 2\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Greatest Hits\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Moving Pictures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Rush in Rio Disc 3\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Rush-All The World's A Stage\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Rush-Moving Pictures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Signals\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Snakes & Arrows\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\Rush\Test_For_Echo\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\ZZ Top\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Music\ZZ Top\Rhythmeen\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\funnies\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\good baby pictures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\house\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\inspirational pics\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\kids\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\kids\Rebecca\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\kids\Rebecca Scott Thomas\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\kids\Rebecca Scott Thomas\cutting grass\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\Pictures\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\Pictures\cicadas\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Pictures\SASAS\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\SThomas\Videos\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Cisco\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Cisco\Cisco AnyConnect VPN Client\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Email Backup Optimization\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Email Backup Optimization\Data\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Email Backup Optimization\Data\Mail\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Email Backup Optimization\Data\Mail\archive_D796E8A8AB0DDCAF\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Bin\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\GUI\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankA\web\English\images\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\KingsIsle Entertainment\Wizard101\PatchClient\BankB\web\English\images\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\Common Framework\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\Common Framework\Current\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\Common Framework\Current\TELECONT1000\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\Engine\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\McAfee\Common Framework\Current\VSCANENG1000\Engine\0000\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Microsoft\Windows NT\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\Microsoft\Windows NT\MSScan\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\All Users\PitiLxul\GodnUtewu.key a variant of Win32/Kryptik.CYRP trojan" => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\mitek\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Communicator\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Communicator\[email protected]\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Microsoft\Windows Media\11.0\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Mozilla\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\xrce37me.default\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Mozilla\Firefox\Profiles\xrce37me.default\OfflineCache\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Roblox\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Roblox\logs\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Roblox\logs\archive\HELP_DECRYPT.HTML " => File/Directory not found.
C:\Users\sthomas\AppData\Local\Temp\1EAD.tmp => Moved successfully.
C:\Users\sthomas\AppData\Local\Temp\C344.tmp => Moved successfully.
C:\Users\sthomas\AppData\Local\Temp\vxqgyf.dat => Moved successfully.
C:\Users\sthomas\AppData\Local\Temp\wwzmtg.dat => Moved successfully.
"C:\Users\sthomas\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe " => File/Directory not found.
"C:\Users\sthomas\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe " => File/Directory not found.
"C:\Users\sthomas\AppData\LocalLow\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Adobe\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Adobe\Flash Player\AssetCache\7TFDVHB9\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\McAfee\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\McTray\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\McAfee\Common Framework\DB\McTray\PluginHistory\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft\Outlook\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic0\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic1\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic10\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic11\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic12\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic13\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic14\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic15\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic16\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic17\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic18\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic19\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic2\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic20\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic21\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic22\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic23\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic3\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic4\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic5\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic6\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic7\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic8\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Microsoft Games\Zoo Tycoon 2\Default Profile\photos\album0\pic9\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\default\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\chrome\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\chrome\idb\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\moz-safe-about+home\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default\storage\permanent\moz-safe-about+home\idb\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Documents\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Documents\Optimizer Pro\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Favorites\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Favorites\Links\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Favorites\Nicole\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Music\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Music\Taylor Swift\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Music\Taylor Swift\Taylor Swift\HELP_DECRYPT.HTML " => File/Directory not found.
"C:\Users\sthomas\Desktop\Pictures\HELP_DECRYPT.HTML " => File/Directory not found.
C:\Windows\Installer\283d6f1f.msi => Moved successfully.
C:\Windows\Temp\2BD9.tmp => Moved successfully.
C:\ProgramData\PitiLxul\GodnUtewu.key => Moved successfully.
C:\ProgramData\PitiLxul => Moved successfully.
EmptyTemp: => Removed 17.8 GB temporary data.

The system needed a reboot.

==== End of Fixlog 23:21:42 ====

#19
dbreeze

Posted 09 March 2015 - 12:53 AM

Trusted Helper

Malware Removal
2,216 posts

What happened between the ESET scan and the FRST Fixlist run? Seems that every listing of HELP_DECRYPT.HTML was removed before the fislist run?

We need to get a fresh scan from FRST.

