CreateRestorePoint:
HKLM\...\Run: [{503561fa-674f-4bcd-3292-e5f3b2a37604}] => "C:\Documents and Settings\All Users\Application Data\Microsoft\{503561fa-674f-4bcd-3292-e5f3b2a37604}\{503561fa-674f-4bcd-3292-e5f3b2a37604}.exe"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{503561fa-674f-4bcd-3292-e5f3b2a37604}] => "C:\Documents and Settings\All Users\Application Data\Microsoft\{503561fa-674f-4bcd-3292-e5f3b2a37604}\{503561fa-674f-4bcd-3292-e5f3b2a37604}.exe" No File
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torconnectpaycom/1hLRgR
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.HTML
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
Toolbar: HKU\.DEFAULT -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
2015-03-02 19:08 - 2015-03-02 19:08 - 00008604 _____ () C:\Documents and Settings\Administrator\Desktop\HELP_DECRYPT.HTML
2015-03-02 19:08 - 2015-03-02 19:08 - 00004242 _____ () C:\Documents and Settings\Administrator\Desktop\HELP_DECRYPT.TXT
2015-03-02 19:08 - 2015-03-02 19:08 - 00000288 _____ () C:\Documents and Settings\Administrator\Desktop\HELP_DECRYPT.URL
2015-02-26 19:29 - 2015-02-26 19:29 - 00008604 _____ () C:\HELP_DECRYPT.HTML
2015-02-26 19:29 - 2015-02-26 19:29 - 00004242 _____ () C:\HELP_DECRYPT.TXT
2015-02-26 19:29 - 2015-02-26 19:29 - 00000288 _____ () C:\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\My Documents\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\Owner\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00008604 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\My Documents\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\Owner\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00004242 _____ () C:\Documents and Settings\HELP_DECRYPT.TXT
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\My Documents\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\Owner\HELP_DECRYPT.URL
2015-02-26 19:28 - 2015-02-26 19:28 - 00000288 _____ () C:\Documents and Settings\HELP_DECRYPT.URL
2015-02-26 19:24 - 2015-02-26 19:24 - 00008604 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:24 - 2015-02-26 19:24 - 00004242 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:24 - 2015-02-26 19:24 - 00000288 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00008604 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00004242 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-02-26 19:22 - 2015-02-26 19:22 - 00000288 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-02-26 19:21 - 2015-02-26 19:21 - 00008604 _____ () C:\Documents and Settings\Administrator\My Documents\HELP_DECRYPT.HTML
2015-02-26 19:21 - 2015-02-26 19:21 - 00008604 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.HTML
2015-02-26 19:21 - 2015-02-26 19:21 - 00004242 _____ () C:\Documents and Settings\Administrator\My Documents\HELP_DECRYPT.TXT
2015-02-26 19:21 - 2015-02-26 19:21 - 00004242 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.TXT
2015-02-26 19:21 - 2015-02-26 19:21 - 00000288 _____ () C:\Documents and Settings\Administrator\My Documents\HELP_DECRYPT.URL
2015-02-26 19:21 - 2015-02-26 19:21 - 00000288 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.URL
2015-02-26 18:40 - 2015-02-26 18:40 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.HTML
2015-02-26 18:40 - 2015-02-26 18:40 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-02-26 18:40 - 2015-02-26 18:40 - 00004242 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.TXT
2015-02-26 18:40 - 2015-02-26 18:40 - 00004242 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-02-26 18:40 - 2015-02-26 18:40 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.URL
2015-02-26 18:40 - 2015-02-26 18:40 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.URL
2015-02-26 18:36 - 2015-02-26 18:36 - 00008604 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.HTML
2015-02-26 18:36 - 2015-02-26 18:36 - 00004242 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.TXT
2015-02-26 18:36 - 2015-02-26 18:36 - 00000288 _____ () C:\Documents and Settings\Administrator\Application Data\HELP_DECRYPT.URL
2015-02-26 19:28 - 2012-08-27 08:18 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4270454083-941970028-1945739218-500\Software\Classes\exefile: "%1" %* <===== ATTENTION!
EmptyTemp: