Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus - Kein zugriff mehr auf meine Daten (https://www.trojaner-board.de/165343-virus-kein-zugriff-mehr-daten.html)

soxx22 20.03.2015 17:41
Virus - Kein zugriff mehr auf meine Daten
 
Hallo,

wer kann mir helfen. Ich kann nicht mehr auf meine Fotos zugreifen.

hier meine logs.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by jimbo at 2015-03-20 08:59:23
Running from E:\11111111111111111111
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13491 - Systweak Software) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.90 - NTI Corporation) Hidden
Beginning Operations Interactive Activities (HKLM-x32\...\Beginning Operations Interactive Activities) (Version: 1.5.0.0 - Lakeshore Learning Materials)
Best Buy pc app (Version: 3.2.2.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlockAndSurf (HKLM-x32\...\9CD2DB2C-08CA-CA59-B9D1-742EDBC99710) (Version:  - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
BrowserSafeguard with RocketTab (HKLM-x32\...\BrowserSafeguard) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
Convert Files for Free (HKLM-x32\...\Convert Files for Free) (Version: 7.12 - Convert Files for Free)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2912.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
fst_us_53 (HKLM-x32\...\fst_us_53_is1) (Version:  - free_soft_today) <==== ATTENTION
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.90 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 3.0.3106 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 3.0.3106 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}) (Version: 10.5.1.42 - Apple Inc.)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Gateway)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mysearchdial (HKLM-x32\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
Perk Prize Panel (HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\pp@perk.com) (Version:  - )
Plus-HD-9.3 (HKLM-x32\...\Plus-HD-9.3) (Version: 1.34.5.4 - Plus HD) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.0.274 - Client Connect LTD) <==== ATTENTION
Social Privacy DNS (HKLM-x32\...\dnsshield) (Version:  - ) <==== ATTENTION
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings)
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
webget (HKLM\...\webget) (Version: 2014.05.07.004105 - webget) <==== ATTENTION
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3503 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Yahoo! SiteBuilder (HKLM-x32\...\Yahoo! SiteBuilder) (Version: 2.4.0 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-03-2014 15:55:38 Scheduled Checkpoint
06-05-2014 19:45:01 Installed WeatherBug
06-05-2014 19:59:06 Removed WeatherBug
18-05-2014 19:14:24 Windows Update
01-07-2014 18:57:13 Scheduled Checkpoint
03-08-2014 17:55:50 Scheduled Checkpoint
01-09-2014 17:59:35 Removed Microsoft Silverlight
04-10-2014 17:49:55 Scheduled Checkpoint
22-01-2015 19:03:32 Windows Modules Installer
22-02-2015 10:22:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
17-03-2015 18:59:29 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11C88312-6794-4A97-8EEF-232D14FCBD0A} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe [2014-05-06] () <==== ATTENTION
Task: {189D522F-C971-405F-914C-4B739CEAA785} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfp72.exe [2014-05-06] () <==== ATTENTION
Task: {28F9C5C2-23AC-45D8-B52C-CFA2CAC19EDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-06] (Adobe Systems Incorporated)
Task: {293EECA6-9605-4C6E-8BAF-F86327A116EA} - System32\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-2 => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-2.exe [2014-05-06] (Plus HD) <==== ATTENTION
Task: {32B90593-33AA-4D2E-8EFD-1252C107AB37} - System32\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-1 => C:\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-codedownloader.exe [2014-05-06] (Plus HD) <==== ATTENTION
Task: {3708EC8A-8D0B-470E-B591-7A1066EA155D} - System32\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-5 => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-5.exe [2014-05-06] (Plus HD) <==== ATTENTION
Task: {4F6CE0C1-96AB-42A7-B815-100E63F6D9E5} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe [2014-05-06] () <==== ATTENTION
Task: {5EC5EC46-24D9-4F6A-BAAC-E9BD9296FE29} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-04-25] (Systweak Inc) <==== ATTENTION
Task: {67914104-9C51-4FD8-9A8F-0D91B0302092} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-04-08] (Systweak) <==== ATTENTION
Task: {7584F69C-3D5F-4CA7-897B-D3D5031FFFCC} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-04-25] (Systweak Inc) <==== ATTENTION
Task: {78A7C370-3E23-4B3F-9FEC-A580BF98172C} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-04-25] (Systweak Inc) <==== ATTENTION
Task: {7965E8F1-288A-45B4-B9C1-9EE8789D6B3B} - System32\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-3 => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-3.exe [2014-05-06] (Plus HD) <==== ATTENTION
Task: {8114CC0B-53C5-4EB2-B32E-F782F34D4D10} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-04-03] (Adobe Systems Incorporated)
Task: {A232B761-9D2D-4D6A-B753-835CDDDE7D82} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B03751BA-6E7B-48AE-BA19-2503D9F99377} - System32\Tasks\MySearchDial => C:\Users\jimbo\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B15F10B0-9C82-4D18-B788-7B462FD1408D} - System32\Tasks\{70B42AA9-E1C7-452C-A1A5-C7B4BE0B82D2} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.115.260&amp;LastError=12002
Task: {BCF02AD8-084B-412D-A143-61ED88BD5AFF} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions)
Task: {D2093508-F738-4875-99F2-C78530A7D74B} - System32\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-4 => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-4.exe [2014-05-06] (Plus HD) <==== ATTENTION
Task: {EE2C2FC5-3B1A-4380-965D-E476688FBEFC} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-1.job => C:\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-codedownloader.exe/scDuyT /JPMfn=task /aDyzL='Plus-HD-9.3' /XKMBz=53098 /EemsZ='001263' /pnWgC='0' /ncKMMrqN='0' /cEqLz=3C907EC56064401D8FEFD84E7362D4A8IE /jeiLtEMzq=ab6ec8aed2eed3984b1bd0155884e741 /tWJGcc=1_34_05_04 /FIgQJNnGY=1.34.5.4 /gOTqai=1399430210 /tfIBZGczd=http:/stats.clientstaticserv.com /uBJgkTGz=http:/errors.clientstaticserv.com /mdohORTKD=http:/js.clientstaticserv.com /vSumDlQdJ=ie /EbEoIJRSt /cremMoj='http:/update.clientstaticserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-2.job => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-2.exeö/QjPPEqMPP /aDyzL='Plus-HD-9.3' /XKMBz=53098 /EemsZ='001263' /pnWgC='0' /ncKMMrqN='0' /cEqLz=3C907EC56064401D8FEFD84E7362D4A8IE /jeiLtEMzq=ab6ec8aed2eed3984b1bd0155884e741 /tWJGcc=1_34_05_04 /gOTqai=1399430210 /tfIBZGczd=http:/stats.clientstaticserv.com /uBJgkTGz=http:/errors.clientstaticserv.com /xbmUubXP=11111111-1111-1111-1111-110511301198 /vSumDlQdJ=ie /zUshhLsu /EbEoIJRSt /cremMoj='http:/update.clientstaticserv.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-3.job => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-4.job => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-4.exe„/KejrFqk /aDyzL='Plus-HD-9.3' /xgahhVuZ C:\Program Files (x86)\Plus-HD-9.3\53098.xpi' /XKMBz=53098 /EemsZ='001263' /pnWgC='0' /ncKMMrqN='0' /cEqLz=3C907EC56064401D8FEFD84E7362D4A8IE /jeiLtEMzq=ab6ec8aed2eed3984b1bd0155884e741 /tWJGcc=1_34_05_04 /FIgQJNnGY=1.34.5.4 /gOTqai=1399430210 /tfIBZGczd=http:/stats.clientstaticserv.com /uBJgkTGz=http:/errors.clientstaticserv.com /AhDsCpXBw=300 /oOGqSk=120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com /rOjxnS=0.94 /EidnQWlGX=a120b8567cef74a3fbc74951746209d5be3f0d12e110a4daca27722ad73cee452com53098 /nAraTm=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/53098.rdf /oxDUqaI='Plus-HD-9.3' /KuXXzULrX='Turn YouTube videos to High Definition by default' /CleTGR='Plus HD' /vSumDlQdJ=ie /EbEoIJRSt /XcXBJjd /udhTCRz /cremMoj='http:/update.clientstaticserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-5.job => C:\Program Files (x86)\Plus-HD-9.3\a5484598-527e-4337-aed0-ae0a1d60296a-5.exe/iIDDKg /aDyzL='Plus-HD-9.3' /XKMBz=53098 /EemsZ='001263' /pnWgC='0' /ncKMMrqN='0' /cEqLz=3C907EC56064401D8FEFD84E7362D4A8IE /jeiLtEMzq=ab6ec8aed2eed3984b1bd0155884e741 /tWJGcc=1_34_05_04 /gOTqai=1399430210 /tfIBZGczd=http:/stats.clientstaticserv.com /uBJgkTGz=http:/errors.clientstaticserv.com /XzMwXdlKp=http:/ipgeoapi.com/ /xtXrsplq=http:/update.clientstaticserv.com /hyACaARKA=2 /TMxlCx=http:/logs.clientstaticserv.com /cremMoj='http:/update.clientstaticserv.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfp72.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\jimbo\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-01-28 03:27 - 2014-01-28 03:27 - 00252928 _____ () C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
2014-05-06 19:56 - 2014-05-06 19:58 - 00070848 _____ () C:\Program Files (x86)\Mobogenie\MgAssist.exe
2014-05-06 17:41 - 2014-05-06 17:41 - 00316696 _____ () C:\Program Files (x86)\webget\updatewebget.exe
2014-05-06 19:57 - 2014-05-06 19:57 - 00071680 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
2014-05-06 19:57 - 2014-04-29 08:47 - 03265024 _____ () C:\Users\jimbo\AppData\Local\fst_us_53\upfst_us_53.exe
2011-08-18 08:57 - 2011-06-10 10:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-14 21:40 - 2014-04-14 21:40 - 00221184 _____ () C:\Program Files (x86)\Perk Prize Panel\pdr.exe
2014-05-01 14:32 - 2014-05-06 07:16 - 00522752 _____ () C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
2014-05-06 19:56 - 2014-05-06 19:58 - 00748736 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2014-05-06 00:00 - 2014-05-06 00:00 - 00052736 _____ () C:\Users\jimbo\AppData\Roaming\VOPackage\VOsrv.exe
2014-05-06 19:35 - 2014-05-06 19:35 - 00706560 _____ () C:\Program Files\003\vxlsnyaiet64.exe
2014-05-06 19:57 - 2014-05-06 19:57 - 00144896 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfKF161.exe
2015-03-20 06:45 - 2015-03-20 06:45 - 00050477 _____ () E:\11111111111111111111\Defogger.exe
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-09 10:13 - 2011-03-09 10:13 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-03-09 10:12 - 2011-03-09 10:12 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-03-09 10:12 - 2011-03-09 10:12 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2014-05-06 19:57 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-05-06 19:57 - 2014-04-08 12:04 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-05-06 19:56 - 2014-05-06 19:58 - 00065728 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-05-06 19:56 - 2014-05-06 19:58 - 00474816 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
2014-05-06 19:57 - 2014-05-06 19:57 - 00133120 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfKF161.dll
2011-10-21 10:53 - 2011-10-21 10:53 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\39fd377a71bb615895084d5861d5adf6\IsdiInterop.ni.dll
2011-08-18 08:13 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3300329991-2820599393-3356462390-500 - Administrator - Disabled)
Guest (S-1-5-21-3300329991-2820599393-3356462390-501 - Limited - Enabled)
jimbo (S-1-5-21-3300329991-2820599393-3356462390-1000 - Administrator - Enabled) => C:\Users\jimbo
scanuser (S-1-5-21-3300329991-2820599393-3356462390-1002 - Limited - Enabled) => C:\Users\scanuser.jimbo-PC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 08:54:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the remote_log registry value, code: 2