If you still have the Addition.txt file on your desktop, please delete it now.
Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
Please check the Addition.txt in the Option Scan section of FRST.
Press the Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#20
Mozeta

Posted 09 March 2015 - 08:54 AM

Member

Topic Starter
Member
33 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 03
Ran by SThomas (administrator) on STHOMASD831VIST on 09-03-2015 09:07:35
Running from C:\Users\sthomas\Desktop\Desktop
Loaded Profiles: SThomas (Available profiles: SThomas & mitek)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Iron Mountain Incorporated) C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
( ) C:\Windows\System32\lxcccoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MITEK\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Iron Mountain Incorporated) C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 3300 Series\lxccmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 3300 Series\ezprint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VirtualCloneDrive] => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FlashPlayerUpdate] => C:\Users\sthomas\AppData\Local\Macromedia\Flash Player\FlashPlayerUpdateService.exe [126976 2015-02-14] ()
HKLM\...\Run: [AgentUiRunKey] => C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe [239104 2011-03-19] (Iron Mountain Incorporated)
HKLM\...\Run: [lxccmon.exe] => C:\Program Files\Lexmark 3300 Series\lxccmon.exe [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [LXCCCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 3300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [Communicator] => "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\...\Run: [PitiLxul] => regsvr32.exe "C:\ProgramData\PitiLxul\GodnUtewu.key"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Citrix XenApp.lnk

