how to remove Crytolocker

Cryptowall is only one of many variants on this malware encryption craze.  Since it is so lucrative for the creators a new version seems to pop up weekly.  The only cure is not to get infected by using safe browsing techniques, always run as a standard user except for when admin privileges are needed (usually only needed for installations) and having current backups.  Do NOT keep your backup device on-line except for creating / restoring from a backup as the malware will search and encrypt ANY files it finds..  Backup, Backup, Backup.. 3 copies on 2 different media, 1 being off-site.

once the damage is done.. the only real recourse is re-install the operating system (recent backup??) and restore the files from backup.  Don't try and cheat by just removing the malware. Why not. you ask? The simple answer is that once a machine is compromised you can never trust that machine again. If I was a malware author, I'd add a scheduled task for sometime in the future to re-aquire and install the malware at a later date.

David after seeing how some other virus issues I have had to try to fix and none as bad as this, I would tend to agree. It seems no matter what you clean and how it says it is clean, the laptop ends up coming back to me again. I have yet to really get any laptop cleaned if a virus (not malware) hits. The easiest way is to just re-install but I would like to at least get this guys music and pictures off. I will try one of the above and then after I get the music or whatever he has to have off, I will just re-install the image. Thanks. I will let you guys all know how the fix works.

I just talked to one of the techs and he went to bleeping computers which always seems to have a fix and downloaded rkill and says it did clean the laptop but I also again agree that a re-image is just the safest way. I will run the rkil tonight and see what happens and also run the download that shows what has been decrypted and this was off the site David had. It is also nice that I have someone else's laptop to test it on since he thinks it is dead anyway. I love testing on another laptop that is not mine.

You need to make sure it really is CryptoLocker - that particular strain of malware was taken down last year and, while it's been trying to make a comeback, a lot of fake ransomware strains have been making use of the name (without actually encrypting the files). Unfortunately, a strain called CryptoWall has filled in the niche lately and comprises the wast majority of recent crypto ransomware outbreaks. I say "unfortunately", because there are no known means of decrypting CryptoWall infected machines (and the recent payloads also started to include a credential stealing spyware module). See an earlier question about CryptoWall 3.0 ramifications here.

Ransomware,  if it is such,  can be easily determined.  Check a single file by uploading to the crypto server. and see my article.

if the files have been encrypted they are gone just a like a catastrophic disk error, format the disk.. if the files are not now encrypted then add the drive to another machine and copy the files over.  Belt and suspenders route is to use a different o/s host machine like linux to copy the files.

Thanks to all that helped. Bleeping computers had a ton of great info. The virus trashed the MBR so I had to re-format. It had been on there too long. I ended up wiping the drive and re-imaged. His music was not able to be had any longer. Thanks for all the help.