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the remote_log registry value, code: 2

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the remote_log registry value, code: 2

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the remote_log registry value, code: 2

Error: (03/20/2015 08:33:15 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't download info about new versions from: hxxp://www.convertfilesforfree.com/w/updater/u.php?timestamp=1426865595&app_id=B96B8A80B995469784901EB49BB9BB8E&version=7.12&updaterVersion=1.0.4&channel=installmonetize3, to local path: C:\Windows\TEMP\ConvertFilesforFreeUpdt_update.txt

Error: (03/20/2015 08:33:15 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Receive failed, code: 12152

Error: (03/20/2015 08:33:15 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Send failed, code: 12007

Error: (03/20/2015 08:28:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/20/2015 08:18:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/20/2015 08:17:30 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (03/20/2015 08:17:30 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (03/17/2015 08:09:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The MgAssist Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/17/2015 06:55:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/25/2015 07:47:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/25/2015 05:15:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/25/2015 05:15:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/25/2015 05:15:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/25/2015 05:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/25/2015 05:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/20/2015 08:54:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the remote_log registry value, code: 2

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the remote_log registry value, code: 2

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the remote_log registry value, code: 2

Error: (03/20/2015 08:54:45 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the remote_log registry value, code: 2

Error: (03/20/2015 08:33:15 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't download info about new versions from: hxxp://www.convertfilesforfree.com/w/updater/u.php?timestamp=1426865595&app_id=B96B8A80B995469784901EB49BB9BB8E&version=7.12&updaterVersion=1.0.4&channel=installmonetize3, to local path: C:\Windows\TEMP\ConvertFilesforFreeUpdt_update.txt

Error: (03/20/2015 08:33:15 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Receive failed, code: 12152

Error: (03/20/2015 08:33:15 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Send failed, code: 12007

Error: (03/20/2015 08:28:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/20/2015 08:18:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz
Percentage of memory in use: 65%
Total physical RAM: 1899.86 MB
Available physical RAM: 649.9 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 2330.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:209.15 GB) NTFS
Drive d: (Office Depot) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
Drive e: (OS) (Fixed) (Total:99.23 GB) (Free:30.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A8AEAE60)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 80000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End Of Log ============================
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by jimbo (administrator) on JIMBO-PC on 20-03-2015 08:58:05
Running from E:\11111111111111111111
Loaded Profiles: jimbo (Available profiles: jimbo & scanuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\webget\updatewebget.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
() C:\Users\jimbo\AppData\Local\fst_us_53\upfst_us_53.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
() C:\Program Files (x86)\Perk Prize Panel\pdr.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Revizer) C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
() C:\Users\jimbo\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files\003\vxlsnyaiet64.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe
(Systweak Inc) C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfKF161.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() E:\11111111111111111111\Defogger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [522752 2014-05-06] ()
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [748736 2014-05-06] ()
HKLM-x32\...\Run: [fst_us_53] => "C:\Program Files (x86)\fst_us_53\fst_us_53.exe"
HKLM-x32\...\RunOnce: [upfst_us_53.exe] => C:\Users\jimbo\AppData\Local\fst_us_53\upfst_us_53.exe [3265024 2014-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Run: [Best Buy pc app] => C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Run: [perkda] => C:\Program Files (x86)\Perk Prize Panel\pdr.exe [221184 2014-04-14] ()
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2012-11-20] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Run: [BlockNSurf] => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe [104448 2014-05-06] (Revizer)
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\MountPoints2: {bf8ef63f-3886-11e1-b92a-74de2b181097} - E:\LapNetWizard.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-04-10] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-04-10] (Client Connect LTD)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.dotsowa ()
InternetURL: C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torconnectpaycom/1pNp5c4
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3300329991-2820599393-3356462390-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3300329991-2820599393-3356462390-1000] => http=127.0.0.1:14097;https=127.0.0.1:49167
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtAyByD0C0A0AzztBtAtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0CtCyE0BtAzz0CtG0AtB0DtDtG0AyD0DyCtG0ByEzzyEtGyBtD0EzytDtD0CtB0FyCtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtDyDyCtCtC0AtG0CtBtDtDtG0AyCyDyCtG0A0D0E0FtGtD0AtCtDyEyCtDtDzyyE0D0A2Q&cr=786219662&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtAyByD0C0A0AzztBtAtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0CtCyE0BtAzz0CtG0AtB0DtDtG0AyD0DyCtG0ByEzzyEtGyBtD0EzytDtD0CtB0FyCtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtDyDyCtCtC0AtG0CtBtDtDtG0AyCyDyCtG0A0D0E0FtGtD0AtCtDyEyCtDtDzyyE0D0A2Q&cr=786219662&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtAyByD0C0A0AzztBtAtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0CtCyE0BtAzz0CtG0AtB0DtDtG0AyD0DyCtG0ByEzzyEtGyBtD0EzytDtD0CtB0FyCtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtDyDyCtCtC0AtG0CtBtDtDtG0AyCyDyCtG0A0D0E0FtGtD0AtCtDyEyCtDtDzyyE0D0A2Q&cr=786219662&ir=
HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3300329991-2820599393-3356462390-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtAyByD0C0A0AzztBtAtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0CtCyE0BtAzz0CtG0AtB0DtDtG0AyD0DyCtG0ByEzzyEtGyBtD0EzytDtD0CtB0FyCtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtDyDyCtCtC0AtG0CtBtDtDtG0AyCyDyCtG0A0D0E0FtGtD0AtCtDyEyCtDtDzyyE0D0A2Q&cr=786219662&ir=
SearchScopes: HKU\S-1-5-21-3300329991-2820599393-3356462390-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtAyByD0C0A0AzztBtAtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0CtCyE0BtAzz0CtG0AtB0DtDtG0AyD0DyCtG0ByEzzyEtGyBtD0EzytDtD0CtB0FyCtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCtDyDyCtCtC0AtG0CtBtDtDtG0AyCyDyCtG0A0D0E0FtGtD0AtCtDyEyCtDtDzyyE0D0A2Q&cr=786219662&ir=
SearchScopes: HKU\S-1-5-21-3300329991-2820599393-3356462390-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3317458&octid=EB_ORIGINAL_CTID&ISID=M87D4C0DE-93E0-4D2F-9827-4D5525112467&SearchSource=58&CUI=&UM=5&UP=SP37758B00-2A0D-4C1A-96A3-CCF896EF9EF6&q={searchTerms}&SSPV=213DCC_sp_ie
BHO: Plus-HD-9.3 -> {11111111-1111-1111-1111-110511301198} -> C:\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-bho64.dll [2014-05-06] (Plus HD)
BHO: ConvertFilesforFree -> {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -> C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll [2014-01-28] (Convert Files for Free)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: 2rs3 -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files (x86)\SupraSavings\2rs3.dll [2014-03-21] ()
BHO-x32: Plus-HD-9.3 -> {11111111-1111-1111-1111-110511301198} -> C:\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-bho.dll [2014-05-06] (Plus HD)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03] (Adobe Systems Incorporated)
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll [2014-04-14] ()
BHO-x32: ConvertFilesforFree -> {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -> C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll [2014-01-28] (Convert Files for Free)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: webget -> {dc264a72-fa75-4948-b881-ea8eff8e5dd2} -> C:\Program Files (x86)\webget\webgetbho.dll [2014-05-06] (webget)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{25FCCB87-277C-4DA4-8480-07A0F3FD4BE9}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{2D12189E-15B6-4146-BB1E-ED320E63BED4}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{D19F69BA-4E4B-4299-90F5-1FCEF457AF50}: [NameServer] 184.172.114.130,208.43.110.90