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\sthomas\AppData\Roaming\Mozilla\Firefox\Profiles\xrce37me.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-10-29] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1796364693-351357432-1853364824-1728: @nsroblox.roblox.com/launcher -> C:\Program Files\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1796364693-351357432-1853364824-1728: @nsroblox.roblox.com/launcher64 -> C:\Program Files\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgentService; C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe [7580576 2011-03-19] (Iron Mountain Incorporated)
R2 lxcc_device; C:\Windows\system32\lxcccoms.exe [537520 2007-03-26] ( )
R2 MSSQL$MITEK; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MITEK\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SQLAgent$MITEK; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MITEK\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ICAM3NT5; C:\Windows\System32\Drivers\Icam3.sys [141056 2001-08-17] (Microsoft Corporation)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker.sys [45384 2011-03-19] ()
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 20:38 - 2015-03-08 20:38 - 00000000 ____D () C:\ProgramData\PitiLxul
2015-03-07 13:48 - 2015-03-07 13:55 - 00000000 ____D () C:\AdwCleaner
2015-03-07 08:37 - 2015-03-09 09:02 - 00032061 _____ () C:\ProgramData\nvModes.001
2015-03-07 08:36 - 2015-03-09 09:02 - 00032061 _____ () C:\ProgramData\nvModes.dat
2015-03-06 06:58 - 2015-03-09 09:07 - 00000000 ____D () C:\FRST
2015-03-05 23:12 - 2015-03-05 23:12 - 00059460 _____ () C:\Users\sthomas\Downloads\Extras.Txt
2015-03-05 23:06 - 2015-03-05 23:06 - 00066082 _____ () C:\Users\sthomas\Downloads\OTL.Txt
2015-03-05 22:13 - 2015-03-05 22:13 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-05 22:13 - 2015-03-05 22:13 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-05 22:12 - 2015-03-05 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 20:15 - 2015-03-05 20:15 - 00001070 _____ () C:\malwarebytesfile.txt
2015-03-05 09:01 - 2015-03-05 09:02 - 00199624 _____ () C:\Windows\Minidump\Mini030515-01.dmp
2015-03-04 21:59 - 2015-03-04 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-04 21:59 - 2015-03-04 21:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-04 21:59 - 2014-11-21 07:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 21:59 - 2014-11-21 07:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 21:50 - 2015-03-07 14:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-03-04 21:45 - 2015-03-04 22:10 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Malwarebytes
2015-03-04 21:42 - 2015-03-04 22:09 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-04 21:36 - 2015-03-04 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-04 21:36 - 2014-11-21 07:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-04 21:00 - 2015-03-05 09:01 - 315280318 _____ () C:\Windows\MEMORY.DMP
2015-03-04 21:00 - 2015-03-04 21:00 - 00147512 _____ () C:\Windows\Minidump\Mini030415-01.dmp
2015-03-04 18:50 - 2015-03-04 18:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2015-02-14 16:05 - 2015-02-14 16:05 - 00000480 ____H () C:\Users\sthomas\AppData\Roaming\麽鎒駓覜
2015-02-13 22:06 - 2015-02-13 22:06 - 00239160 _____ () C:\Windows\Minidump\Mini021315-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 09:02 - 2013-11-11 13:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 23:47 - 2006-11-02 05:33 - 00863926 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 23:40 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 23:40 - 2006-11-02 08:00 - 00057592 _____ () C:\Windows\PFRO.log
2015-03-08 23:40 - 2006-11-02 07:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 23:40 - 2006-11-02 07:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 23:39 - 2009-12-21 10:57 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-08 23:39 - 2006-11-02 08:01 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-08 07:41 - 2014-08-06 07:16 - 00001142 _____ () C:\Users\sthomas\Desktop\Music - Shortcut.lnk
2015-03-07 17:02 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\PLA
2015-03-07 08:33 - 2011-08-02 11:12 - 00000000 ____D () C:\Users\sthomas
2015-03-07 08:33 - 2009-12-21 10:56 - 00000000 ____D () C:\Users\mitek
2015-03-06 20:06 - 2009-12-22 14:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-05 22:13 - 2015-01-04 12:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-05 22:00 - 2011-08-03 13:34 - 00000000 ____D () C:\Windows\pss
2015-03-05 09:01 - 2015-01-07 16:55 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 23:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-04 23:21 - 2014-07-07 14:11 - 00442644 _____ () C:\Users\sthomas\Desktop\A family reunion.pptx.ecc
2015-03-04 23:21 - 2013-10-05 19:30 - 00000484 ____H () C:\Users\sthomas\Desktop\~$about halloween.pptx.ecc
2015-03-04 23:21 - 2013-10-04 20:59 - 00090148 _____ () C:\Users\sthomas\Desktop\about halloween.pptx.ecc
2015-03-04 23:21 - 2013-02-16 13:04 - 00819716 _____ () C:\Users\sthomas\Christmas.pptx.ecc
2015-03-04 23:21 - 2012-12-22 09:19 - 00000484 ____H () C:\Users\sthomas\Desktop\~$Christmas.pptx.ecc
2015-03-04 23:21 - 2012-11-12 20:46 - 00820612 _____ () C:\Users\sthomas\Desktop\Christmas.pptx.ecc
2015-03-04 21:52 - 2011-08-02 12:47 - 00000680 _____ () C:\Users\sthomas\AppData\Local\d3d9caps.dat
2015-03-04 21:43 - 2015-01-04 13:10 - 00051364 _____ () C:\2b0693b1-0cb0-440b-a148-4f8dfb6b8db8.dmp.ecc
2015-03-04 18:50 - 2006-11-02 07:52 - 00026936 _____ () C:\Windows\setupact.log
2015-03-03 21:37 - 2011-08-02 11:14 - 00000000 ____D () C:\QUARANTINE
2015-02-21 16:45 - 2011-08-02 11:13 - 00000000 ____D () C:\Users\sthomas\Tracing
2015-02-16 21:51 - 2015-01-07 16:55 - 00277896 _____ () C:\Windows\Minidump\Mini022015-01.dmp
2015-02-16 09:10 - 2006-11-02 05:23 - 00000246 _____ () C:\Windows\win.ini
2015-02-14 17:11 - 2013-11-04 14:59 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Mozilla
2015-02-14 17:11 - 2013-09-14 18:30 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Microsoft Games
2015-02-14 17:10 - 2015-01-04 11:19 - 00000000 ____D () C:\Users\sthomas\AppData\Local\Roblox
2015-02-14 17:10 - 2011-08-02 12:00 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\McAfee
2015-02-14 17:10 - 2011-08-02 11:13 - 00000000 ____D () C:\Users\sthomas\AppData\Roaming\Adobe
2015-02-14 17:09 - 2013-11-04 14:59 - 00000000 ____D () C:\Users\sthomas\AppData\Local\Mozilla
2015-02-14 17:09 - 2011-08-02 13:22 - 00000000 ____D () C:\SThomas
2015-02-14 16:58 - 2012-09-03 18:25 - 00000000 ____D () C:\ProgramData\KingsIsle Entertainment
2015-02-14 16:58 - 2011-08-04 11:02 - 00000000 ____D () C:\installs
2015-02-14 16:58 - 2011-08-02 12:49 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2015-02-14 16:58 - 2011-08-02 11:39 - 00000000 ____D () C:\ProgramData\Cisco
2015-02-14 16:58 - 2009-12-21 11:04 - 00000000 ____D () C:\dell
2015-02-14 16:04 - 2008-01-20 20:39 - 01917002 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 09:07 - 2011-08-22 17:09 - 00000000 ____D () C:\Program Files\Lx_cats
2015-02-13 22:22 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2015-02-12 18:17 - 2015-01-04 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2015-02-09 17:53 - 2013-11-11 13:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:53 - 2011-08-03 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-12-07 11:49 - 2015-01-07 16:47 - 0000159 _____ () C:\Users\sthomas\AppData\Roaming\WB.CFG
2015-02-14 16:05 - 2015-02-14 16:05 - 0000480 ____H () C:\Users\sthomas\AppData\Roaming\麽鎒駓覜
2011-08-02 12:47 - 2015-03-04 21:52 - 0000680 _____ () C:\Users\sthomas\AppData\Local\d3d9caps.dat
2011-08-02 15:45 - 2015-01-07 19:06 - 0006144 _____ () C:\Users\sthomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-10 18:02 - 2014-12-22 15:56 - 0000001 _____ () C:\Users\sthomas\AppData\Local\DSI.DAT
2015-03-07 08:37 - 2015-03-09 09:02 - 0032061 _____ () C:\ProgramData\nvModes.001
2015-03-07 08:36 - 2015-03-09 09:02 - 0032061 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-08 23:47