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-06-30] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-10-05] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-06-30] (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF
FF Extension: No Name - C:\Program Files (x86)\Perk Prize Panel\FF [2014-05-06]
FF HKU\S-1-5-21-3300329991-2820599393-3356462390-1000\...\Firefox\Extensions: [{5083AF0A-1AF1-9CDC-CFAD-830DF3E9D526}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi

Chrome:
=======
CHR Profile: C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25]
CHR Extension: (Google Docs) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
CHR Extension: (Google Drive) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-25]
CHR Extension: (YouTube) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-25]
CHR Extension: (Google Search) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-25]
CHR Extension: (Google Sheets) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-25]
CHR Extension: (No Name) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-25]
CHR Extension: (Gmail) - C:\Users\jimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlockAndSurf; C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfKF161.exe [144896 2014-05-06] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-04-10] (Client Connect LTD)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-01-28] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848 2014-05-06] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
R2 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [316696 2014-05-06] ()
R2 vosr; C:\Users\jimbo\AppData\Roaming\VOPackage\VOsrv.exe [52736 2014-05-06] () [File not signed] <==== ATTENTION <==== ATTENTION
R2 vxlsnyaiet64; C:\Program Files\003\vxlsnyaiet64.exe [706560 2014-05-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 08:58 - 2015-03-20 08:58 - 00000000 ____D () C:\FRST
2015-03-20 08:57 - 2015-03-20 08:57 - 00000000 _____ () C:\Users\jimbo\defogger_reenable
2015-03-20 08:18 - 2015-03-20 08:55 - 00001350 _____ () C:\Users\jimbo\Desktop\Clean Registry for Free!.lnk
2015-03-20 08:18 - 2015-03-20 08:18 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\PC Speed Maximizer
2015-03-17 20:08 - 2015-03-17 20:08 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\WeatherBug
2015-03-17 20:08 - 2015-03-17 20:08 - 00000000 ____D () C:\Users\jimbo\AppData\Local\WeatherBug
2015-03-17 20:08 - 2015-03-17 20:08 - 00000000 ____D () C:\Users\jimbo\AppData\Local\SearchProtect
2015-03-17 20:08 - 2015-03-17 20:08 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-26 13:39 - 2015-02-26 17:10 - 03148854 _____ () C:\Users\jimbo\Documents\!Decrypt-All-Files-dotsowa.bmp
2015-02-26 13:39 - 2015-02-26 17:10 - 00001266 _____ () C:\Users\jimbo\Documents\!Decrypt-All-Files-dotsowa.txt
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser\AppData\Local\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser\AppData\Local\Apps\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser\AppData\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser.jimbo-PC\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser.jimbo-PC\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser.jimbo-PC\AppData\Local\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\scanuser.jimbo-PC\AppData\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\jimbo\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\jimbo\Desktop\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00008630 _____ () C:\HELP_DECRYPT.HTML
2015-02-26 13:15 - 2015-02-26 13:15 - 00004258 _____ () C:\Users\HELP_DECRYPT.TXT
2015-02-26 13:15 - 2015-02-26 13:15 - 00004258 _____ () C:\HELP_DECRYPT.TXT
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser\AppData\Roaming\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser\AppData\Local\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser\AppData\Local\Apps\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser\AppData\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser.jimbo-PC\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser.jimbo-PC\AppData\Roaming\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser.jimbo-PC\AppData\Local\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\scanuser.jimbo-PC\AppData\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\jimbo\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\jimbo\Desktop\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-26 13:15 - 2015-02-26 13:15 - 00000292 _____ () C:\HELP_DECRYPT.URL
2015-02-26 12:55 - 2015-02-26 13:40 - 02530805 _____ () C:\ProgramData\vjpaaaa.html
2015-02-25 19:46 - 2015-02-25 19:46 - 00023483 _____ () C:\Users\jimbo\Desktop\Office Depot Work Order 0062011602443 Ticket 28866516 Receipt.mht
2015-02-25 15:36 - 2015-03-17 20:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 15:36 - 2015-02-25 15:38 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Google
2015-02-25 13:32 - 2015-02-25 13:32 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Malwarebytes
2015-02-25 13:32 - 2015-02-25 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 13:26 - 2015-02-25 13:26 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-25 08:08 - 2015-03-17 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools
2015-02-25 08:08 - 2015-03-17 19:57 - 00000000 ____D () C:\Program Files (x86)\smartmontools
2015-02-24 07:26 - 2015-03-17 19:57 - 00000000 ____D () C:\Program Files (x86)\officedepot_stk_sop
2015-02-24 07:26 - 2015-02-24 07:26 - 00000000 ____D () C:\ProgramData\support.com
2015-02-23 12:03 - 2015-02-26 13:31 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\UpdSysDrv32Xz32
2015-02-22 10:25 - 2015-02-23 13:16 - 00000199 _____ () C:\ProgramData\5DR4A7.dat