==================== End Of Log ============================

#21
Mozeta

Posted 09 March 2015 - 08:54 AM

Member

Topic Starter
Member
33 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2015 03
Ran by SThomas at 2015-03-09 09:08:03
Running from C:\Users\sthomas\Desktop\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
Autodesk Architectural 2005 Object Enabler (HKLM\...\{ABA7DDDE-ECA7-4DD3-94D6-0FD6A50D66E0}) (Version: 4.5.227 - Autodesk, Inc.)
Cisco AnyConnect VPN Client (HKLM\...\{B571687A-1AE6-4C32-9B5B-678BECB556BE}) (Version: 2.5.3046 - Cisco Systems, Inc.)
Connected Backup/PC Agent (HKLM\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.5.1 - Iron Mountain)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
eFrame (Version: 2.29 - MiTek Industries, Inc.) Hidden
Lexmark 3300 Series (HKLM\...\Lexmark 3300 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiTek (Version: 7.1.0.0 - MiTek Industries, Inc.) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version: - )
ObjectDBX2005 (HKLM\...\{3D4F1315-9DC5-45BA-A410-3506C543D133}) (Version: 1.00.0000 - AutoDesk)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5408 - CyberLink Corp.)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb976884) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FB60F280-C70F-4174-BADB-471412AA42F0}) (Version: - Microsoft)
WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zoo Tycoon 2 (HKLM\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{00DEB7FB-A073-4ECD-BCE0-121B45C6864D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{021730DF-5BEA-48E9-BC7A-35087A674FD0}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{076D548F-B0F5-4FE1-B35D-7F7B73B8D322}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{07F4D811-C1F7-46FD-BD81-4A4B2CD58CE1}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{11782523-474B-4C83-9646-57C052847FBB}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{160229B0-00CE-42F4-97CC-72EED76A12E5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{16A07941-BC15-4D48-A880-9D5A211D5065}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{174B3E36-396B-4C6C-860C-C063C136E5BF}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{184FDC14-2458-4E90-ADB2-6B239826D217}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{1855F960-0154-4256-9FF7-7650FF50538F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{196841AB-566B-4D81-9AAF-BDCEB3FEFB6E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{1A6C7634-6585-45F1-B33A-2B21724D2238}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{1A9C010F-29CE-4755-85A6-C11DD1FD1F2E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{203a7c10-dc7b-4355-8803-982860b6258d}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{203EAB46-483B-4E6B-A10B-15E9A4B210FF}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{2162C6B6-0CE4-40E8-912B-46F59DFDF826}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{23C79E27-9A43-4A25-BF25-501888F37F26}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{24F2614A-D524-44C8-8A51-57DC9D51A4F6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{252C3FFD-5114-4D0C-BFA5-BBE62A740C0A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{25E11127-A908-4F2E-B272-A43ECF73D652}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{2E759BFF-9723-408F-BBE0-6A798135B3CC}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{2ED88065-05BA-483B-8D2C-59EF7C985079}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{33FD42D8-0154-4804-ACA8-3CA123C2262E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3750CAEC-9CD1-4778-B849-2A281C006956}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{375DD1E5-11C0-4606-80F9-FB9D8978E0B7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3C7F7161-53CD-4DFD-8A7E-DD3513C253DB}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3D0A034C-1028-4AA1-B2E7-99E52473C7D4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3F0FAF10-09DE-4EBA-AED1-C4E4D6FECF5D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{3FF3D4A0-C89A-4C2B-9847-3DB02BC22F33}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{43F4168B-C1C3-43E0-BFE4-B703447E2AA2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{444780B8-6527-43A8-8DC4-FAB41B7E48BB}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{46BFCC8B-D25B-4A00-842A-99C17C4DA3A2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{46F375E5-2D7E-4C5A-9438-222713012BDC}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47426477-BD24-47B4-8F79-4B739488B39D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47775DA0-E874-4eaf-A28C-20C6E2D387A0}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47B1A6D8-48F2-469A-B52E-6CFB87D01666}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{47C32803-2322-4B65-B546-CEF4867A29A6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4AEA81ED-C24F-477B-A534-EA69220A276A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4B72D1F6-14EC-4442-9BD6-BADF80B009F3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4C0AFFDF-F919-4A04-A3B0-E048DF7907C2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4D103908-8C86-4D95-BBF4-68B9A7B00731}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{4EEF602A-59C4-465B-B191-D0D18FC5669D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{526F2FB5-3C09-4AC7-B85F-BBF4AF0C321A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{613DF36A-190B-4A0A-A1CA-F91463379C6D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{63EEF39A-E068-474A-A5CD-D48C6151C82B}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6494BB2C-9E51-4E2D-9396-94BE47A9F6DC}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{65D10D07-1DEA-461E-A828-003EED48A43D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{67C52FE4-0A6B-4C82-A4CC-5E68537747B0}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6BF87AE7-1BEC-4BDB-98BB-5B91F7772793}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6C8C8217-60FA-43EE-A844-3ECC323BB16E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6FA79072-CFB7-4745-8D27-C5BCC0FF37C7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{6FA888E1-7D5A-4E6F-B06E-3434DD217D03}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7169F451-E1F5-4B29-B267-8A8A0E6435CE}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7188D70D-7B73-4F29-86CF-CBA1A5F4DB2A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{72EC5935-3EC3-4E94-A3F1-D2FC478521C2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{76527AAC-4575-4B0A-9AEB-0A1C3B0EC855}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{785C0F04-2F05-476A-