2015-02-22 10:23 - 2015-02-22 10:23 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-02-22 10:23 - 2015-02-22 10:23 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-02-22 10:23 - 2015-02-22 10:23 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-02-22 10:23 - 2015-02-22 10:23 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-02-22 10:23 - 2015-02-22 10:23 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-22 10:22 - 2015-02-24 08:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-02-22 10:22 - 2015-02-24 08:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-02-21 13:18 - 2015-03-17 19:14 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\supportdotcom
2015-02-20 17:47 - 2015-02-24 08:13 - 00000000 ____D () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 08:58 - 2011-09-14 20:16 - 01376724 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 08:57 - 2014-05-06 19:57 - 00000424 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2015-03-20 08:57 - 2014-05-06 19:57 - 00000000 ____D () C:\Users\jimbo\AppData\Local\fst_us_53
2015-03-20 08:57 - 2014-05-06 19:56 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2015-03-20 08:57 - 2011-10-17 16:39 - 00000000 ____D () C:\Users\jimbo
2015-03-20 08:56 - 2014-05-06 19:55 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-20 08:55 - 2014-05-06 19:57 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2015-03-20 08:55 - 2014-05-06 19:38 - 00003248 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2015-03-20 08:55 - 2014-05-06 19:37 - 00001450 _____ () C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-5.job
2015-03-20 08:54 - 2014-05-06 19:57 - 00000404 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2015-03-20 08:54 - 2014-05-06 19:37 - 00003112 _____ () C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-3.job
2015-03-20 08:54 - 2014-05-06 19:37 - 00002158 _____ () C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-4.job
2015-03-20 08:54 - 2014-05-06 19:37 - 00001362 _____ () C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-2.job
2015-03-20 08:54 - 2014-05-06 19:37 - 00001362 _____ () C:\Windows\Tasks\a5484598-527e-4337-aed0-ae0a1d60296a-1.job
2015-03-20 08:54 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 08:54 - 2009-07-13 21:51 - 00110600 _____ () C:\Windows\setupact.log
2015-03-20 08:29 - 2009-07-13 22:13 - 00727182 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 08:27 - 2014-05-06 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 08:25 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 08:25 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 16:49 - 2014-05-06 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today
2015-03-19 16:49 - 2014-05-06 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2015-03-19 16:49 - 2014-05-06 19:57 - 00000000 ____D () C:\Program Files (x86)\fst_us_53
2015-03-19 16:49 - 2014-05-06 19:57 - 00000000 ____D () C:\Program Files (x86)\BlockAndSurf-soft
2015-03-19 16:49 - 2014-05-06 19:57 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2015-03-19 16:49 - 2014-05-06 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2015-03-19 16:49 - 2014-05-06 19:56 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2015-03-19 16:49 - 2014-05-06 19:56 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2015-03-19 16:49 - 2014-05-06 19:56 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2015-03-19 16:49 - 2014-05-06 19:56 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2015-03-19 16:49 - 2014-05-06 19:55 - 00000000 ____D () C:\Program Files (x86)\webget
2015-03-19 16:49 - 2014-05-06 19:55 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2015-03-19 16:49 - 2014-05-06 19:36 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-9.3
2015-03-19 16:49 - 2014-05-06 19:35 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2015-03-19 16:49 - 2014-05-06 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2015-03-19 16:49 - 2014-05-06 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
2015-03-19 16:49 - 2014-05-06 19:33 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2015-03-19 16:49 - 2014-05-06 19:33 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2015-03-19 16:49 - 2014-05-06 19:32 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-03-19 16:49 - 2014-05-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Social Privacy  DNS
2015-03-19 16:49 - 2014-05-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Perk Prize Panel
2015-03-19 16:49 - 2011-08-18 08:25 - 00000000 ____D () C:\ProgramData\BackupManager
2015-03-19 16:49 - 2011-08-18 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-19 16:49 - 2011-08-18 08:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-19 16:48 - 2014-05-06 19:57 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Mobogenie
2015-03-19 16:48 - 2014-05-06 19:56 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Systweak
2015-03-19 16:48 - 2014-05-06 19:56 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2015-03-19 16:48 - 2014-05-06 19:55 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\mysearchdial
2015-03-19 16:48 - 2014-05-06 19:45 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
2015-03-19 16:48 - 2014-05-06 19:44 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\VOPackage
2015-03-19 16:48 - 2014-05-06 19:44 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-03-19 16:48 - 2014-05-06 19:39 - 00000000 ____D () C:\Users\jimbo\AppData\Local\VisualBeeClient
2015-03-19 16:48 - 2014-05-06 19:38 - 00000000 ____D () C:\Users\jimbo\AppData\Local\VisualBeeExe
2015-03-19 16:48 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-19 16:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-19 16:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-19 16:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-17 20:07 - 2014-05-06 19:56 - 00000284 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2015-03-17 20:07 - 2014-05-06 19:56 - 00000276 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2015-03-17 20:00 - 2012-07-26 08:59 - 00000000 ____D () C:\Users\scanuser.jimbo-PC
2015-03-17 20:00 - 2012-07-25 16:24 - 00000000 ____D () C:\Users\scanuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2015-03-17 19:59 - 2014-05-06 19:35 - 00000000 ____D () C:\Program Files\SupraSavings
2015-03-17 19:57 - 2014-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-03-17 19:57 - 2014-05-06 19:55 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-03-17 19:57 - 2014-05-06 19:45 - 00000000 ____D () C:\Program Files (x86)\AWS
2015-03-17 19:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-03-17 19:13 - 2012-07-25 16:23 - 00000000 ____D () C:\Users\scanuser\AppData\Local\Apps\2.0
2015-03-17 19:13 - 2012-07-12 19:46 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Skype
2015-03-17 19:13 - 2011-10-27 20:03 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\SoftGrid Client
2015-03-17 19:13 - 2011-10-17 16:48 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Adobe
2015-03-17 19:06 - 2012-11-15 17:42 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Microsoft Games
2015-03-17 19:06 - 2011-11-17 16:35 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-03-17 19:06 - 2011-08-18 08:29 - 00000000 ____D () C:\ProgramData\Gateway
2015-03-17 19:05 - 2011-08-18 08:23 - 00000000 ____D () C:\Program Files (x86)\Social Networks
2015-03-17 19:04 - 2011-11-17 16:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-17 19:03 - 2011-08-18 08:55 - 00000000 ___HD () C:\OEM
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser\AppData\Roaming\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser\AppData\Local\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser\AppData\Local\Apps\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser\AppData\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser.jimbo-PC\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser.jimbo-PC\AppData\Roaming\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser.jimbo-PC\AppData\Local\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\scanuser.jimbo-PC\AppData\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\jimbo\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:15 - 2013-06-09 09:02 - 00001392 _____ () C:\Users\jimbo\Desktop\HELP_DECRYPT.TXT.dotsowa
2015-02-26 13:08 - 2014-05-18 18:05 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Skype
2015-02-26 13:07 - 2011-11-17 16:36 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Apple Computer
2015-02-26 13:07 - 2011-10-19 16:54 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\CyberLink
2015-02-26 13:07 - 2011-10-19 16:01 - 00000000 ____D () C:\Users\jimbo\sitebuilder
2015-02-26 13:06 - 2013-12-23 22:15 - 00000000 ____D () C:\Users\jimbo\Documents\CyberLink
2015-02-26 13:05 - 2011-11-17 16:36 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Apple Computer
2015-02-26 12:59 - 2014-12-31 14:47 - 00000000 ____D () C:\ProgramData\Leapfrog
2015-02-26 12:49 - 2015-02-01 19:12 - 00001392 _____ () C:\Users\jimbo\Downloads\HELP_DECRYPT.TXT.dotsowa
2015-02-26 12:49 - 2015-02-01 19:00 - 00008630 _____ () C:\Users\jimbo\Downloads\HELP_DECRYPT.HTML
2015-02-26 12:49 - 2015-02-01 19:00 - 00000292 _____ () C:\Users\jimbo\Downloads\HELP_DECRYPT.URL
2015-02-26 12:49 - 2011-09-14 20:15 - 00000000 ____D () C:\book
2015-02-26 12:48 - 2015-02-01 19:12 - 00001392 _____ () C:\Users\jimbo\Documents\HELP_DECRYPT.TXT.dotsowa
2015-02-26 12:48 - 2015-02-01 18:59 - 00008630 _____ () C:\Users\jimbo\Documents\HELP_DECRYPT.HTML
2015-02-26 12:48 - 2015-02-01 18:59 - 00000292 _____ () C:\Users\jimbo\Documents\HELP_DECRYPT.URL
2015-02-25 15:36 - 2011-10-17 16:41 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Deployment
2015-02-25 13:31 - 2015-02-01 19:12 - 00204336 _____ () C:\TDSSKiller.3.0.0.44_25.02.2015_12.29.30_log.TXT.dotsowa
2015-02-25 13:26 - 2015-02-01 19:12 - 00209520 _____ () C:\TDSSKiller.3.0.0.44_25.02.2015_12.09.16_log.TXT.dotsowa
2015-02-24 09:51 - 2011-10-19 17:00 - 00000000 ____D () C:\Users\jimbo\AppData\Local\CrashDumps
2015-02-24 07:43 - 2015-02-01 19:04 - 00000000 ____D () C:\Users\jimbo\AppData\Roaming\Local Store
2015-02-24 07:43 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-23 17:30 - 2011-10-17 16:41 - 00000000 ____D () C:\Users\jimbo\AppData\Local\Apps\2.0
2015-02-23 17:30 - 2011-10-17 16:39 - 00062408 _____ () C:\Users\jimbo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 13:18 - 2012-07-26 08:59 - 00062408 _____ () C:\Users\scanuser.jimbo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 13:18 - 2012-07-25 16:23 - 00062408 _____ () C:\Users\scanuser\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 13:16 - 2015-02-01 19:12 - 00692896 _____ () C:\Users\jimbo\Downloads\april sound lot.JPEG.dotsowa
2015-02-23 13:16 - 2015-02-01 19:12 - 00067984 _____ () C:\Users\jimbo\Downloads\image.JPEG.dotsowa
2015-02-23 13:16 - 2015-02-01 19:12 - 00067424 _____ () C:\Users\jimbo\Downloads\image (1).JPEG.dotsowa
2015-02-23 13:09 - 2013-09-26 22:33 - 01512054 _____ () C:\Users\jimbo\Downloads\jiimmie.bmp
2015-02-23 12:29 - 2015-02-01 19:12 - 01637968 _____ () C:\Users\jimbo\Downloads\2013-06-15 23.00.14.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01633472 _____ () C:\Users\jimbo\Downloads\2013-06-13 14.30.04.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01570208 _____ () C:\Users\jimbo\Documents\ju043.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01563168 _____ () C:\Users\jimbo\Downloads\2012-12-04 13.19.03.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01563168 _____ () C:\Users\jimbo\Downloads\2012-12-04 13.19.03 (1).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01543088 _____ () C:\Users\jimbo\Downloads\benz 2.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01529072 _____ () C:\Users\jimbo\Downloads\2012-12-04 13.09.53.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01486832 _____ () C:\Users\jimbo\Downloads\2012-12-04 13.09.50.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01474176 _____ () C:\Users\jimbo\Downloads\2013-06-15 22.58.55.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01458400 _____ () C:\Users\jimbo\Downloads\2012-12-06 14.08.47.