A523-3886591B5AD4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{79047464-B441-435B-80E8-21E0095CC741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7A051850-9B71-492D-8B82-474C3A2B0570}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7C39017A-0875-45D2-AEE1-8CE5FA00A9BD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7C66BE02-EB10-4D63-AE3E-B47326EBC821}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7ECFDADD-4D10-4EE0-8B4B-E4441562B99D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{7F962213-845A-4E01-9CC7-8498DF226400}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{80CAA04C-3A1E-4513-8267-59851C997655}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{841C6AD6-6305-40EF-954A-4E640C441D9A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{86C923E2-046B-4681-9621-6FDEF0EB4928}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{88A10E3A-F60F-473A-80EB-9CC16BA1F489}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{8B539C81-CB02-4E75-B09F-C9ABB138246E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{8BA21FDA-27B1-4877-B8CB-255266619AC1}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{8D22A2A4-1777-4D78-84CC-69EF741FE954}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{94910E94-4FCA-427C-B6ED-2EC9E1C900C7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{9505D6DC-6B3E-483C-AB22-67369EF30225}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{96455E4D-80A8-400D-8D3A-3A7D92B54581}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{965F8AA1-215C-407C-A581-CFC64B073E4F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{979F9A0A-9738-40FC-A216-84BD6DD27A88}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{97B6DC06-B77F-498B-8647-918893DFF6F9}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{97E9824E-0AAF-4045-8003-7C58B0F13CD5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{9B706F88-2A5E-44F5-9A8E-2BBF75708823}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{9BEA33B1-05AD-419F-B680-BC7FF6A4F41D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A117FEB5-6122-4207-B02D-C6574DD30729}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A3CE677E-5566-4798-B7AF-4F7ED56CC9F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A5935BA4-F591-413D-905C-66E2F2AF0735}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A610AC29-F739-4C2A-9400-70AF488A3C23}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{A746B08D-3E25-4C93-8BEB-CAC8208AEC62}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AD1F611D-8D79-46F5-B7D1-9FF883002138}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AD8D5EEF-2D87-489F-BE7C-10D9A9C23A3C}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AE1348D9-6BC1-4F2E-8903-7E894E0B7199}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{AF2B061F-DE61-421E-A4C7-9DCC77B001F4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B17C17E0-382C-4A3F-8D27-BAC759D66781}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B20534F2-0978-418C-8D14-2E6928A077ED}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B3922BE8-7DE6-49C7-A6CD-CA35899C499F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B4245981-1737-491D-9BA1-88D628259F4F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B6E09611-4659-4F0D-981D-D62B11FD8426}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{B89CCEBE-5B33-4646-9CD2-D1DCFDA16242}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BD41FC2A-1A19-47B2-A361-D64CD9833AD5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BD41FC2B-1A19-47B2-A361-D64CD9833AD5}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BECFA513-0C01-458E-B468-657849849E33}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{BF7227D0-D41D-48FC-B545-8263F2CDA621}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{C0F0AB90-05BF-4555-AE09-8AC5EC775309}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{C8298CDD-FB72-40A1-B39A-5A51E13EBEC6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{C8710257-8A07-4E19-855B-FD685D8939A7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{CA665E1B-2ACF-4984-B9B6-04965AFEBF0C}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{CC54D9C4-CB60-46F3-9B0C-7B4565B26824}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{CEDD7570-F7B8-40D1-98C6-38B8D26CCFD6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D15A03C2-C39B-428A-9BBA-C031347C496F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D7EC585A-02A5-45E7-8792-7F1A9175E7F8}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D7F62684-30B2-4652-8460-C12FBC7E9D2E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D8538A54-4BBD-42B8-8C5F-FAC5CA7B4CA4}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{D8C4556C-2407-4DD5-874F-0407D1FCCF85}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{DAB9A45B-39DA-46D9-ADE6-A2D49DDBE577}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E2CD2B06-5B97-41D9-AA27-18AC0F98505F}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E40EA246-BAB4-4907-81A5-511EA30C16FD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E4F2A54A-AF3A-4366-ACE0-F11F189D1A49}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E57B2E09-8B70-4C6B-B70F-06886ABA4684}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{E6F88130-CD68-49CA-B722-251D583FA67E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{EBF2737C-503C-417B-9157-BE52BD858BFF}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{EBF70DB8-F495-4522-BA80-43976BF35B3E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{ECE597DD-A801-4B74-8BFD-E21A31460F6A}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{ECF0DB32-1396-4402-8231-0B4FC1124537}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{EF4A5D29-39FA-49C6-B7D3-F2D2D0423245}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F40F931B-64BC-4B90-9FC8-A11A77D6815B}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F57F96E7-0F16-4DC9-8F09-52F7BB389AB6}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcSmComponents16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F6138459-F06F-4007-AB1E-9BC06F28E864}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F65301D2-6C8D-42A2-9E20-50E21CD5A223}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{F972DFFB-179F-48A6-8B26-E04697991A92}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{FE4228BB-8F46-41CB-BC39-6A2061A60EF2}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()
CustomCLSID: HKU\S-1-5-21-1796364693-351357432-1853364824-1728_Classes\CLSID\{FFA27C46-6146-4BEF-8B42-014E7FB7A893}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\axdb16.dll ()