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01448848 _____ () C:\Users\jimbo\Downloads\2012-12-02 13.31.16 (1).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01415264 _____ () C:\Users\jimbo\Downloads\2012-12-02 13.42.23.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 01409168 _____ () C:\Users\jimbo\Downloads\benz 1.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00927088 _____ () C:\Users\jimbo\Downloads\P1010335.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00216144 _____ () C:\Users\jimbo\Downloads\IMG_6096.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00113040 _____ () C:\Users\jimbo\Downloads\2012-11-16 09.09.21.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00105008 _____ () C:\Users\jimbo\Downloads\2012-09-22 10.33.59.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00103312 _____ () C:\Users\jimbo\Downloads\2012-11-16 09.26.47.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00102608 _____ () C:\Users\jimbo\Downloads\2012-11-28 10.29.35.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00102608 _____ () C:\Users\jimbo\Downloads\2012-11-28 10.29.35 (1).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00102256 _____ () C:\Users\jimbo\Downloads\2012-09-22 16.18.16.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00102016 _____ () C:\Users\jimbo\Downloads\2012-09-22 16.18.20.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00099360 _____ () C:\Users\jimbo\Downloads\2012-11-21 10.12.34 (1).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00098512 _____ () C:\Users\jimbo\Downloads\2012-11-25 14.30.45.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00098480 _____ () C:\Users\jimbo\Downloads\2012-11-21 10.10.37.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00098400 _____ () C:\Users\jimbo\Downloads\2012-09-25 09.52.50.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00098352 _____ () C:\Users\jimbo\Downloads\2012-11-25 11.24.26.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00098096 _____ () C:\Users\jimbo\Downloads\2012-10-26 17.50.44.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00097168 _____ () C:\Users\jimbo\Downloads\2012-11-22 12.33.27 (1).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00087296 _____ () C:\Users\jimbo\Downloads\2012-11-22 12.33.33.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00072416 _____ () C:\Users\jimbo\Downloads\2011-07-27 20.33.36.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00068896 _____ () C:\Users\jimbo\Downloads\2011-07-27 19.43.14.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00050160 _____ () C:\Users\jimbo\Downloads\125.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00049168 _____ () C:\Users\jimbo\Downloads\photo (6).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00047280 _____ () C:\Users\jimbo\Downloads\photo (4).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00046576 _____ () C:\Users\jimbo\Downloads\mosh nikolie.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00043536 _____ () C:\Users\jimbo\Downloads\photo (1).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00042240 _____ () C:\Users\jimbo\Downloads\photo (3).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00042032 _____ () C:\Users\jimbo\Downloads\photo (7).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00037136 _____ () C:\Users\jimbo\Downloads\5889_1205979585252_1101520136_30650803_2303811_n.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00033808 _____ () C:\Users\jimbo\Downloads\photo (2).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00033024 _____ () C:\Users\jimbo\Downloads\photo (5).JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00028256 _____ () C:\Users\jimbo\Downloads\photo.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00019728 _____ () C:\Users\jimbo\Downloads\imagejpeg_2.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00018944 ___SH () C:\Users\jimbo\Downloads\Folder.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00017584 _____ () C:\Users\jimbo\Downloads\01102011108.JPG.dotsowa
2015-02-23 12:29 - 2015-02-01 19:12 - 00004832 ___SH () C:\Users\jimbo\Downloads\AlbumArtSmall.JPG.dotsowa
2015-02-21 16:20 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2014-05-06 19:49 - 2014-05-06 20:03 - 0000318 _____ () C:\Users\jimbo\AppData\Roaming\aps.uninstall.scan.results
2015-02-01 18:57 - 2015-02-01 18:57 - 0008658 _____ () C:\Users\jimbo\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-01 18:57 - 2015-02-23 12:59 - 0045821 _____ () C:\Users\jimbo\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-01 19:12 - 2015-02-01 18:57 - 0001392 _____ () C:\Users\jimbo\AppData\Roaming\HELP_DECRYPT.TXT.dotsowa
2015-02-01 18:57 - 2015-02-01 18:57 - 0000304 _____ () C:\Users\jimbo\AppData\Roaming\HELP_DECRYPT.URL
2014-05-06 19:55 - 2014-05-06 15:02 - 1727775 _____ (AnyProtect.com) C:\Users\jimbo\AppData\Local\AnyProtectScannerSetup.exe
2015-02-01 18:57 - 2015-02-01 18:57 - 0008658 _____ () C:\Users\jimbo\AppData\Local\HELP_DECRYPT.HTML
2015-02-01 18:57 - 2015-02-23 12:57 - 0045821 _____ () C:\Users\jimbo\AppData\Local\HELP_DECRYPT.PNG
2015-02-01 19:12 - 2015-02-01 18:57 - 0001392 _____ () C:\Users\jimbo\AppData\Local\HELP_DECRYPT.TXT.dotsowa
2015-02-01 18:57 - 2015-02-01 18:57 - 0000304 _____ () C:\Users\jimbo\AppData\Local\HELP_DECRYPT.URL
2014-05-06 19:44 - 2014-05-06 19:44 - 1745440 _____ (AnyProtect.com) C:\Users\jimbo\AppData\Local\nsz12E2.tmp
2012-07-25 15:53 - 2012-07-25 15:53 - 0000017 _____ () C:\Users\jimbo\AppData\Local\resmon.resmoncfg
2015-02-22 10:25 - 2015-02-23 13:16 - 0000199 _____ () C:\ProgramData\5DR4A7.dat
2015-02-01 18:55 - 2015-02-01 18:55 - 0008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-01 18:55 - 2015-02-23 12:57 - 0045821 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-01 19:12 - 2015-02-01 18:55 - 0001392 _____ () C:\ProgramData\HELP_DECRYPT.TXT.dotsowa
2015-02-01 18:55 - 2015-02-01 18:55 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-26 12:55 - 2015-02-26 13:40 - 2530805 _____ () C:\ProgramData\vjpaaaa.html

Files to move or delete:
====================
C:\ProgramData\5DR4A7.dat


Some content of TEMP:
====================
C:\Users\jimbo\AppData\Local\Temp\COMAP.EXE
C:\Users\jimbo\AppData\Local\Temp\file_157154.exe
C:\Users\jimbo\AppData\Local\Temp\file_3764020663.exe
C:\Users\jimbo\AppData\Local\Temp\helper.exe
C:\Users\jimbo\AppData\Local\Temp\nsp8DE3.exe
C:\Users\jimbo\AppData\Local\Temp\nspC0C7.exe
C:\Users\jimbo\AppData\Local\Temp\SendMsg.dll
C:\Users\jimbo\AppData\Local\Temp\setup.exe
C:\Users\jimbo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\jimbo\AppData\Local\Temp\System.Data.SQLite35100.dll
C:\Users\jimbo\AppData\Local\Temp\vbmz10.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 08:50

==================== End Of Log ============================

schrauber 20.03.2015 22:06
Hi,

Geht das genauer? Was bedeutet nicht zugreifen koennen?

soxx22 20.03.2015 22:37
Code:
What happened to your files?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.
More information about the encryption keys using RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work
with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
--------------------------------------------------------------------------------
1.hxxp://paytoc4gtpn5czl2.torconnectpaycom/1xxxxx4
2.hxxp://paytoc4gtpn5czl2.torwalletpaycom/1xxxxx4
3.hxxp://paytoc4gtpn5czl2.walterwhitepaycom/1pxxxx4
4.hxxp://paytoc4gtpn5czl2.rossulbrichtpaycom/1pxxxxxx4


If for some reasons the addresses are not available, follow these steps:
--------------------------------------------------------------------------------
1. Download and install tor-browser: hxxp://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: paytoc4gtpn5czl2.xxx
4. Follow the instructions on the site.


IMPORTANT INFORMATION:
Your Personal PAGE: hxxp://paytoc4gtpn5czl2xxx
Your Personal PAGE(using TOR): xxxxxn/1pNp5c4
Your personal code (if you open the site (or TOR 's) directly): 1xxxxc4
alle meine daten wurden umbenannt in eine datei endung "dotsowa"
z.b urlaubsfoto.jpg.dotsowa

schrauber 21.03.2015 11:28
Deine Daten wurden von der Infektion Cryptolocker 3 verschlüsselt. Keine Chance zum Wiederherstellen:

After a brief hiatus malware developers release CryptoWall 3.0 - News

Und der Rechner ist auch noch zusätzlich total verseucht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131