==================== Restore Points =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6E442889-12A3-4872-9B8E-EB479260EEA1} - System32\Tasks\{5882937C-D302-41F2-822D-7C500182A561} => pcalua.exe -a "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" -c /UninstallMAS
Task: {789DEA0B-CBEA-4763-AF01-6361FF3C3366} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-12-22 11:04 - 2006-12-10 21:31 - 00087800 _____ () C:\Windows\System32\cpwmon2k.dll
2011-08-22 17:09 - 2005-12-13 15:51 - 00122880 _____ () C:\Program Files\Lexmark 3300 Series\lxccdrec.dll
2011-08-22 17:09 - 2005-06-14 17:08 - 00196608 _____ () C:\Program Files\Lexmark 3300 Series\iptk.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1796364693-351357432-1853364824-1728\Control Panel\Desktop\\Wallpaper -> C:\Users\sthomas\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-541099706-4284324035-4047027448-500 - Administrator - Enabled)
ASPNET (S-1-5-21-541099706-4284324035-4047027448-1007 - Limited - Enabled)
Guest (S-1-5-21-541099706-4284324035-4047027448-501 - Limited - Enabled)
ITops.Admin (S-1-5-21-541099706-4284324035-4047027448-1008 - Administrator - Enabled)
mitek (S-1-5-21-541099706-4284324035-4047027448-1000 - Administrator - Enabled) => C:\Users\mitek

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 09:03:25 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/09/2015 09:03:25 AM) (Source: CertEnroll) (EventID: 15) (User: MITEK)
Description: MITEK\SThomasThe specified domain either does not exist or could not be contacted. 0x8007054b (WIN32: 1355)

Error: (03/08/2015 11:42:51 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/08/2015 11:42:51 PM) (Source: CertEnroll) (EventID: 15) (User: MITEK)
Description: MITEK\SThomasThe specified domain either does not exist or could not be contacted. 0x8007054b (WIN32: 1355)

Error: (03/08/2015 11:42:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 08:40:20 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/08/2015 08:40:20 PM) (Source: CertEnroll) (EventID: 15) (User: MITEK)
Description: MITEK\SThomasThe specified domain either does not exist or could not be contacted. 0x8007054b (WIN32: 1355)

Error: (03/08/2015 06:22:12 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/08/2015 06:22:12 PM) (Source: CertEnroll) (EventID: 15) (User: MITEK)
Description: MITEK\SThomasThe specified domain either does not exist or could not be contacted. 0x8007054b (WIN32: 1355)

Error: (03/08/2015 07:28:58 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: MITEK\SThomas0x8007054bThe specified domain either does not exist or could not be contacted.

System errors:
=============
Error: (03/09/2015 09:02:18 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MITEK due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/09/2015 09:02:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (03/08/2015 11:44:41 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (03/08/2015 11:42:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic System Host

Error: (03/08/2015 11:41:40 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: MITEK)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/08/2015 11:40:40 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/08/2015 11:40:28 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MITEK due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/08/2015 10:21:39 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MITEK due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/08/2015 09:40:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: MITEK)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/08/2015 08:38:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Search%%1056

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-03-09 09:08:00.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 09:08:00.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-07 15:37:01.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-07 15:37:01.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 31%
Total physical RAM: 3581.05 MB
Available physical RAM: 2446.06 MB
Total Pagefile: 7347.09 MB
Available Pagefile: 6325.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.72 GB) (Free:79.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 673378ED)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#22
dbreeze

Posted 09 March 2015 - 09:20 PM

Trusted Helper

Malware Removal
2,216 posts

All right!! Your logs are clean and you're good to go now!! We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

Download Delfix from here to your desktop and double click it to start the program
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
Reset system settings
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

Click Start and then click Control Panel.
Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
Scroll down and click on Windows Update.
Click on Change settings.
Under Important Updates, click on Install updates automatically (recommended).
Select (click on) the other options on this page.
Select a day and time to have windows install the updates.
Click on Ok to change the settings.
If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

Click Start and then click Control Panel.
If you need to, click View by: and select either Large Icons or Small Icons.
Click on Programs and Features.
Scroll down until you find Java and click on it to select that program.
(Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
Click Uninstall.
If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

Go to java.com and click on Do I have Java?.
On the next page, click on Verify Java Version.
If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
Follow the recommendations (if any) on the results screen.
If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
The site will start a download of jxpiinstall.exe. Save the file to your desktop.
When the download is finished, close your browser.
Right click on the jxpiinstall.exe and select Run as Administrator.
On the opening window, check Change destination folder and then click Install>.
The program will now download the rest of the files needed to install Java.
On the Destination Folder window, click Next>.
On the next window, the install will present you the option of adding additional software (this is known as Foistware).
Uncheck the Set and keep Ask as my default search provider.
Uncheck the Install the Ask Toolbar.
Click Next> to finish the install.
When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

Launch your Adobe Reader.
Click Help and then click on About Adobe Reader from the menu list.
If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
Click on Download in the menu bar on top of the Adobe web page.
Click on Adobe Reader in the list on the right hand side of the page.
On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
Click the Install Now button and follow the directions on next page.
If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).

You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

#23
Mozeta

Posted 09 March 2015 - 10:11 PM

Member

Topic Starter
Member
33 posts

Wow, thanks man. I thought I was going to have to buy a new computer for my daughter for sure and throw this thing away. Thanks for being so clear with your instructions. You made it easy to follow.

Only one quick question. you give instructions to check 4 items in the DelFix box, but you make no mention of checking Activate UAC. However, it is checked in the picture. Should I check all the boxes like the picture, or just the 4 things you specificly mention in your steps?

Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
Reset system settings

Edited by Mozeta, 09 March 2015 - 10:11 PM.

#24
dbreeze

Posted 10 March 2015 - 01:26 AM

Trusted Helper

Malware Removal
2,216 posts

Good catch and shame on me for not checking the post first. :upset: :bashhead: :whistling:

Please check all boxes (in this case) as we are finished and that will reset the system to the best know safe state along with backing up the registry / system restore and removing the tools no longer needed. :spoton:

#25
Mozeta

Posted 10 March 2015 - 07:23 AM

Member

Topic Starter
Member
33 posts

# DelFix v10.9 - Logfile created 09/03/2015 at 20:21:53
# Updated 27/02/2015 by Xplode
# Username : SThomas - STHOMASD831VIST
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\sthomas\Desktop\Desktop\FRST-OlderVersion
Deleted : C:\Users\sthomas\Desktop\Desktop\Addition.txt
Deleted : C:\Users\sthomas\Desktop\Desktop\AdwCleaner.exe
Deleted : C:\Users\sthomas\Desktop\Desktop\Fixlog.txt
Deleted : C:\Users\sthomas\Desktop\Desktop\FRST.exe
Deleted : C:\Users\sthomas\Desktop\Desktop\FRST.txt
Deleted : C:\Users\sthomas\Desktop\Desktop\OTL.exe
Deleted : C:\Users\sthomas\Downloads\Extras.Txt
Deleted : C:\Users\sthomas\Downloads\OTL.Txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#26
Mozeta

Posted 10 March 2015 - 07:42 AM

Member

Topic Starter
Member
33 posts

My importants updates drop down menu is inactive and won't let me change it.

If I try to check for Windows updates, it gives me this error saying "Windows Updates cannot currently check for updates, because the service is not running. You may need to restart your computer".

I've restarted, but nothing changes.

Not sure if this is because this is my old work computer and they did all the updates or if this is something I can change.

#27
dbreeze

Posted 10 March 2015 - 08:26 AM

Trusted Helper

Malware Removal
2,216 posts

That does sound like a group policy setting in a corporate / domain work place. Let us check the services just to make sure there is nothing wrong on that end....

Please download Farbar Service Scanner to your desktop and double click on the file to run it.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#28
Mozeta

Posted 10 March 2015 - 08:56 AM

Member

Topic Starter
Member
33 posts

Farbar Service Scanner Version: 17-01-2015
Ran by SThomas (administrator) on 09-03-2015 at 21:55:16
Running from "C:\Users\sthomas\Desktop\Desktop"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

#29
dbreeze

Posted 10 March 2015 - 07:06 PM

Trusted Helper

Malware Removal
2,216 posts

Please download the ESET Services Repair Tool from here .

Double click on ServicesRepair.exe; allow the file to run by clicking Run and / or Yes.

Once the utility is done, please reboot your system to allow the services to start properly.

#30
Mozeta

Posted 10 March 2015 - 11:18 PM

Member

Topic Starter
Member
33 posts

that was awesome. I'm not sure how you did it, but after that I was able to get about 150 Windows updates that haven't run since 2011. It took hours, but well worth it. You're like a computer jedi master. that got rid of about 2/3 of the crap running in my processes and that svchost.exe that had 20+ instances runnning is finally gone now too. I went from 99% CPU usage to 15-20% and now down to 1-2%. Now I just need to finish running through your steps. I may work on those tomorrow. If I have any more questions, I will post it here in the next day or two. Thanks again for your time and for the great step by step instructions. I guess one question I do have is about future Windows updates and how will I go about getting them. I guess I could take this computer into work and see if IT will take off all their controls and settings so i can do my own updates. otherwise, I may have to do these steps again.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: iexplore.exe, svchost.exe

Security → Virus, Spyware, Malware Removal → Excessive svchost.exe Running Started by TigerCRNA , 02 Oct 2016 svchost.exe	0 replies 2,138 views	TigerCRNA 02 Oct 2016
Security → Virus, Spyware, Malware Removal → Avast keeps blocking threat/ Process: svchost.exe Infection URL:Mal [C Started by EN1GM4 , 18 Dec 2015 Infection, svchost.exe and 1 more... 1 2	Hot 16 replies 6,965 views	Essexboy 28 Dec 2015
Security → Virus, Spyware, Malware Removal → Help I need a Geek! [Solved] Started by liz602m , 08 Jul 2015 svchost.exe and 3 more...	8 replies 4,249 views	Essexboy 12 Jul 2015
Retired Forums → Windows Vista and Windows 7 → SVCHOST. EXE netsvcs & SVCHOST. EXE Local Service PID 1432 eats a Started by bubrol , 08 Jul 2015 Svchost. Exe	2 replies 3,491 views	errorcodespro 29 Jun 2017
Retired Forums → Windows Vista and Windows 7 → SVCHOST. EXE netsvcs & SVCHOST. EXE Local Service PID 1432 eats a Started by bubrol , 08 Jul 2015 Svchost. Exe	1 reply 3,120 views	Crowbar 09 Jul 2015